FreeRADIUS authentication on WCS

BRYN JONES · ‎06-23-2009

Hello

I am trying to set up radius auth for mgmt users on our WCS. We use freeRADIUS.

At the moment the server logs are saying that a user is logged in and has passed back the necessary group tasks in the reply using Cisco-AVPair.

However the WCS reports that the user could not be logged in due to an invalid password and/or inadequate permissions.

Has anyone set up WCS against freeradius for authentication of the management users successfully?

I have noted CSCsj29057 but this is seemingly fixed.

I am running WCS 5.1.64.0

thanks

Bryn

This is our permit list on teh RADIUS:

DEFAULT NAS-IP-Address == "xxx.xxx.xxx.xxx", Auth-Type := LDAP

Cisco-AVPair += "Wireless-WCS:role0=Admin",

Cisco-AVPair += "Wireless-WCS:task0=Users and Groups",

Cisco-AVPair += "Wireless-WCS:task1=Audit Trails",

Cisco-AVPair += "Wireless-WCS:task2=TACACS+ Servers",

Cisco-AVPair += "Wireless-WCS:task3=RADIUS Servers",

Cisco-AVPair += "Wireless-WCS:task4=Logging",

Cisco-AVPair += "Wireless-WCS:task5=Licensing",

Cisco-AVPair += "Wireless-WCS:task6=Scheduled Tasks and Data Collection",

Cisco-AVPair += "Wireless-WCS:task7=User Preferences",

Cisco-AVPair += "Wireless-WCS:task8=System Settings",

Cisco-AVPair += "Wireless-WCS:task9=Diagnostic Information",

Cisco-AVPair += "Wireless-WCS:task10=View Alerts and Events",

Cisco-AVPair += "Wireless-WCS:task11=Email Notification",

Cisco-AVPair += "Wireless-WCS:task12=Delete and Clear Alerts",

Cisco-AVPair += "Wireless-WCS:task13=Pick and Unpick Alerts",

Cisco-AVPair += "Wireless-WCS:task14=Ack and Unack Alerts",

Cisco-AVPair += "Wireless-WCS:task15=Severity Configuration",

Cisco-AVPair += "Wireless-WCS:task16=Configure Controllers",

Cisco-AVPair += "Wireless-WCS:task17=Configure Templates",

Cisco-AVPair += "Wireless-WCS:task18=Configure Config Groups",

Cisco-AVPair += "Wireless-WCS:task19=Configure Access Points",

Cisco-AVPair += "Wireless-WCS:task20=Configure Access Point Templates",

Cisco-AVPair += "Wireless-WCS:task21=Migration Templates",

Cisco-AVPair += "Wireless-WCS:task22=Configure Choke Points",

Cisco-AVPair += "Wireless-WCS:task23=Configure Spectrum Experts",

Cisco-AVPair += "Wireless-WCS:task24=Monitor Controllers",

Cisco-AVPair += "Wireless-WCS:task25=Monitor Access Points",

Cisco-AVPair += "Wireless-WCS:task26=Monitor Clients",

Cisco-AVPair += "Wireless-WCS:task27=Monitor Tags",

Cisco-AVPair += "Wireless-WCS:task28=Monitor Security",

Cisco-AVPair += "Wireless-WCS:task29=Monitor Chokepoints",

Cisco-AVPair += "Wireless-WCS:task30=Monitor Spectrum Experts",

Cisco-AVPair += "Wireless-WCS:task31=Interferers Search",

Cisco-AVPair += "Wireless-WCS:task32=Access Point Reports",

Cisco-AVPair += "Wireless-WCS:task33=Mesh Reports",

Cisco-AVPair += "Wireless-WCS:task34=Client Reports",

Cisco-AVPair += "Wireless-WCS:task35=Inventory Reports",

Cisco-AVPair += "Wireless-WCS:task36=Performance Reports",

Cisco-AVPair += "Wireless-WCS:task37=Security Reports",

Cisco-AVPair += "Wireless-WCS:task38=Audit Reports",

Cisco-AVPair += "Wireless-WCS:task39=Maps Read Only",

Cisco-AVPair += "Wireless-WCS:task40=Maps Read Write",

Cisco-AVPair += "Wireless-WCS:task41=Client Location",

Cisco-AVPair += "Wireless-WCS:task42=Rogue Location",

Cisco-AVPair += "Wireless-WCS:task43=Planning Mode",

Fall-Through = no

ehlers.kevin · ‎06-24-2009

We're running WCS 6.0 here. This seems to work. This is attached to a user config instead of a default.

"User Defined 1" is a group under the Admin->AAA section.

HTH

Auth-Type := LDAP, Huntgroup="blah",

Cisco-AV-Pair = "Wireless-WCS:role0=User Defined 1",

Cisco-AV-Pair += "Wireless-WCS:task0=Users and Groups",

Cisco-AV-Pair += "Wireless-WCS:task1=Audit Trails",

Cisco-AV-Pair += "Wireless-WCS:task2=TACACS+ Servers",

Cisco-AV-Pair += "Wireless-WCS:task3=RADIUS Servers",

Cisco-AV-Pair += "Wireless-WCS:task4=Logging",

Cisco-AV-Pair += "Wireless-WCS:task5=License Center",

Cisco-AV-Pair += "Wireless-WCS:task6=Scheduled Tasks and Data Collection",

Cisco-AV-Pair += "Wireless-WCS:task7=User Preferences",

Cisco-AV-Pair += "Wireless-WCS:task8=System Settings",

Cisco-AV-Pair += "Wireless-WCS:task9=Diagnostic Information",

Cisco-AV-Pair += "Wireless-WCS:task10=View Alerts and Events",

Cisco-AV-Pair += "Wireless-WCS:task11=Email Notification",

Cisco-AV-Pair += "Wireless-WCS:task12=Delete and Clear Alerts",

Cisco-AV-Pair += "Wireless-WCS:task13=Pick and Unpick Alerts",

Cisco-AV-Pair += "Wireless-WCS:task14=Configure Controllers",

Cisco-AV-Pair += "Wireless-WCS:task15=Configure Templates",

Cisco-AV-Pair += "Wireless-WCS:task16=Configure Config Groups",

Cisco-AV-Pair += "Wireless-WCS:task17=Configure Access Points",

Cisco-AV-Pair += "Wireless-WCS:task18=Configure Choke Points",

Cisco-AV-Pair += "Wireless-WCS:task19=Monitor Controllers",

Cisco-AV-Pair += "Wireless-WCS:task20=Monitor Access Points",

Cisco-AV-Pair += "Wireless-WCS:task21=Monitor Clients",

Cisco-AV-Pair += "Wireless-WCS:task22=Monitor Tags",

Cisco-AV-Pair += "Wireless-WCS:task23=Monitor Security",

Cisco-AV-Pair += "Wireless-WCS:task24=Monitor Chokepoints",

Cisco-AV-Pair += "Wireless-WCS:task25=Mesh Reports",

Cisco-AV-Pair += "Wireless-WCS:task26=Client Reports",

Cisco-AV-Pair += "Wireless-WCS:task27=Performance Reports",

Cisco-AV-Pair += "Wireless-WCS:task28=Security Reports",

Cisco-AV-Pair += "Wireless-WCS:task29=Location Server Management",

Cisco-AV-Pair += "Wireless-WCS:task30=View Location Notifications",

Cisco-AV-Pair += "Wireless-WCS:task31=Maps Read Only",

Cisco-AV-Pair += "Wireless-WCS:task32=Maps Read Write",

Cisco-AV-Pair += "Wireless-WCS:task33=Client Location",

Cisco-AV-Pair += "Wireless-WCS:task34=Rogue Location",

Cisco-AV-Pair += "Wireless-WCS:task35=Planning Mode",

Cisco-AV-Pair += "Wireless-WCS:task36=Ack and Unack Alerts",

Cisco-AV-Pair += "Wireless-WCS:task37=Migration Templates",

Cisco-AV-Pair += "Wireless-WCS:task38=Configure Spectrum Experts",

Cisco-AV-Pair += "Wireless-WCS:task39=Monitor Spectrum Experts",

Cisco-AV-Pair += "Wireless-WCS:task40=Interferers Search",

Cisco-AV-Pair += "Wireless-WCS:task41=Auto Provisioning",

Cisco-AV-Pair += "Wireless-WCS:task42=Voice Audit Report",

Cisco-AV-Pair += "Wireless-WCS:task43=Virtual Domain Management",

Cisco-AV-Pair += "Wireless-WCS:task44=Scheduled Configuration Tasks",

Cisco-AV-Pair += "Wireless-WCS:task45=Configure Location Sensors",

Cisco-AV-Pair += "Wireless-WCS:task46=Configure ACS View Servers",

Cisco-AV-Pair += "Wireless-WCS:task47=Monitor Location Sensors",

Cisco-AV-Pair += "Wireless-WCS:task48=RRM Dashboard",

Cisco-AV-Pair += "Wireless-WCS:task49=RRM Dashboard",

ehlers.kevin · ‎06-24-2009

The rest of the config. Apparently my post was too big.

Cisco-AV-Pair += "Wireless-WCS:task50=Config Audit Dashboard",

Cisco-AV-Pair += "Wireless-WCS:task51=High Availability Configuration",

Cisco-AV-Pair += "Wireless-WCS:task52=Health Monitor Details",

Cisco-AV-Pair += "Wireless-WCS:task53=Configure WIPS Profiles",

Cisco-AV-Pair += "Wireless-WCS:task54=Global SSID Groups",

Cisco-AV-Pair += "Wireless-WCS:task55=WIPS Service",

Cisco-AV-Pair += "Wireless-WCS:task56=Configure Lightweight Access Point Templates",

Cisco-AV-Pair += "Wireless-WCS:task57=Configure Autonomous Access Point Templates",

Cisco-AV-Pair += "Wireless-WCS:task58=Guest Reports",

Cisco-AV-Pair += "Wireless-WCS:task59=Handover Server Management",

Cisco-AV-Pair += "Wireless-WCS:task60=Monitor Handover Server",

Cisco-AV-Pair += "Wireless-WCS:task61=Device Reports",

Cisco-AV-Pair += "Wireless-WCS:task62=Network Summary Reports",

Cisco-AV-Pair += "Wireless-WCS:task63=Compliance Reports",

Cisco-AV-Pair += "Wireless-WCS:task64=Report Launch Pad",

Cisco-AV-Pair += "Wireless-WCS:task65=Run Reports List",

Cisco-AV-Pair += "Wireless-WCS:task66=Saved Reports List",

Cisco-AV-Pair += "Wireless-WCS:task67=Report Run History",

Cisco-AV-Pair += "Wireless-WCS:task68=Monitor Interferers",

Cisco-AV-Pair += "Wireless-WCS:task69=CleanAir",

Cisco-AV-Pair += "Wireless-WCS:virtual-domain0=root",

BRYN JONES · ‎06-30-2009

Thanks Kevin

It is good to get an insight into what others have done. I must have something wrong on my RADIUS server, as your config looks like mine, so back to it.

thank you