Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

TACACS Authentication on WCS6.0

Hi,

I've configured WCS6.0 to authenticate the useres against the Cisco ACS.

I've assigned all tasks from "root"-group to my user profile on the ACS, so I should have the sames rights as the local root-user.

Now, when I try to view the audit-report I get

"Permission Denied

You do not have privileges for the requested operation."

Does anyone know the reason for this?

BTW: Same happens when I try to open "AP Timers" under the Confgure->Controllers dialog.

Regards Dirk

regards, Dirk (Please rate if helpful)
6 REPLIES

Re: TACACS Authentication on WCS6.0

Make sure you are using root for the virtual domain on the upper right corner of WCS. If your roles in ACS are configured right, it should work.

New Member

Re: TACACS Authentication on WCS6.0

Just using the Root-Domain, no other domains configured.

Copied the properties of the root-group exactly to the ACS configuration.

regards

regards, Dirk (Please rate if helpful)

Re: TACACS Authentication on WCS6.0

There must be something wrong either on the WCS or ACS config.

If you feel the configuration you made is exactly step by step following :

http://www.cisco.com/en/US/docs/wireless/wcs/6.0/configuration/guide/6_0manag.html#wp1097777

AND

http://www.cisco.com/en/US/docs/wireless/wcs/6.0/configuration/guide/6_0admin.html#wpxref67416

Then open a TAC case. Usually the errors come from not configuring the virtual domains correctly, or misconfiguration on the ACS. At this point there are no bugs with WCS 6.0 and the integration with ACS.

Also, ACS 4.2 is the higher supported version. ACS express 5 neither ACS 5 are supported.

New Member

Re: TACACS Authentication on WCS6.0

Hi,

did it exactly as specified in the documents.

Still the same error. Nothing in the error-log on the ACS.

Using ACS 4.1.(4) Build 13 Patch 11

Any ideas?

regards, Dirk (Please rate if helpful)
New Member

Re: TACACS Authentication on WCS6.0

I'm trying to use TACACS in our WCS/WLCs to authenticate to our ACS 5 server with no luck either. I can't find any step-by-step docs anywhere. We upgraded the WCS to verison 6.0.132.0 in hopes this would help, but we are still stuck.

Also tried upgrading the WLCs to 6.0.182.0 with no better luck.

I get errors like this in the WLC logs:

Jul 20 17:05:39.928: %EMWEB-1-LOGIN_FAILED: ews_auth.c:2106 Login failed. User:xxxxx Service-Type is not present or it doesn't allow READ/WRITE permission

Any ideas?

New Member

Re: TACACS Authentication on WCS6.0

WCS 6 has additional tasks listed (59 total) vs previous versions which only had about 45 in the task list. I was having issues with certain areas as well, but went into the AAA, Root export list and copied the new task list with al 59 and copied to the ACS atrributes under tacacs - no more problems.

1012
Views
0
Helpful
6
Replies
CreatePlease login to create content