cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
726
Views
0
Helpful
2
Replies

Cannot login to 4400 using ACS-TACACS+

srosenthal
Level 4
Level 4

Hello,

I am using a 4402 running 4.2.207 setup with TACACS+ to management user authentication.  I am running ACS 4.2 in a VM.  I went thru the setup and added the ciscowlc-common attribute under the user group and added role1=ALL.

I cannot get any user to login to the WLC.  If I turn off the ACS service the local auth works fine.  The ACS says that the authentication passed in the log but all I get when I try to connect to the WLC is prompted over and over again for username and password.

Here are some captures from the WLC when I try to login to it from the web browser.

Mon Aug  9 15:43:06 2010: Forwarding request to 192.168.1.90 port=49
Mon Aug  9 15:43:06 2010: tplus response: type=1 seq_no=2 session_id=223f532e length=16 encrypted=0
Mon Aug  9 15:43:06 2010: TPLUS_AUTHEN_STATUS_GETPASS
Mon Aug  9 15:43:06 2010: auth_cont get_pass reply: pkt_length=22
Mon Aug  9 15:43:06 2010: processTplusAuthResponse: Continue auth transaction
Mon Aug  9 15:43:06 2010: tplus response: type=1 seq_no=4 session_id=223f532e length=6 encrypted=0
Mon Aug  9 15:43:06 2010: tplus_make_author_request: athr server not found
Mon Aug  9 15:43:06 2010: tplus_make_author_request() from tplus_authen_passed returns rc=1

(Wireless) >show tacacs auth statistics
Authentication Servers:

Server Index..................................... 1
Server Address................................... 192.168.1.90
Msg Round Trip Time.............................. 0 (1/100 second)
First Requests................................... 1
Retry Requests................................... 1
Accept Responses................................. 1
Reject Responses................................. 0
Error Responses.................................. 0
Restart Responses................................ 0
Follow Responses................................. 0
GetData Responses................................ 0
Encrypt no secret Responses...................... 0
Challenge Responses.............................. 0
Malformed Msgs................................... 0
Bad Authenticator Msgs........................... 0
Timeout Requests................................. 0
Unknowntype Msgs................................. 0
Other Drops...................................... 0


show aaa auth

Management authentication server order:
    1............................................ tacacs
    2............................................ local

Any help is greatly appreciated.

Seth

1 Accepted Solution

Accepted Solutions

dancampb
Level 7
Level 7

Did you also configure the server info under TACACS Authorization and Accounting on the controller?  You can get this debug response if you only set up the server under the Authentication section.

View solution in original post

2 Replies 2

dancampb
Level 7
Level 7

Did you also configure the server info under TACACS Authorization and Accounting on the controller?  You can get this debug response if you only set up the server under the Authentication section.

That fixed it.  But man is that stupid.

Thank you for the help.

Seth

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: