Hi Andre! You are right...5 hours wasted for this extra spaces!!! I always delete this spaces but I think this time I was only doing left with the arrow. Thanks for the solution.
Christos Stefaneskou Network Engineer [Description: Description: Description: Description: Description: Description: Description: cid:[email protected]] [email protected]<mailto:[email protected]> TAC: (+30) 2109548200 Fax: (+30) 2109548288 206, Syggrou Avenue 17672 - Κallithea - Greece From: Andre Aubet [mailto:[email protected]] Sent: Tuesday, March 11, 2014 12:33 PM To: Xristos Stefaneskou Cc: [email protected] Subject: Re: [OSL | CCIE_Wireless] Tacacs WLC access issue Hi Xristos, It seems you have extra space characters in your ACS after MONITOR: [role1=MONITOR______________________] When adding arguments, ACS adds some extra spaces in the window. You have to manually delete these spaces. I had the same issue ;) Andre 2014-03-11 11:27 GMT+01:00 Xristos Stefaneskou <[email protected]<mailto:[email protected]>>: I changed the user's roles to has rights to Wireless and Wlan menu and works fine. I created a new user with Monitor rights and still fails to login. Also tried to different WLC (2504&2106). It seems that the problem occurs only for MONITOR role. *tplusTransportThread: Mar 11 10:27:12.322: arg[0] = [14][role1=WIRELESS] *tplusTransportThread: Mar 11 10:27:12.322: arg[1] = [10][role2=WLAN] Regards, Christos Stefaneskou Network Engineer [Description: Description: Description: Description: Description: Description: Description: cid:[email protected]] [email protected]<mailto:[email protected]> TAC: (+30) 2109548200<tel:%28%2B30%29%202109548200> Fax: (+30) 2109548288<tel:%28%2B30%29%202109548288> 206, Syggrou Avenue 17672 - Κallithea - Greece From: Xristos Stefaneskou Sent: Tuesday, March 11, 2014 11:54 AM To: [email protected]<mailto:[email protected]> Subject: Tacacs WLC access issue Hi team! I'm doing some ACS labs and I'm facing a strange problem. I have 2 users, user "wlcadmin" who has admin access and "consultan" who has only monitor access. Admin access works fine but "consultan" no. Shell Profile is "role1=MONITOR" and from ACS logs i see that authentication/authorization passes. I tried to change the role to "SECURITY" and i still receive the same error. This is the debug Tacacs from WLC: *tplusTransportThread: Mar 11 09:42:12.753: arg[0] = [9][role1=ALL] *tplusTransportThread: Mar 11 09:42:12.753: User has the following mgmtRole fffffff8 *emWeb: Mar 11 09:42:12.754: %AAA-5-AAA_AUTH_ADMIN_USER: Authentication succeeded for admin user 'wlcadmin' *tplusTransportThread: Mar 11 09:40:09.044: arg[0] = [35][role1=MONITOR ] *tplusTransportThread: Mar 11 09:40:09.044: User has the following mgmtRole 0 *emWeb: Mar 11 09:40:09.045: %AAA-5-AAA_AUTH_NETWORK_USER: Authentication failed for network user 'consultan' *emWeb: Mar 11 09:40:09.045: %EMWEB-1-LOGIN_FAILED: Login failed for the user:consultan. Service-Type is not present or it doesn't allow READ/WRITE permission.. Any thoughts? Best regards, Christos Stefaneskou Network Engineer [Description: Description: Description: Description: Description: Description: Description: cid:[email protected]] [email protected]<mailto:[email protected]> TAC: (+30) 2109548200<tel:%28%2B30%29%202109548200> Fax: (+30) 2109548288<tel:%28%2B30%29%202109548288> 206, Syggrou Avenue 17672 - Κallithea - Greece _______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc<http://www.youtube.com/ipexpertinc>
<<inline: image001.jpg>>
_______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
