01-24-2012 10:46 AM - edited 07-03-2021 09:26 PM
Hello,
Just wondering if someone knew how to configure a LobbyAdmin account for WLC 7.0 on a 5.1 ACS? I'm very new to ACS 5.1 and need to advise as to how to configure it.
I've got the ACS policy working that allows me to login to the WLC using a user account with full rights but the Lobby admin account can login with full rights as well. I've tried setting the custome attributes in the shell profiles with role0-mandatory-LobbyAmbassador, task0-Mandatory-Configure Guest User and task1-Mandatory-Lobby Ambassador User Preferences but it still doesn't work.
Solved! Go to Solution.
01-24-2012 11:42 AM
Double check you shell profile... might want to delete it and recreate it, if you are sure it is hitting that policy.
01-24-2012 11:46 AM
can you rebuild the attribute, or try to put the cursor in front of LOBBY and backspace?
Steve
01-24-2012 10:48 AM
If you have the WLC there already for management, the role for lobby is role1=LOBBY. Of course you will have two separate policies in ACS, one for your management and one for lobby.
01-24-2012 11:09 AM
I made the changes and added the rule and now I can't login to the WLC with any account. My hit count goes up but I can't login.
01-24-2012 11:17 AM
You not defineing a group or AD1. So your policy is very generic... If you look at mine, I define what group the user is in first then it looks for the others.
01-24-2012 11:28 AM
I've created the group and added the lobby admin user to that group. I added the group to the rule and I get a hit count on the role but I still can't login.
01-24-2012 11:32 AM
You need to define two different shell profiles, don't combine the two together. For the wlc it is role1=ALL and for lobby its role1=LOBBY.
01-24-2012 11:36 AM
I have two shell profiles configured,
01-24-2012 11:38 AM
On your policy, it shows only WLC-Lobby as your shell profile. One policy should have WLC-Admin and the other WLC-Lobby.
01-24-2012 11:40 AM
I noticed that and corrected it, now I can login with full admin but not with Lobby admin. I'm checking the debug logs now.
01-24-2012 11:42 AM
Double check you shell profile... might want to delete it and recreate it, if you are sure it is hitting that policy.
01-24-2012 11:43 AM
Can you screen shot your command sets?
01-24-2012 11:46 AM
Screen shot of command set,
01-24-2012 11:49 AM
Okay... I though you had something there that also might be causing an issue.
01-24-2012 11:31 AM
I see in your configuration that you don't have the command set field, is that becuase you are using AD as the source for your users?
01-24-2012 11:35 AM
Correct... I can use internal user groups if I wanted to, but I'm just testing AD for now.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide