cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2762
Views
5
Helpful
13
Replies

tacacs.net with a WLC

bounser01
Level 1
Level 1

So we have been running tacacs.net for a while and I have all my granular control I need for Switches, Routers and ASAs but we want to add WLCs to the list of devices we are using this for. I know it has to do with <Services> section of the authorization config but I just can't nail down the commands. Here is what I have now and it Passes authorization on the tacacs.net side but the WLC is having issues with what tacacs.net actually sends it.

<Services>

<Service>

<Set>service=ciscowlc</Set>

<Set>protocol=common</Set>

<Set>role1=ALL</Set>

</Service>

</Services>

13 Replies 13

SDaniels1
Level 1
Level 1
Hi. I've just deployed Tacacs.net (great app). I'm trying to get this same part working too right now. No answer to this thread but did you manage to get this working anyhow and if so can you share the SERVICE section you used ? I have virtually what you posted here already. Many thanks and hope you can assist. Simon.

Unfortunately I never did make any progress on this. I am still using Radius to log into the WLC itself. I just set up NPS on the same server Im running Tacacs.net so I still consolidated but I still need radius for a couple things.

I've spent some time on debugging on the WLC to try to solve this.

Believe I have found the issue, but the fix I think would need to be done in the Tacacs.net code.

When this is working via ACS (4.2) the debug outlook looks like this:

*tplusTransportThread: Jun 25 11:42:28.042: author response body: status=1 arg_cnt=1 msg_len=0 data_len=0

*tplusTransportThread: Jun 25 11:42:28.042: arg[0] = [9][role1=ALL]

A non working go using Tacacs.net looks like this:

*tplusTransportThread: Jun 25 11:04:26.200: author response body: status=1 arg_cnt=2 msg_len=0 data_len=0

*tplusTransportThread: Jun 25 11:04:26.200: arg[0] = [15][protocol=common]

*tplusTransportThread: Jun 25 11:04:26.200: arg[1] = [10][role1=ALL?]

I've tried lots of modification on the service config, even adding the individual roles instead of ALL.

My theory is that the WLC expect a roleX attribute in the ARG[0] position.

Tacacs.net always puts protocol=common in that slot (even if you move it lower down).

If you don't specify protocol=common it does not get any args.

Oh Well ..... ill mail tacacs.net and see if they want to experiment and fix in a new release.

Regards,

 

Simon.

 

Hi Guys

I have the same problem did you get it sorted and if please give me your solution.

Thanks

HI again.

I've not done any more on this however I do note that Tacacs.net have just released a newer version of their app (v1.3.1).
We are running v1.3 here.

Unfortunately I cannot find a change log on their website so no idea what this new version has.

Bug-fixes I would guess so there is an outside chance it may address the issue I mention above .....

Once I get some time ill test the new version and let you know how I get on.

Hi,

 

I am from TACACS.net and wanted to give an update.

We are aware of the problem and a fix will be available soon (no ETA yet). We will prioritize it based on the demand and available resources.

We would love to hear from you and appreciate your inputs here: http://tacacs.uservoice.com

Thanks

Duleep

I have upgraded to the new 2.0.1 version that specified a WLC fix, but still a no go.  I have the same setup that @bounser01 originally posted.  Anyone have any luck getting a working configuration?

 

 

Stephen

Please open a ticket. Support team will look into it.

@duleep0011 I did but it was closed yesterday.  Ticket ID : 146.  Let me know if I should open another?

You can reopen the same and  provide the information Rob asked for.

 

Thanks

Stephen,

Did you get it working now? It is confirmed that the WLC is working for other users.

Thanks

danhed7400
Level 1
Level 1

im strucling with the same issue, im running tacacas.net v 1.3.1, has anyone found a solutions to this

 

 

 

 

duleep0011
Level 1
Level 1

All,

The WLC bug was fixed in the latest version (2.0.1).

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: