Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

4402 with RADIUS admin authentication (mgmt)

I'm trying to get admin authentication, either through SSL or HTTPS access to controller, with a RADIUS Server. Radius is Cisco ACS 4.1. I've added the RADIUS in the controller and configured Cisco ACS. When I try to login into controller, logs on ACS specify a Passed Authentication.

I use the ACS to authenticate access to my routers successfully, therefore, Cisco ACS is running OK.

I tried with a different RADIUS server for controller admin access and get the same problem. On RADIUS, authentication is successful, but can't login in to controller.

Here is the debug aaa all output from the controller when I try to login:

(Cisco Controller) >Wed Apr 11 22:52:35 2007: Unable to find requested user entry for jimadmin

Wed Apr 11 22:52:35 2007: AuthenticationRequest: 0x137a0ac8

Wed Apr 11 22:52:35 2007: Callback.....................................0x10336ad8

Wed Apr 11 22:52:35 2007: protocolType.................................0x00020001

Wed Apr 11 22:52:35 2007: proxyState...................................00:00:00:2F:00:00-00:00

Wed Apr 11 22:52:35 2007: Packet contains 5 AVPs (not shown)

Wed Apr 11 22:52:35 2007: 00:00:00:2f:00:00 Successful transmission of Authentication Packet (id 6) to 172.16.227.28:1812, proxy state 00:00:00:2f:00:00-00:2f

Wed Apr 11 22:52:35 2007: 00000000: 01 06 00 48 00 00 00 00 00 00 00 00 00 00 00 00 ...H............

Wed Apr 11 22:52:35 2007: 00000010: 00 00 00 00 01 0a 6a 69 6d 61 64 6d 69 6e 02 12 ......jimadmin..

Wed Apr 11 22:52:35 2007: 00000020: 21 7a fd 54 da 87 55 a8 45 8e 67 ea 3f 85 fb 44 !z.T..U.E.g.?..D

Wed Apr 11 22:52:35 2007: 00000030: 06 06 00 00 00 07 04 06 ac 13 01 05 20 0c 61 69 ..............ai

Wed Apr 11 22:52:35 2007: 00000040: 72 2d 77 6c 61 6e 2d 32 r-wlan-2

Wed Apr 11 22:52:35 2007: 00000000: 02 06 00 33 91 a5 b9 ad ba 7a d4 ed 29 ce 8e 8e ...3.....z..)...

Wed Apr 11 22:52:35 2007: 00000010: 27 db fd 51 19 1f 43 41 43 53 3a 30 2f 32 64 30 '..Q..CACS:0/2d0

Wed Apr 11 22:52:35 2007: 00000020: 30 2f 61 63 31 33 30 31 30 35 2f 6a 69 6d 61 64 0/ac130105/jimad

Wed Apr 11 22:52:35 2007: 00000030: 6d 69 6e min

Wed Apr 11 22:52:35 2007: ****Enter processIncomingMessages: response code=2

Wed Apr 11 22:52:35 2007: ****Enter processRadiusResponse: response code=2

Wed Apr 11 22:52:35 2007: 00:00:00:2f:00:00 Access-Accept received from RADIUS server 172.16.227.28 for mobile 00:00:00:2f:00:00 receiveId = 0

Wed Apr 11 22:52:35 2007: AuthorizationResponse: 0x11c8a394

Wed Apr 11 22:52:35 2007: structureSize................................73

Wed Apr 11 22:52:35 2007: resultCode...................................0

Wed Apr 11 22:52:35 2007: protocolUsed.................................0x00000001

Wed Apr 11 22:52:35 2007: proxyState...................................00:00:00:2F:00:00-00:00

Wed Apr 11 22:52:35 2007: Packet contains 1 AVPs:

Wed Apr 11 22:52:35 2007: AVP[01] Class....................................CACS:0/2d00/ac130105/jimadmin (29 bytes)

Thanks!

James

1 REPLY
New Member

Re: 4402 with RADIUS admin authentication (mgmt)

If you need to log in to the WLC for management, you must set the return value "Service-type" to "Administrative". This has been recently included into the release notes, please see CSCsc96482

217
Views
0
Helpful
1
Replies
CreatePlease to create content