Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

FreeRADIUS authentication on WCS


I am trying to set up radius auth for mgmt users on our WCS. We use freeRADIUS.

At the moment the server logs are saying that a user is logged in and has passed back the necessary group tasks in the reply using Cisco-AVPair.

However the WCS reports that the user could not be logged in due to an invalid password and/or inadequate permissions.

Has anyone set up WCS against freeradius for authentication of the management users successfully?

I have noted CSCsj29057 but this is seemingly fixed.

I am running WCS



This is our permit list on teh RADIUS:

DEFAULT NAS-IP-Address == "", Auth-Type := LDAP

Cisco-AVPair += "Wireless-WCS:role0=Admin",

Cisco-AVPair += "Wireless-WCS:task0=Users and Groups",

Cisco-AVPair += "Wireless-WCS:task1=Audit Trails",

Cisco-AVPair += "Wireless-WCS:task2=TACACS+ Servers",

Cisco-AVPair += "Wireless-WCS:task3=RADIUS Servers",

Cisco-AVPair += "Wireless-WCS:task4=Logging",

Cisco-AVPair += "Wireless-WCS:task5=Licensing",

Cisco-AVPair += "Wireless-WCS:task6=Scheduled Tasks and Data Collection",

Cisco-AVPair += "Wireless-WCS:task7=User Preferences",

Cisco-AVPair += "Wireless-WCS:task8=System Settings",

Cisco-AVPair += "Wireless-WCS:task9=Diagnostic Information",

Cisco-AVPair += "Wireless-WCS:task10=View Alerts and Events",

Cisco-AVPair += "Wireless-WCS:task11=Email Notification",

Cisco-AVPair += "Wireless-WCS:task12=Delete and Clear Alerts",

Cisco-AVPair += "Wireless-WCS:task13=Pick and Unpick Alerts",

Cisco-AVPair += "Wireless-WCS:task14=Ack and Unack Alerts",

Cisco-AVPair += "Wireless-WCS:task15=Severity Configuration",

Cisco-AVPair += "Wireless-WCS:task16=Configure Controllers",

Cisco-AVPair += "Wireless-WCS:task17=Configure Templates",

Cisco-AVPair += "Wireless-WCS:task18=Configure Config Groups",

Cisco-AVPair += "Wireless-WCS:task19=Configure Access Points",

Cisco-AVPair += "Wireless-WCS:task20=Configure Access Point Templates",

Cisco-AVPair += "Wireless-WCS:task21=Migration Templates",

Cisco-AVPair += "Wireless-WCS:task22=Configure Choke Points",

Cisco-AVPair += "Wireless-WCS:task23=Configure Spectrum Experts",

Cisco-AVPair += "Wireless-WCS:task24=Monitor Controllers",

Cisco-AVPair += "Wireless-WCS:task25=Monitor Access Points",

Cisco-AVPair += "Wireless-WCS:task26=Monitor Clients",

Cisco-AVPair += "Wireless-WCS:task27=Monitor Tags",

Cisco-AVPair += "Wireless-WCS:task28=Monitor Security",

Cisco-AVPair += "Wireless-WCS:task29=Monitor Chokepoints",

Cisco-AVPair += "Wireless-WCS:task30=Monitor Spectrum Experts",

Cisco-AVPair += "Wireless-WCS:task31=Interferers Search",

Cisco-AVPair += "Wireless-WCS:task32=Access Point Reports",

Cisco-AVPair += "Wireless-WCS:task33=Mesh Reports",

Cisco-AVPair += "Wireless-WCS:task34=Client Reports",

Cisco-AVPair += "Wireless-WCS:task35=Inventory Reports",

Cisco-AVPair += "Wireless-WCS:task36=Performance Reports",

Cisco-AVPair += "Wireless-WCS:task37=Security Reports",

Cisco-AVPair += "Wireless-WCS:task38=Audit Reports",

Cisco-AVPair += "Wireless-WCS:task39=Maps Read Only",

Cisco-AVPair += "Wireless-WCS:task40=Maps Read Write",

Cisco-AVPair += "Wireless-WCS:task41=Client Location",

Cisco-AVPair += "Wireless-WCS:task42=Rogue Location",

Cisco-AVPair += "Wireless-WCS:task43=Planning Mode",

Fall-Through = no

New Member

Re: FreeRADIUS authentication on WCS

We're running WCS 6.0 here. This seems to work. This is attached to a user config instead of a default.

"User Defined 1" is a group under the Admin->AAA section.


Auth-Type := LDAP, Huntgroup="blah",

Cisco-AV-Pair = "Wireless-WCS:role0=User Defined 1",

Cisco-AV-Pair += "Wireless-WCS:task0=Users and Groups",

Cisco-AV-Pair += "Wireless-WCS:task1=Audit Trails",

Cisco-AV-Pair += "Wireless-WCS:task2=TACACS+ Servers",

Cisco-AV-Pair += "Wireless-WCS:task3=RADIUS Servers",

Cisco-AV-Pair += "Wireless-WCS:task4=Logging",

Cisco-AV-Pair += "Wireless-WCS:task5=License Center",

Cisco-AV-Pair += "Wireless-WCS:task6=Scheduled Tasks and Data Collection",

Cisco-AV-Pair += "Wireless-WCS:task7=User Preferences",

Cisco-AV-Pair += "Wireless-WCS:task8=System Settings",

Cisco-AV-Pair += "Wireless-WCS:task9=Diagnostic Information",

Cisco-AV-Pair += "Wireless-WCS:task10=View Alerts and Events",

Cisco-AV-Pair += "Wireless-WCS:task11=Email Notification",

Cisco-AV-Pair += "Wireless-WCS:task12=Delete and Clear Alerts",

Cisco-AV-Pair += "Wireless-WCS:task13=Pick and Unpick Alerts",

Cisco-AV-Pair += "Wireless-WCS:task14=Configure Controllers",

Cisco-AV-Pair += "Wireless-WCS:task15=Configure Templates",

Cisco-AV-Pair += "Wireless-WCS:task16=Configure Config Groups",

Cisco-AV-Pair += "Wireless-WCS:task17=Configure Access Points",

Cisco-AV-Pair += "Wireless-WCS:task18=Configure Choke Points",

Cisco-AV-Pair += "Wireless-WCS:task19=Monitor Controllers",

Cisco-AV-Pair += "Wireless-WCS:task20=Monitor Access Points",

Cisco-AV-Pair += "Wireless-WCS:task21=Monitor Clients",

Cisco-AV-Pair += "Wireless-WCS:task22=Monitor Tags",

Cisco-AV-Pair += "Wireless-WCS:task23=Monitor Security",

Cisco-AV-Pair += "Wireless-WCS:task24=Monitor Chokepoints",

Cisco-AV-Pair += "Wireless-WCS:task25=Mesh Reports",

Cisco-AV-Pair += "Wireless-WCS:task26=Client Reports",

Cisco-AV-Pair += "Wireless-WCS:task27=Performance Reports",

Cisco-AV-Pair += "Wireless-WCS:task28=Security Reports",

Cisco-AV-Pair += "Wireless-WCS:task29=Location Server Management",

Cisco-AV-Pair += "Wireless-WCS:task30=View Location Notifications",

Cisco-AV-Pair += "Wireless-WCS:task31=Maps Read Only",

Cisco-AV-Pair += "Wireless-WCS:task32=Maps Read Write",

Cisco-AV-Pair += "Wireless-WCS:task33=Client Location",

Cisco-AV-Pair += "Wireless-WCS:task34=Rogue Location",

Cisco-AV-Pair += "Wireless-WCS:task35=Planning Mode",

Cisco-AV-Pair += "Wireless-WCS:task36=Ack and Unack Alerts",

Cisco-AV-Pair += "Wireless-WCS:task37=Migration Templates",

Cisco-AV-Pair += "Wireless-WCS:task38=Configure Spectrum Experts",

Cisco-AV-Pair += "Wireless-WCS:task39=Monitor Spectrum Experts",

Cisco-AV-Pair += "Wireless-WCS:task40=Interferers Search",

Cisco-AV-Pair += "Wireless-WCS:task41=Auto Provisioning",

Cisco-AV-Pair += "Wireless-WCS:task42=Voice Audit Report",

Cisco-AV-Pair += "Wireless-WCS:task43=Virtual Domain Management",

Cisco-AV-Pair += "Wireless-WCS:task44=Scheduled Configuration Tasks",

Cisco-AV-Pair += "Wireless-WCS:task45=Configure Location Sensors",

Cisco-AV-Pair += "Wireless-WCS:task46=Configure ACS View Servers",

Cisco-AV-Pair += "Wireless-WCS:task47=Monitor Location Sensors",

Cisco-AV-Pair += "Wireless-WCS:task48=RRM Dashboard",

Cisco-AV-Pair += "Wireless-WCS:task49=RRM Dashboard",

New Member

Re: FreeRADIUS authentication on WCS

The rest of the config. Apparently my post was too big.

Cisco-AV-Pair += "Wireless-WCS:task50=Config Audit Dashboard",

Cisco-AV-Pair += "Wireless-WCS:task51=High Availability Configuration",

Cisco-AV-Pair += "Wireless-WCS:task52=Health Monitor Details",

Cisco-AV-Pair += "Wireless-WCS:task53=Configure WIPS Profiles",

Cisco-AV-Pair += "Wireless-WCS:task54=Global SSID Groups",

Cisco-AV-Pair += "Wireless-WCS:task55=WIPS Service",

Cisco-AV-Pair += "Wireless-WCS:task56=Configure Lightweight Access Point Templates",

Cisco-AV-Pair += "Wireless-WCS:task57=Configure Autonomous Access Point Templates",

Cisco-AV-Pair += "Wireless-WCS:task58=Guest Reports",

Cisco-AV-Pair += "Wireless-WCS:task59=Handover Server Management",

Cisco-AV-Pair += "Wireless-WCS:task60=Monitor Handover Server",

Cisco-AV-Pair += "Wireless-WCS:task61=Device Reports",

Cisco-AV-Pair += "Wireless-WCS:task62=Network Summary Reports",

Cisco-AV-Pair += "Wireless-WCS:task63=Compliance Reports",

Cisco-AV-Pair += "Wireless-WCS:task64=Report Launch Pad",

Cisco-AV-Pair += "Wireless-WCS:task65=Run Reports List",

Cisco-AV-Pair += "Wireless-WCS:task66=Saved Reports List",

Cisco-AV-Pair += "Wireless-WCS:task67=Report Run History",

Cisco-AV-Pair += "Wireless-WCS:task68=Monitor Interferers",

Cisco-AV-Pair += "Wireless-WCS:task69=CleanAir",

Cisco-AV-Pair += "Wireless-WCS:virtual-domain0=root",

New Member

Re: FreeRADIUS authentication on WCS

Thanks Kevin

It is good to get an insight into what others have done. I must have something wrong on my RADIUS server, as your config looks like mine, so back to it.

thank you

CreatePlease to create content