Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Error with WCS 7.0 using tacacs+ and ACS 5.2

Hi.

I'm crazy with this version of ACS, it is totally diferent than ACS 4.2, which is familiar for me and seems to difficult to config for me.

Although I have red a lot of post about problems with the integration WCS 7.0 and ACS 5.2 using TACACs+ for admin or lobby access to the web portal I can't do login into WCS as Lobbyambassador using ACS 5.2 because always show me the error "User has no usergroups assigned".

Steps I followed:

- I create a "shell profile" with the custom attributes of the group "lobby ambassador".

shell.jpg

- In default device admin / authorization, I create a rule matching this "shell profile".

rule.jpg

I see lot os Hit counts and passed in logs, but the message written previously.

In ACS 4.2 I had to create the custom attribute "HTTP" and string "Wireless-WCS" to work with, but now I don't know if it is necessary and I don't know how to do it.

Thanks in advanced.

5 REPLIES

Re: Error with WCS 7.0 using tacacs+ and ACS 5.2

H,

With version 4.2 you simply copy the attributes from WCS to the ACS server.

With version 5.x you have to create a rule for each attribute? Have you done that?

Sent from Cisco Technical Support iPad App

Rating useful replies is more useful than saying "Thank you"
Hall of Fame Super Silver

Error with WCS 7.0 using tacacs+ and ACS 5.2

The shell profile you posted is for the WLC and not WCS.  You need to manually enter each of these attributes one at a time with ACS 5.1-5.2, ACS 5.3 allows you to bulk upload:)

http://www.cisco.com/en/US/docs/wireless/wcs/7.0/configuration/guide/7_0admin.html#wp1061106

So you can follow this that explains the shell profile for a WLC and use it to create a shell profile for WCS:

https://supportforums.cisco.com/docs/DOC-14908

-Scott
*** Please rate helpful posts ***

Error with WCS 7.0 using tacacs+ and ACS 5.2

Hi.

Thanks for your help.

I will try it. One note Scott, the Shell profile created was with custom attributes for Lobby group copied from the WCS. These three values was added one by one. I will try to do as you told me.

Thanks again.

Best Regards.

Hall of Fame Super Silver

Error with WCS 7.0 using tacacs+ and ACS 5.2

If you will have lobby and root access using radius, you must make sure your tacacs policies are correct.  This would mean that you would need two seperate and users cant be part of the same group.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Error with WCS 7.0 using tacacs+ and ACS 5.2

I answer myself:

I needed to add the attribute for the virtual domain in which the user is in, in this case, I was using root domain, I suppose this is the reason that WCS told me "User has no usergroups assigned", because it is no assigned to any virtual domain.

Thanks.

Best Regards.

853
Views
7
Helpful
5
Replies