Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Locked myself out of WCS after enabling Virtual Domains

Hi All,

Well this was a bone head thing to do I guess, although it seemed very easy to do so maybe Cisco has to look into how it does virtual domains.

Anyway, I have TACACS setup on an ACS server, and have been using it to login to the WCS for quite some time now. I upgraded to 5.2 and checked the tasks for TACACS and copied and pasted them into the ACS server and all was fine. It wasn't until I started enabling virtual domains that I ran into an issue. Right after I enabled VD's I logged out and could not log back in. It is giving me an error saying the user does not belong to any virtual domains.

I checked the docs and it does not mention the exact role or task that needs to be added to ACS in order to get this to work, all it says is to copy and paste the tasks from the TACACS list and the Radius list.

The only thing I have not done is copy the Radius stuff because I thought you only used that if you used Radius as the authentication protocol to manage the WCS, which I do not, I use TACACS.

Right now the only thing I can think of is disconnecting the Ethernet cable and logging in from the WCS server itself so it defaults to the local db for authentication when TACACS is down. This is assuming the root user does not get denied as well.

Anyone have a better idea or have the roles or tasks needed to enter into the ACS server?

Thanks

Brett

1 REPLY
New Member

Re: Locked myself out of WCS after enabling Virtual Domains

Well, I was able to get back in as root and did an export of the virtual domain settings.

I guess I will have just be a little more careful although I still think it is a little to easy to lock yourself out.

Anyway the added line for the Virtual domains is virtual-domain<#>=

So if you manage 2 domains you would have to add the TACACS commands

virtual-domain1=Domain1

virtual-domain2=Domain2

Anyway, sorry for spamming the group, fixes usually appear right after you post the problem anyway:)

272
Views
0
Helpful
1
Replies
CreatePlease to create content