TACACS Authentication on WCS6.0

Unanswered Question
Jul 2nd, 2009

Hi,

I've configured WCS6.0 to authenticate the useres against the Cisco ACS.

I've assigned all tasks from "root"-group to my user profile on the ACS, so I should have the sames rights as the local root-user.

Now, when I try to view the audit-report I get

"Permission Denied

You do not have privileges for the requested operation."

Does anyone know the reason for this?

BTW: Same happens when I try to open "AP Timers" under the Confgure->Controllers dialog.

Regards Dirk

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Lucien Avramov Fri, 07/03/2009 - 18:32

Make sure you are using root for the virtual domain on the upper right corner of WCS. If your roles in ACS are configured right, it should work.

Dirk Woellhaf Mon, 07/06/2009 - 02:49

Just using the Root-Domain, no other domains configured.

Copied the properties of the root-group exactly to the ACS configuration.

regards

Lucien Avramov Mon, 07/06/2009 - 23:29

There must be something wrong either on the WCS or ACS config.

If you feel the configuration you made is exactly step by step following :

http://www.cisco.com/en/US/docs/wireless/wcs/6.0/configuration/guide/6_0manag.html#wp1097777

AND

http://www.cisco.com/en/US/docs/wireless/wcs/6.0/configuration/guide/6_0admin.html#wpxref67416

Then open a TAC case. Usually the errors come from not configuring the virtual domains correctly, or misconfiguration on the ACS. At this point there are no bugs with WCS 6.0 and the integration with ACS.

Also, ACS 4.2 is the higher supported version. ACS express 5 neither ACS 5 are supported.

Dirk Woellhaf Tue, 07/07/2009 - 04:48

Hi,

did it exactly as specified in the documents.

Still the same error. Nothing in the error-log on the ACS.

Using ACS 4.1.(4) Build 13 Patch 11

Any ideas?

c.yeo Mon, 07/20/2009 - 09:44

I'm trying to use TACACS in our WCS/WLCs to authenticate to our ACS 5 server with no luck either. I can't find any step-by-step docs anywhere. We upgraded the WCS to verison 6.0.132.0 in hopes this would help, but we are still stuck.

Also tried upgrading the WLCs to 6.0.182.0 with no better luck.

I get errors like this in the WLC logs:

Jul 20 17:05:39.928: %EMWEB-1-LOGIN_FAILED: ews_auth.c:2106 Login failed. User:xxxxx Service-Type is not present or it doesn't allow READ/WRITE permission

Any ideas?

Actions

This Discussion

 

 

Trending Topics - Security & Network