- Silver, 250 points or more
I'm trying to setup TACACS+ a WLC (v188.8.131.52), to a v5.1 ACS. I've got all the ACS policies setup for integration with AD, Group Mapping, etc... and that all works fine, the problem is that the 'Shell Profile' and/or 'Command Set' I'm using doesn't suitably authorise the user, and so the WLC doesn't let them on... A success / access-accept message is generated and transmitted, but as far as the WLC is concerned it doesn't contain the necessary rights, so the admin doesn't get on.
I am aware of the requirements and how to create this in ACS 4.x, but 5.1 is a different beast and I can't find the necessary bits in the ACS 5.1 GUI to create the config.
Does anybody know how to create the equivalent configuration in ACS 5.1?
Basically need to work out how to do this;
Service = ciscowlc, Protocol = common
Any help, much appreciated!!
The shell profile for the different wcs roles works - thanks a lot for your help!
Even the shell profile for my WLCs works with role1=ALL. I also confirmed it with role1=WLAN.
You seem to use role=ALL, maybe you should give role1=ALL a try?
I'm trying the same thing for my WLCs and I would also like to do my WCS authentication and authorization via ACS 5.1 (for admin and lobby ambassador access)
I also know how to configure ACS 4.2 to hand out the custom attributes ("Interface Configuration" --> "TACACS+ (Cisco)" --> "New Services" ciscowlc/common for the WLCs and Wireless-WCS/HTTP for WCS. Appropriate roleX=Y strings in the group settings), but have no clue how do the same thing with ACS 5.1.
Any ideas anyone?