TACACS+ roles not working on WLC 5508

I have read the documentation and configured tacacs+ correctly but when I log in to the 5508 I am seeing all the menu pages regardless of the role I set on the ACS. Am I missing something?

Hi Jang,
You will see all tabs as read only but will get rw access only to Security Tab.
Regards
Don't forget to rate helpful posts

Similar Messages

TACACS is not working in 7206 VXR

Hi all,
TACACS is not working in my 7206 VXR.When i am telneting in to router it is showing Authorization Failed.I can able to login using console.
KEY is same b/w router and the server .Please help.
7206(config)#do sh run | in aaa|tacacs
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ local if-authenticated
aaa authorization commands 15 default group tacacs+ local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa session-id common
ip tacacs source-interface Loopback0
tacacs-server host 202.148.202.174
tacacs-server key 7 073D055B42291A413630384D2E
GURG-7206-EDGE1(config)#do ping 202.148.202.174 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.148.202.174, timeout is 2 seconds:
Packet sent with a source address of 202.148.199.196
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/43/44 ms

It is most likely a configuration or rechability issue. Double check
that you've got the right IP in the config, and that there's nothing
interfering with UDP between the two. With tacacs, it's good idea
to have known backup telnet & enable passwords, this same kind of
thing can happen when you have a badly congested link or some kind of
network problem and life is better when you can get into the router.

AIR-CAP1602I-E-K9 Not Talking to WLC 5508

hi all,
can't seem to get my APs to talk to WLC 5508.
can someone advise which WLC firmware to use and where can i get/download (link pls).
currently WLC is running 6.0.199.4.
Mar 1 00:00:47.839: %CDP_PD-4-POWER_OK: All radios disabled - NEGOTIATED inlin
e power source
*Mar 1 00:00:53.931: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:00:55.963: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP addre
ss 172.28.159.15, mask 255.255.255.192, hostname APfc99.47a3.4d22
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
*Mar 1 00:01:06.899: %CAPWAP-3-ERRORLOG: Did not get log server settings from D
HCP.
*Mar 1 00:01:15.899: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROL
LER
*Mar 1 00:01:15.899: %CAPWAP-3-ERRORLOG: Discovery response from MWAR 'Cisco_f8
:72:64'running version 6.0.199.4 is rejected.    <<<<
APfc99.47a3.4d22>sh ve
Cisco IOS Software, C1600 Software (AP1G2-RCVK9W8-M), Version 15.2(2)JB, RELEASE
SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Tue 11-Dec-12 04:52 by prod_rel_team
ROM: Bootstrap program is C1600 boot loader
BOOTLDR: C1600 Boot Loader (AP1G2-BOOT-M) LoaderVersion 15.2(2)JAX, RELEASE SOFT
WARE (fc1)
APfc99.47a3.4d22 uptime is 11 minutes
System returned to ROM by power-on
System image file is "flash:/ap1g2-rcvk9w8-mx/ap1g2-rcvk9w8-mx"
Last reload reason:
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco AIR-CAP1602I-E-K9    (PowerPC) processor (revision B0) with 98294K/32768K
bytes of memory.
Processor board ID FGL1726W6DQ
PowerPC CPU at 533Mhz, revision number 0x2151
Last reset from power-on
LWAPP image version 7.4.1.37
1 Gigabit Ethernet interface
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: FC:99:47:A3:4D:22
Part Number                          : 73-14671-04
PCA Assembly Number                  : 000-00000-00
PCA Revision Number                  :
PCB Serial Number                    : FOC17182J4J
Top Assembly Part Number             : 800-38552-01
Top Assembly Serial Number           : FGL1726W6DQ
Top Revision Number                  : A0
Product/Model Number                 : AIR-CAP1602I-E-K9
Configuration register is 0xF

Hi,
Date and time is ok on the WLC,
I configured Accept Self Signed Certificate (SSC) under Security / AP policy, once done the WLC recognized the AP, but output from the console of the AP power cycle the access point is:
IOS Bootloader - Starting system.
FLASH CHIP: Micronix MX25L256_35F
Xmodem file system is available.
flashfs[0]: 5 files, 2 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 31936000
flashfs[0]: Bytes used: 6551040
flashfs[0]: Bytes available: 25384960
flashfs[0]: flashfs fsck took 9 seconds.
Reading cookie from SEEPROM
Base Ethernet MAC address: 4c:00:82:9a:47:a3
************* loopback_mode = 0
Loading "flash:/ap1g2-rcvk9w8-mx/ap1g2-rcvk9w8-mx"...####################
File "flash:/ap1g2-rcvk9w8-mx/ap1g2-rcvk9w8-mx" uncompressed and installed, entr
y point: 0x100000
executing...
              Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706
Cisco IOS Software, C1600 Software (AP1G2-RCVK9W8-M), Version 15.2(2)JB, RELEASE
SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Tue 11-Dec-12 04:52 by prod_rel_team
Initializing flashfs...
FLASH CHIP: Micronix MX25L256_35F
flashfs[2]: 5 files, 2 directories
flashfs[2]: 0 orphaned files, 0 orphaned directories
flashfs[2]: Total bytes: 31808000
flashfs[2]: Bytes used: 6551040
flashfs[2]: Bytes available: 25256960
flashfs[2]: flashfs fsck took 9 seconds.
flashfs[2]: Initialization complete.
flashfs[3]: 0 files, 1 directories
flashfs[3]: 0 orphaned files, 0 orphaned directories
flashfs[3]: Total bytes: 11999232
flashfs[3]: Bytes used: 1024
flashfs[3]: Bytes available: 11998208
flashfs[3]: flashfs fsck took 1 seconds.
flashfs[3]: Initialization complete....done Initializing flashfs.
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
memory validate-checksum 30
^
% Invalid input detected at '^' marker.
no ip http server
       ^
% Invalid input detected at '^' marker.
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
login authentication default
^
% Invalid input detected at '^' marker.
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Warning: the compile-time code checksum does not appear to be present.
cisco AIR-CAP1602I-N-K9    (PowerPC) processor (revision B0) with 98294K/32768K
bytes of memory.
Processor board ID FGL1730S57A
PowerPC CPU at 533Mhz, revision number 0x2151
Last reset from power-on
LWAPP image version 7.4.1.37
1 Gigabit Ethernet interface
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 4C:00:82:9A:47:A3
Part Number                          : 73-14671-04
PCA Assembly Number                  : 000-00000-00
PCA Revision Number                  :
PCB Serial Number                    : FOC17284HL9
Top Assembly Part Number             : 800-38552-01
Top Assembly Serial Number           : FGL1730S57A
Top Revision Number                  : A0
Product/Model Number                 : AIR-CAP1602I-N-K9
% Please define a domain-name first.
logging facility kern
        ^
% Invalid input detected at '^' marker.
logging trap emergencies
        ^
% Invalid input detected at '^' marker.
Press RETURN to get started!
*Mar 1 00:00:12.451: %LWAPP-3-CLIENTERRORLOG: Config load from flash failed. In
itialising Cfg
*Mar 1 00:00:13.683: %LINK-6-UPDOWN: Interface GigabitEthernet0, changed state
to up
*Mar 1 00:00:14.687: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEth
ernet0, changed state to up
*Mar 1 00:00:15.123: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1600 Software (AP1G2-RCVK9W8-M), Version 15.2(2)JB, RELEASE
SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Tue 11-Dec-12 04:52 by prod_rel_team
*Mar 1 00:00:15.151: %LWAPP-3-CLIENTERRORLOG: Config load from flash failed. In
itialising Cfg
*Mar 1 00:00:15.151: %CAPWAP-3-ERRORLOG: Failed to load configuration from flas
h. Resetting to default config
*Mar 1 00:00:16.195: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, chan
ged state to uplwapp_crypto_init: MIC Present and Parsed Successfully
no bridge-group 1 source-learning
                   ^
% Invalid input detected at '^' marker.
%Default route without gateway, if not a point-to-point interface, may impact pe
rformance
*Mar 1 00:00:48.695: %CDP_PD-4-POWER_OK: All radios disabled - INJECTOR_CONFIGU
RED_ON_SOURCE inline power source
*Mar 1 00:00:48.923: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP addre
ss 10.2.3.100, mask 255.255.255.0, hostname AP4c00.829a.47a3
Translating "CISCO-CAPWAP-CONTROLLER.campeche.ecosur.mx"...domain server (10.2.3
.10) [OK]
*Mar 1 00:00:59.915: %CAPWAP-3-ERRORLOG: Did not get log server settings from D
HCP.
*Mar 1 00:00:59.919: %CAPWAP-3-ERRORLOG: Dropping dtls packet since session is
not established. A0203E6, 147E, A020364, A47B, 0
*Mar 1 00:01:09.915: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Jan 29 09:33:18.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_i
p: 10.2.3.230 peer_port: 5246
*Jan 29 09:33:18.535: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully
peer_ip: 10.2.3.230 peer_port: 5246
*Jan 29 09:33:18.535: %CAPWAP-5-SENDJOIN: sending Join Request to 10.2.3.230
*Jan 29 09:33:23.535: %CAPWAP-5-SENDJOIN: sending Join Request to 10.2.3.230
logging facility kern
        ^
% Invalid input detected at '^' marker.
logging trap emergencies
        ^
% Invalid input detected at '^' marker.
*Jan 29 09:34:17.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.
2.3.230:5246
*Jan 29 09:34:17.999: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led sta
te 255
*Jan 29 09:34:17.999: %LWAPP-3-CLIENTERRORLOG: Config load from flash failed. In
itialising Cfg
*Jan 29 09:34:17.999: %CAPWAP-3-ERRORLOG: Failed to load configuration from flas
h. Resetting to default config
*Jan 29 09:34:28.015: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Jan 29 09:34:28.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_i
p: 10.2.3.230 peer_port: 5246
*Jan 29 09:34:28.535: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully
peer_ip: 10.2.3.230 peer_port: 5246
*Jan 29 09:34:28.535: %CAPWAP-5-SENDJOIN: sending Join Request to 10.2.3.230
*Jan 29 09:34:33.535: %CAPWAP-5-SENDJOIN: sending Join Request to 10.2.3.230
and debug command output enable CAPWAP events
(Cisco Controller) >debug capwap events enable
(Cisco Controller) >*spamApTask7: Jan 29 03:39:08.092: acDtlsPlumbControlPlaneKeys: lrad:10.2.3.100(42107) mwar:10.2.3.230(5246)
*spamApTask7: Jan 29 03:39:08.093: 4c:00:82:9a:47:a0 DTLS keys for Control Plane deleted successfully for AP 10.2.3.100
*spamApTask7: Jan 29 03:39:08.100: 4c:00:82:9a:47:a0 DTLS connection closed event receivedserver (10.2.3.230/5246) client (10.2.3.100/42107)
*spamApTask7: Jan 29 03:39:08.100: 4c:00:82:9a:47:a0 Entry exists for AP (10.2.3.100/42107)
*spamApTask7: Jan 29 03:39:08.100: 4c:00:82:9a:47:a0 No AP entry exist in temporary database for 10.2.3.100:42107
*spamApTask7: Jan 29 03:39:08.104: 4c:00:82:9a:47:a0 Discovery Request from 10.2.3.100:42107
*spamApTask7: Jan 29 03:39:08.104: 4c:00:82:9a:47:a0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 500, joined Aps =0
*spamApTask7: Jan 29 03:39:08.104: apModel:
*spamApTask7: Jan 29 03:39:08.104: apType = 38 apModel:
*spamApTask0: Jan 29 03:39:08.105: 4c:00:82:9a:47:a3 Received LWAPP DISCOVERY REQUEST to 6c:41:6a:5f:95:2f on port '13'
*spamApTask0: Jan 29 03:39:08.105: 4c:00:82:9a:47:a3 Discarding discovery request in LWAPP from AP supporting CAPWAP
*spamApTask7: Jan 29 03:39:08.105: 4c:00:82:9a:47:a0 Discovery Response sent to 10.2.3.100 port 42107
*spamApTask7: Jan 29 03:39:08.105: 4c:00:82:9a:47:a0 Discovery Response sent to 10.2.3.100:42107
*spamApTask7: Jan 29 03:39:08.105: 4c:00:82:9a:47:a0 Discovery Request from 10.2.3.100:42107
*spamApTask7: Jan 29 03:39:08.105: 4c:00:82:9a:47:a0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 500, joined Aps =0
*spamApTask7: Jan 29 03:39:08.105: apModel:
*spamApTask7: Jan 29 03:39:08.105: apType = 38 apModel:
*spamApTask7: Jan 29 03:39:08.105: 4c:00:82:9a:47:a0 Discovery Response sent to 10.2.3.100 port 42107
*spamApTask7: Jan 29 03:39:08.105: 4c:00:82:9a:47:a0 Discovery Response sent to 10.2.3.100:42107
*spamApTask7: Jan 29 03:39:08.105: 4c:00:82:9a:47:a0 Discovery Request from 10.2.3.100:42107
*spamApTask7: Jan 29 03:39:08.105: 4c:00:82:9a:47:a0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 500, joined Aps =0
*spamApTask7: Jan 29 03:39:08.105: apModel:
*spamApTask7: Jan 29 03:39:08.105: apType = 38 apModel:
*spamApTask7: Jan 29 03:39:08.106: 4c:00:82:9a:47:a0 Discovery Response sent to 10.2.3.100 port 42107
(Cisco Controller) >*spamApTask7: Jan 29 03:39:08.106: 4c:00:82:9a:47:a0 Discovery Response sent to 10.2.3.100:42107
*spamApTask7: Jan 29 03:39:18.104: 4c:00:82:9a:47:a3 DTLS connection not found, creating new connection for 10:2:3:100 (42107) 10:2:3:230 (5246)
*spamApTask7: Jan 29 03:39:18.638: acDtlsPlumbControlPlaneKeys: lrad:10.2.3.100(42107) mwar:10.2.3.230(5246)
*spamApTask7: Jan 29 03:39:18.638: 4c:00:82:9a:47:a3 Allocated index from main list, Index: 397
*spamApTask7: Jan 29 03:39:18.638: 4c:00:82:9a:47:a3 Using CipherSuite AES128-SHA
*spamApTask7: Jan 29 03:39:18.638: 4c:00:82:9a:47:a3 DTLS keys for Control Plane are plumbed successfully for AP 10.2.3.100. Index 398
*spamApTask6: Jan 29 03:39:18.638: 4c:00:82:9a:47:a3 DTLS Session established server (10.2.3.230:5246), client (10.2.3.100:42107)
*spamApTask6: Jan 29 03:39:18.638: 4c:00:82:9a:47:a3 Starting wait join timer for AP: 10.2.3.100:42107
*spamApTask7: Jan 29 03:39:23.636: 4c:00:82:9a:47:a0 Join Request from 10.2.3.100:42107
*spamApTask7: Jan 29 03:39:23.636: 4c:00:82:9a:47:a3 Deleting AP entry 10.2.3.100:42107 from temporary database.
*spamApTask7: Jan 29 03:39:23.637: 4c:00:82:9a:47:a0 MIC AP is not allowed to join by config
*spamApTask7: Jan 29 03:39:23.637: 4c:00:82:9a:47:a0 Join Request failed!

Cisco CAP 3702I not registered with WLC 5508.

I Have WLC 5508 in my network. Now i need to add another 2 no of cisco CAP 3702I in to my network. But we got the following errors
*Mar 1 01:27:06.359: %CAPWAP-3-ERRORLOG: Discovery response from MWAR 'WLC'runn
ing version 7.3.101.0 is rejected.
*Mar 1 01:27:06.359: %CAPWAP-3-ERRORLOG: Failed to decode discovery response.
*Mar 1 01:27:06.359: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process m
essage type 2 state 2.
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
*Mar 1 01:27:25.359: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROL
LER
*Mar 1 01:27:25.363: %CAPWAP-3-ERRORLOG: Discovery response from MWAR 'WLC'runn
ing version 7.3.101.0 is rejected.
*Mar 1 01:27:25.363: %CAPWAP-3-ERRORLOG: Failed to decode discovery response.
*Mar 1 01:27:25.363: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process m
essage type 2 state 2.
*Mar 1 01:27:25.363: %CAPWAP-3-ERRORLOG: Failed to handle capwap control messag
e from controller
*Mar 1 01:27:25.363: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap p
acket from 10.56.200.201
*Mar 1 01:27:25.363: %CAPWAP-3-ERRORLOG: Discovery response from MWAR 'WLC'runn
ing version 7.3.101.0 is rejected.
*Mar 1 01:27:25.363: %CAPWAP-3-ERRORLOG: Failed to decode discovery response.
*Mar 1 01:27:25.363: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process m
essage type 2 state 2.
*Mar 1 01:27:06.359: %CAPWAP-3-ERRORLOG: Discovery response from MWAR 'WLC'runn
ing version 7.3.101.0 is rejected.
*Mar 1 01:27:06.359: %CAPWAP-3-ERRORLOG: Failed to decode discovery response.
*Mar 1 01:27:06.359: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process m
essage type 2 state 2.
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
*Mar 1 01:27:25.359: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROL
LER
*Mar 1 01:27:25.363: %CAPWAP-3-ERRORLOG: Discovery response from MWAR 'WLC'runn
ing version 7.3.101.0 is rejected.
*Mar 1 01:27:25.363: %CAPWAP-3-ERRORLOG: Failed to decode discovery response.
*Mar 1 01:27:25.363: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process m
essage type 2 state 2.
*Mar 1 01:27:25.363: %CAPWAP-3-ERRORLOG: Failed to handle capwap control messag
e from controller
*Mar 1 01:27:25.363: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap p
acket from 10.56.200.201
*Mar 1 01:27:25.363: %CAPWAP-3-ERRORLOG: Discovery response from MWAR 'WLC'runn
ing version 7.3.101.0 is rejected.
*Mar 1 01:27:25.363: %CAPWAP-3-ERRORLOG: Failed to decode discovery response.
*Mar 1 01:27:25.363: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process m
essage type 2 state 2.

Your WLC seems to be running version 7.3 which is not supported with 37xx AP platform.
You need to run WLC with version 7.6.100.0 onwards to support these new AP's.
For more details check the Wireless Software Compatibility Matrix.
-Thanks
Vinod
**Encourage Contributors. RATE Them.**

Web Auth page not working on WLC

I have a WLC 4402 and I upgraded the s/w from 4.1 to 4.2.176 since I did the web auth on my Guest wlan does not work. I can connect to the wireless ok and when I type in a web address I should get the web auth page but I just get "This page cannot be displayed". However if i type in the ip address of the WLC in the addrsss bar I get the web auth page and it work fine form then on. The web auth page worked fine on ver 4.1. Any ideas?

I opened a TAC case this morning on this same problem, and my solution is what is listed above (config network secureweb cipher-option sslv2 enable)
Basically, SSLv2 is disabled in 4.2. The Default is now SSLv3.
Depending on your Internet settings, if IE is configured to use SSLv2, the webpage will not work.
So in internet explorer, tools, internet options, advanced, There will be a checkbox next to Use SSLv2. (Even if Use SSLv3 is enabled, you still have the https issue).
Basically, my issues was that a select few users could not Web authenticate and a select few admins couldn't HTTPS manage the GUI. Turns out in all cases, the computers that were all able to work, did not have SSLv2 enabled.
By enabling SSLv2, all affected users now work (I think).

Inital configuration not saving in WLC 5508

Hi Team,
We having some issue with the wlc 5508 after configuring the initial setup it saved and ask for reboot but after it reboots again it is asking for the initial configuration again.
It is repeating the same
Please help on this issue.
Regards,
Arun

i have the same problem but i reboot and save config the device after months when i got the 0 access points supported on WLC after reboot all the new configuration weren't saved only the old configuration from 2 to 3 months old
and on AP i got the max no. of ap has reached
and those AP that dis-joint were joint to wlc a day before
the wlc supported 50 ap only 7 are joint and 11 were disjoint after 2 months

TACACS+ not working on WLC

Hi All,
I have configured tacacs for WLC. But I am not able to login to WLC using TACACS username and password.
Getting following message
Tue Sep 22 15:26:50 2009: Forwarding request to 10.0.0.1
6 port=49
Tue Sep 22 15:26:50 2009: tplus response: type=1 seq_no=2 session_id=ecf27238 le
ngth=6 encrypted=0
Tue Sep 22 15:26:50 2009: TPLUS_AUTHEN_STATUS = UNKNOWN(1)
Thanks
Jamal.S

There is radius happening on the auth portion of the WLC.
There seems to be a misconfiguration issue.
What do the ACS failed logs say?
Can you make sure you followed exactly:
http://cisco.com/en/US/docs/wireless/controller/6.0/configuration/guide/c60sol.html#wpmkr1261119

Cisco AIR-LAP1041N-E-K9 not working with WLC 4402 version 7.0.116.0

Hi All,
appreciate your support for a problem i started facing today. i have a Cisco WLC 4402 running version 7.0.116.0 and it is working great with 25 Cisco 1252 APs. we have recieved a new 20 Cisco 1041N APs today and i installed one in our site but it doesn't work. it worked fine and loaded the image from flash and got the WLC ip address through DHCP option and started showing the below error:
*Mar 1 00:00:10.021: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed
*Mar 1 00:00:10.033: *** CRASH_LOG = YES
*Mar 1 00:00:10.333: Port 1 is not presentSecurity Core found.
Base Ethernet MAC address: C8:9C:1D:53:57:5E
*Mar 1 00:00:11.373: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0
*Mar 1 00:00:11.465: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log (contains, 1088 messages)
*Mar 1 00:00:11.494: status of voice_diag_test from WLC is false
*Mar 1 00:00:12.526: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:13.594: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:13.647: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1040 Software (C1140-K9W8-M), Version 12.4(23c)JA2, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Wed 13-Apr-11 12:50 by prod_rel_team
*Mar 1 00:00:13.647: %SNMP-5-COLDSTART: SNMP agent on host APc89c.1d53.575e is undergoing a cold start
*Mar 1 00:08:59.062: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Mar 1 00:08:59.062: bsnInitRcbSlot: slot 1 has NO radio
*Mar 1 00:08:59.138: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar 1 00:08:59.837: %SSH-5-ENABLED: SSH 2.0 has been enabled
*Mar 1 00:09:00.145: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Mar 1 00:09:09.136: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigned DHCP address 172.16.26.81, mask 255.255.255.0, hostname APc89c.1d53.575e
*Mar 1 00:09:17.912: %PARSER-4-BADCFG: Unexpected end of configuration file.
*Mar 1 00:09:17.912: status of voice_diag_test from WLC is false
*Mar 1 00:09:17.984: Logging LWAPP message to 255.255.255.255.
*Mar 1 00:09:19.865: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
*Mar 1 00:09:19.886: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 1 00:09:20.873: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Mar 1 00:09:20.874: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 started - CLI initiated
Translating "CISCO-CAPWAP-CONTROLLER.atheertele.com"...domain server (172.16.40.240)
*Mar 1 00:09:29.029: %CAPWAP-5-DHCP_OPTION_43: Controller address 172.16.100.102 obtained through DHCP
*May 25 08:27:02.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:02.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*May 25 08:27:03.175: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:03.177: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
*May 25 08:27:03.177: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*May 25 08:27:03.329: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*May 25 08:27:03.333: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
*May 25 08:27:03.333: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
*May 25 08:27:03.333: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
*May 25 08:27:03.378: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:03.378: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:03.378: bsnInitRcbSlot: slot 1 has NO radio
*May 25 08:27:03.448: status of voice_diag_test from WLC is false
*May 25 08:27:14.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:14.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*May 25 08:27:15.185: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:15.186: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
*May 25 08:27:15.186: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*May 25 08:27:15.330: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*May 25 08:27:15.333: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
*May 25 08:27:15.334: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
*May 25 08:27:15.334: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
*May 25 08:27:15.379: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:15.379: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:15.379: bsnInitRcbSlot: slot 1 has NO radio
*May 25 08:27:15.450: status of voice_diag_test from WLC is false
*May 25 08:27:26.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:26.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*May 25 08:27:27.182: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:27.183: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
*May 25 08:27:27.184: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*May 25 08:27:27.329: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*May 25 08:27:27.333: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
*May 25 08:27:27.333: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
*May 25 08:27:27.333: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
*May 25 08:27:27.377: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:27.377: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:27.377: bsnInitRcbSlot: slot 1 has NO radio
*May 25 08:27:27.433: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*May 25 08:27:27.446: %PARSER-4-BADCFG: Unexpected end of configuration file.
*May 25 08:27:27.447: status of voice_diag_test from WLC is false
*May 25 08:27:27.448: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*May 25 08:27:27.456: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*May 25 08:27:38.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:38.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*May 25 08:27:39.183: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:39.184: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
*May 25 08:27:39.184: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*May 25 08:27:39.326: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*May 25 08:27:39.329: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
*May 25 08:27:39.329: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
*May 25 08:27:39.330: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
*May 25 08:27:39.375: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:39.375: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:39.375: bsnInitRcbSlot: slot 1 has NO radio
*May 25 08:27:39.446: status of voice_diag_test from WLC is false
*May 25 08:27:49.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:49.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*May 25 08:27:50.179: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:50.180: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
*May 25 08:27:50.180: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*May 25 08:27:50.323: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*May 25 08:27:50.326: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
*May 25 08:27:50.326: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
*May 25 08:27:50.326: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
*May 25 08:27:50.370: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:50.370: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:50.370: bsnInitRcbSlot: slot 1 has NO radio
*May 25 08:27:50.425: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*May 25 08:27:50.438: %PARSER-4-BADCFG: Unexpected end of configuration file.
i searched for the regulatory domains difference between AIR-LAP1041N-E-K9 and AIR-LAP1041N-A-K9 and didn't find any difference that may affect the operation of this AP.
just to mention that our configuration in WLC for regulatory domains is:
Configured Country Code(s) AR
Regulatory Domain 802.11a: -A
802.11bg: -A
My question is, should i only include my country in the WLC (IQ) to add the requlatry domain (-E) to solve this problem? or changing the country will affect the operation of all working APs??
Appreciate your kind support,
Wisam Q.

Hi Ramon,
thank you for the reply but as shown in the below link:
http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html#wp233793
the WLC in version 7.0.116.0 supports Cisco 1040 seiries APs.
Thanks,
Wisam Q.

Granting privilege through role not working for PL/SQL

Version: 11.2.0.2
In our shop, we don't grant privileges directly to a user, we grant it to a role and grant that role to the intended grantee.
Granting privileges through a role seems to be fine with SQL Engine. But it doesn't work from PL/SQL engine.
In the below example GLS_DEV user is granted SELECT access on SCOTT.pets table through a role called tstrole. GLS_DEV can select this table from SQL. But PL/SQL Engine doesn't seem to know this.
Reproducing the issue:
SQL> show user
USER is "SCOTT"
SQL> select * from pets;
NAME
PLUTO
SQL> conn / as sysdba
Connected.
SQL> create user GLS_DEV identified by test1234 default tablespace TSTDATA;
User created.
SQL> alter user GLS_DEV quota 25m on TSTDATA;
User altered.
SQL> grant create session, resource to GLS_DEV;
Grant succeeded.
--- Granting SELECT privilege on scott.pets to tstrole and then grant this role to GLS_DEV.
SQL> conn / as sysdba
Connected.
SQL>
SQL> create role tstrole;
Role created.
SQL> grant select on scott.pets to tstrole;
Grant succeeded.
SQL> grant tstrole to GLS_DEV;
Grant succeeded.
SQL> conn GLS_DEV/test1234
Connected.
SQL>
SQL> select * From scott.pets;
NAME
PLUTO
---- All fine till here. From SQL engine , GLS_DEV user can SELECT scott.pets table.
--- Now , I am going to create a PL/SQL object in GLS_DEV which tries to refer scott.pets
SQL> show user
USER is "GLS_DEV"
create or replace procedure my_proc
is
myvariable varchar2(35);
begin
     select name into myvariable from scott.pets ;
     dbms_output.put_line(myvariable);
end my_proc;
Warning: Procedure created with compilation errors.
SQL> show errors
Errors for PROCEDURE MY_PROC:
LINE/COL ERROR
6/2      PL/SQL: SQL Statement ignored
6/41     PL/SQL: ORA-01031: insufficient privileges
SQL>
SQL> 6
6*    select name into myvariable from scott.pets ;
--- PL/SQL Engine doesn't seem to know that GLS_DEV has select privilege on scott.pets indirectly granted through a role
--- Fix
--- Instead of granting privilege through a role, I am granting the SELECT privilege on scott.pets to GLS_DEV directly.
--- The error goes away, I can compile and execute the procedure !!
SQL> conn / as sysdba
Connected.
SQL>
SQL> grant select on scott.pets to GLS_DEV;
Grant succeeded.
SQL> conn GLS_DEV/test1234
Connected.
SQL>
SQL> create or replace procedure my_proc
is
myvariable varchar2(35);
begin
        select name into myvariable from scott.pets ;
        dbms_output.put_line(myvariable);
end my_proc; 2    3    4    5    6    7    8    9   10
11 /
Procedure created.
SQL> set serveroutput on
SQL> exec my_proc;
PLUTO
PL/SQL procedure successfully completed.Has anyone encountered the same issue ?

You really should start your own new thread for this question instead of resurrecting an old one, but to answer your question.
There are two things going on here. First, there are a number of aler session commands that can be used by any user regardless of what privileges they are granted. Although I do not have the entire list at hand, things like nls_date_format and current_schema are available to all users, sort of like the grants to public in the data dictionary.
Second, when you use execute immediate, the PL/SQL engine never really sees the statement, as far as the compiler is concerned it is just a string. It is only when the string is passed to the sql engine that permissions are checked, and there roles are not enabled.
SQL> create role t_role;
Role created.
SQL> grant select on ops$oracle.t to t_role;
Grant succeeded.
SQL> create user a identified by a default tablespace users;
User created.
SQL> grant create session, create procedure to a;
Grant succeeded.
SQL> grant t_role to a;
Grant succeeded.
SQL> connect a/a
Connected.
SQL> select * from ops$oracle.t;
        ID DESCR
         1 One
         1 Un
SQL> create function f (p_descr in varchar2) return number as
2     l_num number;
3 begin
4     select id into l_num
5     from ops$oracle.t
6     where descr = p_descr;
7     return l_num;
8 end;
9 /
Warning: Function created with compilation errors.
SQL> show error
Errors for FUNCTION F:
LINE/COL ERROR
4/4      PL/SQL: SQL Statement ignored
5/20     PL/SQL: ORA-00942: table or view does not exist
SQL> create or replace function f (p_descr in varchar2) return number as
2     l_num number;
3 begin
4     execute immediate 'select id from ops$oracle.t where descr = :b1'
5                       into l_num using p_descr;
6     return l_num;
7 end;
8 /
Function created.
SQL> select f('One') from dual;
select f('One') from dual
ERROR at line 1:
ORA-00942: table or view does not exist
ORA-06512: at "A.F", line 4John

WLC 2106_AP-1131_dell vostro 14 v3446 wifi not working with WLC

Hi,
I'm facing issue with newly purchased Dell laptops(dell vostro 14 v3446) are not able to join in WLC.
I have check WLAN profile for these laptops ,all mapped correct,but laptops not able to join the same profile.
Only one(newly purchased) laptop is working fine with WLC profile,remaining laptop all config is same but not getting connected with WLC.
Laptop wifi is working with another vendor APs.
But this particular profile working with my exciting user's laptop perfectly.
WLC/-AIR-WLC2106-K9-Firmware version—6.0.199.4
AP-AIR-LAP1131AG-A-K9.
Please advice me here to resolve this problem.
regards,vijesh
This was posted in lieu of blog https://supportforums.cisco.com/node/12292096 which was deleted since questions should be questions as discussions as not as blogs ;-)

Hi Leo,
Thanks for your response.
Client laptop trying to connect the SSID and once authentication key entered ,it will try for a while then error message come "could not connect...."
As our suggested,i will create new profile with open authentication,then try to connect the laptop.
we have planned to upgrade WLC firmware in coming weekend.

Roles not working correctly

Hi,
Recently I have noticed an issue with how the Roles function on our server works.
We have two Roles per computer in the Database. One role specifies the Task Sequence and any other specific details and the other role specifies any additional application that need installing. This has been working perfectly for us for the last 2/3 years
but over the Christmas period it has changed it`s behaviour. The application role now no longer seems to apply the additional applications. I am a bit confused why this is because nothing has changed and it is behaving in an unpredictable manor.
What I mean by that is if I remove the role that adds the task sequence and add the content of that role direct to the machine I run into the same issue. If I just remove the role with the task sequence and do nothing else it doesn't image, so it is looking
at the roles. I have tried other roles that are applications specific to see if it was is that role in particular but it made no difference.
I have run out of idea now so if anyone has come across this or if thee is anything I can try please let me know.
here is my cs.ini
[Settings]
Priority=CSettings, CPackages, CApps, CAdmins, CRoles, Locations, LSettings, LPackages, LApps, LAdmins, LRoles, MMSettings, MMPackages, MMApps, MMAdmins, MMRoles, RSettings, RPackages, RApps, RAdmins,
Properties=MyCustomProperty
[Default]
OSInstall=Y
SkipCapture=NO
SkipAdminPassword=YES
SkipProductKey=YES
SkipComputerBackup=YES
SkipBitLocker=YES
SkipLocaleSelection=Yes
SkipTimeZone=Yes
SkipUserData=Yes
SkipSummary=Yes
EventService=http://servername:9800
TimeZoneName=GMT Standard Time
UILanguage=en-GB
userLocale=en-GB
keyboardLocale=en-GB
[CSettings]
SQLServer=DBSEVERNAME
Database=MDT2012
Netlib=DBMSSOCN
Table=ComputerSettings
Parameters=UUID, AssetTag, SerialNumber, MacAddress
ParameterCondition=OR
[CPackages]
SQLServer=DBSEVERNAME
Database=MDT2012
Netlib=DBMSSOCN
Table=ComputerPackages
Parameters=UUID, AssetTag, SerialNumber, MacAddress
ParameterCondition=OR
Order=Sequence
[CApps]
SQLServer=DBSEVERNAME
Database=MDT2012
Netlib=DBMSSOCN
Table=ComputerApplications
Parameters=UUID, AssetTag, SerialNumber, MacAddress
ParameterCondition=OR
Order=Sequence
[CAdmins]
SQLServer=DBSEVERNAME
Database=MDT2012
Netlib=DBMSSOCN
Table=ComputerAdministrators
Parameters=UUID, AssetTag, SerialNumber, MacAddress
ParameterCondition=OR
[CRoles]
SQLServer=DBSEVERNAME
Database=MDT2012
Netlib=DBMSSOCN
Table=ComputerRoles
Parameters=UUID, AssetTag, SerialNumber, MacAddress
ParameterCondition=OR
[Locations]
SQLServer=DBSEVERNAME
Database=MDT2012
Netlib=DBMSSOCN
Table=Locations
Parameters=DefaultGateway
[LSettings]
SQLServer=DBSEVERNAME
Database=MDT2012
Netlib=DBMSSOCN
Table=LocationSettings
Parameters=DefaultGateway
[LPackages]
SQLServer=DBSEVERNAME
Database=MDT2012
Netlib=DBMSSOCN
Table=LocationPackages
Parameters=DefaultGateway
Order=Sequence
[LApps]
SQLServer=DBSEVERNAME
Database=MDT2012
Netlib=DBMSSOCN
Table=LocationApplications
Parameters=DefaultGateway
Order=Sequence
[LAdmins]
SQLServer=DBSEVERNAME
Database=MDT2012
Netlib=DBMSSOCN
Table=LocationAdministrators
Parameters=DefaultGateway
[LRoles]
SQLServer=DBSEVERNAME
Database=MDT2012
Netlib=DBMSSOCN
Table=LocationRoles
Parameters=DefaultGateway
[MMSettings]
SQLServer=DBSEVERNAME
Database=MDT2012
Netlib=DBMSSOCN
Table=MakeModelSettings
Parameters=Make, Model
[MMPackages]
SQLServer=DBSEVERNAME
Database=MDT2012
Netlib=DBMSSOCN
Table=MakeModelPackages
Parameters=Make, Model
Order=Sequence
[MMApps]
SQLServer=DBSEVERNAME
Database=MDT2012
Netlib=DBMSSOCN
Table=MakeModelApplications
Parameters=Make, Model
Order=Sequence
[MMAdmins]
SQLServer=DBSEVERNAME
Database=MDT2012
Netlib=DBMSSOCN
Table=MakeModelAdministrators
Parameters=Make, Model
[MMRoles]
SQLServer=DBSEVERNAME
Database=MDT2012
Netlib=DBMSSOCN
Table=MakeModelRoles
Parameters=Make, Model
[RSettings]
SQLServer=DBSEVERNAME
Database=MDT2012
Netlib=DBMSSOCN
Table=RoleSettings
Parameters=Role
[RPackages]
SQLServer=DBSEVERNAME
Database=MDT2012
Netlib=DBMSSOCN
Table=RolePackages
Parameters=Role
Order=Sequence
[RApps]
SQLServer=DBSEVERNAME
Database=MDT2012
Netlib=DBMSSOCN
Table=RoleApplications
Parameters=Role
Order=Sequence
[RAdmins]
SQLServer=DBSEVERNAME
Database=MDT2012
Netlib=DBMSSOCN
Table=RoleAdministrators
Parameters=Role

I have create a new Dbs on a different server and ran into the same issue.
In the logs it reads all the roles and adds them to the process but they are never installed.
<![LOG[About to issue SQL statement: SELECT * FROM RoleApplications WHERE ROLE IN ('Lab','321') ORDER BY Sequence]LOG]!><time="10:18:56.000+000" date="01-16-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
<![LOG[Successfully queried the database.]LOG]!><time="10:18:56.000+000" date="01-16-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
<![LOG[Records returned from SQL = 7]LOG]!><time="10:18:56.000+000" date="01-16-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
<![LOG[Property APPLICATIONS001 is now = {67622630-711c-4b01-9046-d2656d8ac7bc}]LOG]!><time="10:18:56.000+000" date="01-16-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
<![LOG[Added APPLICATIONS value from SQL: APPLICATIONS = {67622630-711c-4b01-9046-d2656d8ac7bc}]LOG]!><time="10:18:56.000+000" date="01-16-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
<![LOG[Property APPLICATIONS001 is now = {67622630-711c-4b01-9046-d2656d8ac7bc}]LOG]!><time="10:18:57.000+000" date="01-16-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
<![LOG[Property APPLICATIONS002 is now = {c4ef8ece-7985-4430-a463-24c40a361812}]LOG]!><time="10:18:57.000+000" date="01-16-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
<![LOG[Added APPLICATIONS value from SQL: APPLICATIONS = {c4ef8ece-7985-4430-a463-24c40a361812}]LOG]!><time="10:18:57.000+000" date="01-16-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
<![LOG[Property APPLICATIONS001 is now = {67622630-711c-4b01-9046-d2656d8ac7bc}]LOG]!><time="10:18:58.000+000" date="01-16-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
<![LOG[Property APPLICATIONS002 is now = {c4ef8ece-7985-4430-a463-24c40a361812}]LOG]!><time="10:18:58.000+000" date="01-16-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
<![LOG[Property APPLICATIONS003 is now = {b4d79ef9-5002-4965-aa2e-8e1c06978829}]LOG]!><time="10:18:58.000+000" date="01-16-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
<![LOG[Added APPLICATIONS value from SQL: APPLICATIONS = {b4d79ef9-5002-4965-aa2e-8e1c06978829}]LOG]!><time="10:18:58.000+000" date="01-16-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
<![LOG[Property APPLICATIONS001 is now = {67622630-711c-4b01-9046-d2656d8ac7bc}]LOG]!><time="10:18:59.000+000" date="01-16-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
<![LOG[Property APPLICATIONS002 is now = {c4ef8ece-7985-4430-a463-24c40a361812}]LOG]!><time="10:18:59.000+000" date="01-16-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
<![LOG[Property APPLICATIONS003 is now = {b4d79ef9-5002-4965-aa2e-8e1c06978829}]LOG]!><time="10:18:59.000+000" date="01-16-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
<![LOG[Property APPLICATIONS004 is now = {04d2b71c-0966-4517-8927-da391efbedc0}]LOG]!><time="10:18:59.000+000" date="01-16-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
<![LOG[Added APPLICATIONS value from SQL: APPLICATIONS = {04d2b71c-0966-4517-8927-da391efbedc0}]LOG]!><time="10:18:59.000+000" date="01-16-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
<![LOG[Property APPLICATIONS001 is now = {67622630-711c-4b01-9046-d2656d8ac7bc}]LOG]!><time="10:19:00.000+000" date="01-16-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
<![LOG[Property APPLICATIONS002 is now = {c4ef8ece-7985-4430-a463-24c40a361812}]LOG]!><time="10:19:00.000+000" date="01-16-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
<![LOG[Property APPLICATIONS003 is now = {b4d79ef9-5002-4965-aa2e-8e1c06978829}]LOG]!><time="10:19:00.000+000" date="01-16-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
<![LOG[Property APPLICATIONS004 is now = {04d2b71c-0966-4517-8927-da391efbedc0}]LOG]!><time="10:19:00.000+000" date="01-16-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
<![LOG[Property APPLICATIONS005 is now = {0990bd38-d766-4a32-8ad8-1e26836749f9}]LOG]!><time="10:19:00.000+000" date="01-16-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
<![LOG[Added APPLICATIONS value from SQL: APPLICATIONS = {0990bd38-d766-4a32-8ad8-1e26836749f9}]LOG]!><time="10:19:00.000+000" date="01-16-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
<![LOG[Property APPLICATIONS001 is now = {67622630-711c-4b01-9046-d2656d8ac7bc}]LOG]!><time="10:19:01.000+000" date="01-16-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
<![LOG[Property APPLICATIONS002 is now = {c4ef8ece-7985-4430-a463-24c40a361812}]LOG]!><time="10:19:01.000+000" date="01-16-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
<![LOG[Property APPLICATIONS003 is now = {b4d79ef9-5002-4965-aa2e-8e1c06978829}]LOG]!><time="10:19:01.000+000" date="01-16-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
<![LOG[Property APPLICATIONS004 is now = {04d2b71c-0966-4517-8927-da391efbedc0}]LOG]!><time="10:19:01.000+000" date="01-16-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
<![LOG[Property APPLICATIONS005 is now = {0990bd38-d766-4a32-8ad8-1e26836749f9}]LOG]!><time="10:19:01.000+000" date="01-16-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
<![LOG[Property APPLICATIONS006 is now = {cdad0742-bc76-4a8a-94e4-ef2e00f4da7a}]LOG]!><time="10:19:01.000+000" date="01-16-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
<![LOG[Added APPLICATIONS value from SQL: APPLICATIONS = {cdad0742-bc76-4a8a-94e4-ef2e00f4da7a}]LOG]!><time="10:19:01.000+000" date="01-16-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
<![LOG[Property APPLICATIONS001 is now = {67622630-711c-4b01-9046-d2656d8ac7bc}]LOG]!><time="10:19:02.000+000" date="01-16-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
<![LOG[Property APPLICATIONS002 is now = {c4ef8ece-7985-4430-a463-24c40a361812}]LOG]!><time="10:19:02.000+000" date="01-16-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
<![LOG[Property APPLICATIONS003 is now = {b4d79ef9-5002-4965-aa2e-8e1c06978829}]LOG]!><time="10:19:02.000+000" date="01-16-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
<![LOG[Property APPLICATIONS004 is now = {04d2b71c-0966-4517-8927-da391efbedc0}]LOG]!><time="10:19:02.000+000" date="01-16-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
<![LOG[Property APPLICATIONS005 is now = {0990bd38-d766-4a32-8ad8-1e26836749f9}]LOG]!><time="10:19:02.000+000" date="01-16-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
<![LOG[Property APPLICATIONS006 is now = {cdad0742-bc76-4a8a-94e4-ef2e00f4da7a}]LOG]!><time="10:19:02.000+000" date="01-16-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
<![LOG[Property APPLICATIONS007 is now = {518dfc87-de15-4d2b-b610-e9778cb926da}]LOG]!><time="10:19:02.000+000" date="01-16-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
<![LOG[Added APPLICATIONS value from SQL: APPLICATIONS = {518dfc87-de15-4d2b-b610-e9778cb926da}]LOG]!><time="10:19:02.000+000" date="01-16-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">

Role not working on Forms 6i

Hi everyone,
I have create a role under my username and also assigned the role to the same user, but when I try to run my menu I receive the following error:
FRM-10256: User is not authorized to run Form Builder Menu
Can anyone please help me?

Hi Craig and thanks for replying,
The way I created the roll was under my username, not the administrator user. The first time I was not able to create a roll from my user, but I did this to be able to do it: GRANT CREATE ROLL TO <MY USERNAME>
The way I enabled the the Roles on y menu was as follows:
1) I open menu using Forms 6i.
2) Right click on my menu name and choose Property Palette.
3) Under Menu Security, I choose Use Security and select "Yes".
4) Under Module Roles, I typed a name for that role.
5) I go to SQL and create the new Role under my username giving the role the same name I gave it on Forms. This is how I created: Create role <Role Name>
6) Then I just assign that role to my user, like this: Grant <Rolename> to <username>
Hope this helps!!
Thanks again in advance!!

Redirect to web authentication not working on Cisco 5508 Wireless Controller

Hi,
I have a wlan with web authentication:
http://i55.tinypic.com/w145zk.png
and
http://i51.tinypic.com/344sfm0.png
When I connect to the SSID (I get correct IP from the Cisco 5508 Controller) and try to surf, I do not get redirected to the web authentication page (https://1.1.1.1/login.html), when I manually insert the URL I get "cannot display the webpage". Any idea?
The virtual interface is 1.1.1.1.
Here is a screenshot of interface and internal dhcp:
http://i52.tinypic.com/2vkm1d2.png
Any idea why clients are not redirecting?
Thanks!

Thanks for the reply dmantil!
When I changed the Virtual DNS name to 1.1.1.1 (the same as the IP) I get redirected if I use http://198.133.219.25, but not with http://cisco.com, I get redirected only if I use IP.
I forgot to mention that the controller is in a lab with no access to DNS server. Does the controller check if the domain is valid before redirecting users? I cant find any documentation on how the controller redirect users.

TACACS Authentication not working with ASA

I have an ACS 4.1 Windows server running TACACS. It si working on all devices within the enterprise except for one new ASA at a remote site. There is no NAT going on or anything and the ASA can ping the ACS box and the ACS box can ping the ASA.
I added the configuration below but the authentication fails and no requests come to the ACS server
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ host 10.x.x.x
key password
aaa authentication ssh console TACACS+ LOCAL
aaa authentication enable console TACACS+ LOCAL
aaa authentication http console TACACS+ LOCAL
Any help would be greatly appreciated

Please check shared secret key. Remember NDG key overwrites aaa client key.
Make sure acs should have correct ip address of asa in network configuration.
Do you see any hits on acs failed or passed attempts ? Also try increasing the tacacs timeout to 15 sec.

Approver for the application role not working out

Hi,
I have created a role with type application and Approver A, then created a business role with the Approver B and included application role into the business role.
When i assign this business role to a user the only request for approval goes to Approver B and after approval the both application and business roles are assigned. Strangely it seem to skip the Approver A. I did even remove the approver in business role, leaving only approver in application role, still same result - it skips Approver A.
I'm using IDM 8.0.0.1, any ideas why it would skip the approver in the included role?
Thanks!

Thanks for the quick reply. I've tried optional with approval and here is what I found.
It seems I need a combination of the two. My end goal is to have a second level approval, one group would be responsible for approving the business role and the system owners would be responsible for approving the nested application roles. When a user requests the business role, they must have approvals for the business role and all of the nested application roles for their request to be completed.
If the app. roles are required, the workflow automatically incorporate the nested appl. roles in the request but does not require approval for them. If they are conditional with approval, the user would have to submit a second request to get all of the nested application roles. It looks like I need a combination of the two, required with approval.
I need it to behave like it does when you have a role with approver that includes resources with an approver. The role and resources must all be approved before the request can be completed successfully.
I'm trying to see if this is possible through the GUI before I customize the workflow.

TACACS+ roles not working on WLC 5508

Similar Messages

Maybe you are looking for