Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

TACACS+ Issue with WLC 5508 & ACS 5.1

Hi

I am trying to implement TACACS authentication against our internal database on the ACS 5.1 for access to our wlc 5508. I have configured the WLC 5508 to use the TACACS which is configured to point our ACS. In the ACS I have configured the relevant shell profile such as Role1, Mandatory & ALL.

When looking into the ACS log it actually shows you that the TACACS access was passed. But when I have tried to login it comes back to the same login box.

I have attached a screen shot of the ACS log.

Any ideas?

8 REPLIES
New Member

TACACS+ Issue with WLC 5508 & ACS 5.1

Forgot to mention the ACS version 5.1.0.11 & the WLC 5508 is 7-0-220-0

Gold

TACACS+ Issue with WLC 5508 & ACS 5.1

Have you installed any patches for ACS 5.1 or are you on the base release

There were in total 6 cumulative patches for ACS 5.1 and at least some of these were applicable to TACACS+ and WLC

I don't remember them all off the top of my head and the release is a bit old but may include the following:

CSCtd24949 - Tacacs authorization failure when authen_type=0

CSCte81150 - ACS 5.x reports key mismatch for unknown authen type

CSCte70900 - ACS 5.1 rejects AP to join WDS domain by "LEAP packet validation failed"

CSCte16911 - ACS 5 doesn't support the PPP tacacs service type for authentication

Not sure I have pointed to a specific oen but I do strongly recommend installing patch 6 for ACS 5.1. Can be downloaded from CCO

New Member

TACACS+ Issue with WLC 5508 & ACS 5.1

Sorry My mistake. The version on the ACS is 5-1-0-44-6

Cisco Employee

TACACS+ Issue with WLC 5508 & ACS 5.1

Please post a screenshot of your shell profile. Authentication can pass but if the right attributes are not sent precisely, then nothing will happen on WLC.

New Member

TACACS+ Issue with WLC 5508 & ACS 5.1

New Member

Re: TACACS+ Issue with WLC 5508 & ACS 5.1

It turns out that the attribute entry that I entered had space characters in it which are there by default. This seems to be an undocumented bug. When you enter role1, mandatory then ALL. The ALL field has spaces in it which must be deleted first before entering your command.

New Member

TACACS+ Issue with WLC 5508 & ACS 5.1

thanks for posting.  i had this issue as well.  there were 22 spaces in the "empty" valuse field that were appended to my entered value.  once removed, i was able to login.

New Member

TACACS+ Issue with WLC 5508 & ACS 5.1

Hi All,

I am facing the same issue. I removed blank spaces in the attribute filed but still facing the issues.

Any idea, what could be causing the issue??

thanks

Imran

2705
Views
0
Helpful
8
Replies
CreatePlease to create content