Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

WLC Lobby Admin with ACS 5.1

Hello,

Just wondering if someone knew how to configure a LobbyAdmin account for WLC 7.0 on a 5.1 ACS?  I'm very new to ACS 5.1 and need to advise as to how to configure it.

I've got the ACS policy working that allows me to login to the WLC using a user account with full rights but the Lobby admin account can login with full rights as well.  I've tried setting the custome attributes in the shell profiles with role0-mandatory-LobbyAmbassador, task0-Mandatory-Configure Guest User and task1-Mandatory-Lobby Ambassador User Preferences but it still doesn't work.

2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Silver

WLC Lobby Admin with ACS 5.1

Double check you shell profile... might want to delete it and recreate it, if you are sure it is hitting that policy.

-Scott
*** Please rate helpful posts ***

WLC Lobby Admin with ACS 5.1

can you rebuild the attribute, or try to put the cursor in front of LOBBY and backspace?

Steve

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
18 REPLIES
Hall of Fame Super Silver

Re: WLC Lobby Admin with ACS 5.1

If you have the WLC there already for management, the role for lobby is role1=LOBBY.  Of course you will have two separate policies in ACS, one for your management and one for lobby.

-Scott
*** Please rate helpful posts ***
Community Member

WLC Lobby Admin with ACS 5.1

I made the changes and added the rule and now I can't login to the WLC with any account.  My hit count goes up but I can't login.

Hall of Fame Super Silver

WLC Lobby Admin with ACS 5.1

You not defineing a group or AD1.  So your policy is very generic... If you look at mine, I define what group the user is in first then it looks for the others. 

-Scott
*** Please rate helpful posts ***
Community Member

WLC Lobby Admin with ACS 5.1

I've created the group and added the lobby admin user to that group. I added the group to the rule and I get a hit count on the role but I still can't login.

Hall of Fame Super Silver

WLC Lobby Admin with ACS 5.1

You need to define two different shell profiles, don't combine the two together.  For the wlc it is role1=ALL and for lobby its role1=LOBBY.

-Scott
*** Please rate helpful posts ***
Community Member

WLC Lobby Admin with ACS 5.1

I have two shell profiles configured,

Hall of Fame Super Silver

Re: WLC Lobby Admin with ACS 5.1

On your policy, it shows only WLC-Lobby as your shell profile.  One policy should have WLC-Admin and the other WLC-Lobby.

-Scott
*** Please rate helpful posts ***
Community Member

WLC Lobby Admin with ACS 5.1

I noticed that and corrected it, now I can login with full admin but not with Lobby admin.  I'm checking the debug logs now.

Hall of Fame Super Silver

WLC Lobby Admin with ACS 5.1

Double check you shell profile... might want to delete it and recreate it, if you are sure it is hitting that policy.

-Scott
*** Please rate helpful posts ***
Hall of Fame Super Silver

WLC Lobby Admin with ACS 5.1

Can you screen shot your command sets?

-Scott
*** Please rate helpful posts ***
Community Member

WLC Lobby Admin with ACS 5.1

Screen shot of command set,

Hall of Fame Super Silver

WLC Lobby Admin with ACS 5.1

Okay... I though you had something there that also might be causing an issue.

-Scott
*** Please rate helpful posts ***
Community Member

WLC Lobby Admin with ACS 5.1

I see in your configuration that you don't have the command set field, is that becuase you are using AD as the source for your users?

Hall of Fame Super Silver

WLC Lobby Admin with ACS 5.1

Correct... I can use internal user groups if I wanted to, but I'm just testing AD for now. 

-Scott
*** Please rate helpful posts ***
Community Member

WLC Lobby Admin with ACS 5.1

The debug for the Lobby account shows a space in the role,

*tplusTransportThread: Jan 24 14:40:10.751: arg[0] = [33][role1=                      LOBBY]

If I use a working account there is no space,

*tplusTransportThread: Jan 24 14:39:08.151: arg[0] = [9][role1=ALL]

I've checked the shell profile and don't see any spaces.

Hall of Fame Super Silver

WLC Lobby Admin with ACS 5.1

Thats the issue... just recreate it and make sure you don't have sapces in front of LOBBY... this was an issue with 5.1 and 5.2, but 5.3 fixed that.

-Scott
*** Please rate helpful posts ***

WLC Lobby Admin with ACS 5.1

can you rebuild the attribute, or try to put the cursor in front of LOBBY and backspace?

Steve

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
Community Member

WLC Lobby Admin with ACS 5.1

That fixed it, I just removed the spaces.  I'm going to upgrade to v5.3, I've been having this issue for other policy.

Thanks for the help.

1750
Views
5
Helpful
18
Replies
CreatePlease to create content