I think if you try a debug aaa tacacs on your controller, it must show the
attribute "role1 = ALL" before being logged.If you don't see this, then you
missed something.
I also had some problems using TACACS. I configured it right on 3 different
controllers at different times, and each time it didn't work on the 1st try. In
the debugs I could see the requests timed out, even if TACACS worked on another
device. I couldn't see any failure or success in the ACS logs for the WLC just
configured, but the other devices showed success.
Each time I was forced to stop/start the ACS and after that it worked.
Good thing to practice a lot ;)
Andre.
—
Sent from Mailbox for iPhone
On Sat, Feb 15, 2014 at 8:56 PM, Jay Killion (jakillio)
<[email protected]> wrote:
> Hi all -
> I wasted a bunch of time this morning on a stupid mistake. Long story short,
> I added ACS to my WLC for TACACS authentication but forgot to add it also for
> authorization. I grew increasingly frustrated as I focused my
> troubleshooting on ACS and could see that my authentication attempts were
> showing in ACS logs as successful. After beating my head against the wall
> for a while, I finally started again from scratch and realized what I had
> wrong.
> Here's my question though – is there any other way to see I would have forgot
> this other than looking at the controller config? What I mean is, had I
> forgotten to add ACS to the controller at all then it would have been evident
> since ACS logs wouldn't have shown any requests. Had I misconfigured a
> password, username, role, etc, I would have seen something in the ACS logs as
> well that would have pointed me in the right direction. Is there anything
> specific I could have seen in ACS that would have pointed out my omission of
> TACACS authorization on the WLC? Of course, I now know that if all looks
> like it's succeeding on ACS then that's my sign to check, but curious if
> there's anything that would have been more specific in pointing me to lack of
> authorization support.
> Thanks -
> Jay Killion, CCIE #17873 R/S
_______________________________________________
Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos ::
iPexpert on YouTube: www.youtube.com/ipexpertinc
