Lobby Admin account in WLC

Unanswered Question
Jul 14th, 2009

I'm trying to create a lobby admin account on my WLC, easy enough I go to Management>Local Management Users> Create the user and assign him as a Lobby Admin. However, when I attempt to login as that lobby admin I am never allowed in, it just wont let me login as that user. If I look at the WLC logs it reads: Jul 14 16:10:29.282 ews_auth.c:1968 EMWEB-1-LOGIN_FAILED: Login failed. User:nicolasmin. Service-Type is not present or it doesn't allow READ/WRITE permission..

Does anyone know what that means and how I could fix it?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Scott Fella Tue, 07/14/2009 - 19:19

Do you have radius configured and is management checked. Seems like it is hitting a radius server.

rochoa8aeg Wed, 07/15/2009 - 18:01

Yes I have radius configured but it is only authenticating wireless clients. I have a number of Lobby Admins created and all can log in to the same controller without issue it just doesnt seem to like this name, even if I create a test account it works.

mat.edwards Wed, 07/15/2009 - 04:15

When you created the account did you select 'User Access Mode' as Lobby Admin? Even if you didn't should still log you in just worth checking.

Try to create a different account and test that.

What version of code are you running?

rochoa8aeg Wed, 07/15/2009 - 18:04

I'm running code 4.2.130, and I have a handful of other Lobby Admin accounts created who can log on with no issue.

Yes when I created the account I did select the option in the drop-down box which elects the user as a Lobby Admin.

jicr Thu, 07/16/2009 - 21:14

Do u have a TACACS server configured and TACACS is the primary database for management authentication????

Then make the priority as local then TACACS. It should work

ja raju Mon, 02/28/2011 - 23:50

Hi guys,

I'm having a similar issue. I created a lobby admin account but i'm not able to login using that account.

Error message:

*emWeb: Mar 01 14:56:33.179: %EMWEB-1-LOGIN_FAILED: ews_auth.c:2104 Login failed for the user:lobby. Service-Type is not present or it doesn't allow READ/WRITE permission..

My settings for SECURITY > Priority Order > Management User is RADIUS on top and LOCAL at the bottom. Would switching LOCAL to the top resolve the issue?

Scott Fella Tue, 03/01/2011 - 04:27

If your authenticating using a local account created on the WLC, then local should be priority or on the top of the list. Is you are using radius for local management, then you would need to keep radius on the top of the list and create another policy in radius for lobby admin. Lobby admin uses a different service type than management users.

Sent from Cisco Technical Support iPhone App


This Discussion



Trending Topics - Security & Network