Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Cannot login to 4400 using ACS-TACACS+

Hello,

I am using a 4402 running 4.2.207 setup with TACACS+ to management user authentication.  I am running ACS 4.2 in a VM.  I went thru the setup and added the ciscowlc-common attribute under the user group and added role1=ALL.

I cannot get any user to login to the WLC.  If I turn off the ACS service the local auth works fine.  The ACS says that the authentication passed in the log but all I get when I try to connect to the WLC is prompted over and over again for username and password.

Here are some captures from the WLC when I try to login to it from the web browser.

Mon Aug  9 15:43:06 2010: Forwarding request to 192.168.1.90 port=49
Mon Aug  9 15:43:06 2010: tplus response: type=1 seq_no=2 session_id=223f532e length=16 encrypted=0
Mon Aug  9 15:43:06 2010: TPLUS_AUTHEN_STATUS_GETPASS
Mon Aug  9 15:43:06 2010: auth_cont get_pass reply: pkt_length=22
Mon Aug  9 15:43:06 2010: processTplusAuthResponse: Continue auth transaction
Mon Aug  9 15:43:06 2010: tplus response: type=1 seq_no=4 session_id=223f532e length=6 encrypted=0
Mon Aug  9 15:43:06 2010: tplus_make_author_request: athr server not found
Mon Aug  9 15:43:06 2010: tplus_make_author_request() from tplus_authen_passed returns rc=1

(Wireless) >show tacacs auth statistics
Authentication Servers:

Server Index..................................... 1
Server Address................................... 192.168.1.90
Msg Round Trip Time.............................. 0 (1/100 second)
First Requests................................... 1
Retry Requests................................... 1
Accept Responses................................. 1
Reject Responses................................. 0
Error Responses.................................. 0
Restart Responses................................ 0
Follow Responses................................. 0
GetData Responses................................ 0
Encrypt no secret Responses...................... 0
Challenge Responses.............................. 0
Malformed Msgs................................... 0
Bad Authenticator Msgs........................... 0
Timeout Requests................................. 0
Unknowntype Msgs................................. 0
Other Drops...................................... 0


show aaa auth

Management authentication server order:
    1............................................ tacacs
    2............................................ local

Any help is greatly appreciated.

Seth

1 ACCEPTED SOLUTION

Accepted Solutions
Gold

Re: Cannot login to 4400 using ACS-TACACS+

Did you also configure the server info under TACACS Authorization and Accounting on the controller?  You can get this debug response if you only set up the server under the Authentication section.

2 REPLIES
Gold

Re: Cannot login to 4400 using ACS-TACACS+

Did you also configure the server info under TACACS Authorization and Accounting on the controller?  You can get this debug response if you only set up the server under the Authentication section.

Community Member

Re: Cannot login to 4400 using ACS-TACACS+

That fixed it.  But man is that stupid.

Thank you for the help.

Seth

501
Views
0
Helpful
2
Replies
CreatePlease to create content