*tplusTransportThread: Apr 06 12:41:07.284: Tplus authorization for <username> failed status=67
Subsequent attempts produce a different status, arg_cnt, msg_len and data_len value each time
I have a 5508 controller running the same software version (126.96.36.199) and authenticating against the same Cisco Secure ACS server with the same credentials. When I (succesfully) log on there, the debug aaa tacacs output is as follows:
*tplusTransportThread: Apr 06 12:45:36.269: Forwarding request to x.x.x.x port=49
Notice the difference in the author response body status and arg_cnt. on 12:45:36:477. The 5508 comes back with a status 1 and 6 argument, where the 4402 comes back with a very erratic/illogic status and argument count. Is this a bug in the 4402 188.8.131.52 release or in the Cisco ACS version?
Yes, the ACS server is configured correctly to authorise users from a WLC, that is why the 5508 WLC is working as designed (the log entries from the 5508 match the ones described in your link).
I highly suspect some sort of issue between the 4402 and the ACS server, since the fail status value from the ACS is different each time, the arg_cnt doesn't make any sense and the msg_len and data_len are very large
Since the WCS is part of a larger group of devices that do authenticate and authorise properly, the entry on the ACS side must have been right.
Your post did prompt me however to re-enter the tacacs+ authorisation server details in the WLC again and for some unfathomable reason, after I did that, everything worked. How I was able to mess up entering the shared secret and mess up entering the confirmation of the shared secret in exactly the same way is beyond me.
Most likely they were correct in the authentication part, hence the passed authentication in the ACS.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...