Hi Xristos, It seems you have extra space characters in your ACS after MONITOR: [role1=MONITOR*______________________*]
When adding arguments, ACS adds some extra spaces in the window. You have to manually delete these spaces. I had the same issue ;) Andre 2014-03-11 11:27 GMT+01:00 Xristos Stefaneskou <[email protected]>: > I changed the user's roles to has rights to Wireless and Wlan menu and > works fine. > > I created a new user with Monitor rights and still fails to login. > > Also tried to different WLC (2504&2106). > > It seems that the problem occurs only for MONITOR role. > > > > *tplusTransportThread: Mar 11 10:27:12.322: arg[0] = [14 > *][role1=WIRELESS]* > > > > *tplusTransportThread: Mar 11 10:27:12.322: arg[1] = [10*][role2=WLAN]* > > > > Regards, > > *Christos Stefaneskou* > > Network Engineer > > > > [image: Description: Description: Description: Description: Description: > Description: Description: cid:[email protected]] > > *[email protected] <[email protected]>* > > *TAC:* (+30) 2109548200 > > *Fax:* (+30) 2109548288 > > 206, Syggrou Avenue > > 17672 - Κallithea - Greece > > > > > > > > > > *From:* Xristos Stefaneskou > *Sent:* Tuesday, March 11, 2014 11:54 AM > *To:* [email protected] > *Subject:* Tacacs WLC access issue > > > > Hi team! > > > > I'm doing some ACS labs and I'm facing a strange problem. > > I have 2 users, user "wlcadmin" who has admin access and "consultan" who > has only monitor access. > > Admin access works fine but "consultan" no. > > Shell Profile is "role1=MONITOR" and from ACS logs i see that > authentication/authorization passes. > > I tried to change the role to "SECURITY" and i still receive the same > error. > > > > This is the debug Tacacs from WLC: > > > > *tplusTransportThread: Mar 11 09:42:12.753: arg[0] = *[9][role1=ALL]* > > > > *tplusTransportThread: Mar 11 09:42:12.753: > > User has the following mgmtRole fffffff8 > > *emWeb: Mar 11 09:42:12.754: %AAA-5-AAA_AUTH_ADMIN_USER: Authentication > succeeded for admin user 'wlcadmin' > > > > > > > > *tplusTransportThread: Mar 11 09:40:09.044: arg[0] = *[35][role1=MONITOR* > ] > > > > *tplusTransportThread: Mar 11 09:40:09.044: > > User has the following mgmtRole 0 > > *emWeb: Mar 11 09:40:09.045: %AAA-5-AAA_AUTH_NETWORK_USER: *Authentication > failed for network user 'consultan'* > > *emWeb: Mar 11 09:40:09.045: %EMWEB-1-LOGIN_FAILED: Login failed for the > user:consultan. Service-Type is not present or it doesn't allow READ/WRITE > permission.. > > > > > > Any thoughts? > > > > > > Best regards, > > *Christos Stefaneskou* > > Network Engineer > > > > [image: Description: Description: Description: Description: Description: > Description: Description: cid:[email protected]] > > *[email protected] <[email protected]>* > > *TAC:* (+30) 2109548200 > > *Fax:* (+30) 2109548288 > > 206, Syggrou Avenue > > 17672 - Κallithea - Greece > > > > > > > > > > _______________________________________________ > Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: > > iPexpert on YouTube: www.youtube.com/ipexpertinc >
<<inline: image001.jpg>>
_______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
