Network Management

I'm struggling to get Airwave integrated with our TACACS+ service (tac_plus from shrubbery networks) and I can't seem to find where Airwave is logging the TACACS+ communication so I can see why it is failing.  I see the requests on the server side but the client (AIrwave) isn't handling what my server is giving it properly.

Does anyone know where the authentication is logged and if there is a debug option to run?

I'm running AMP 8.0.5 if it matters.

Are you returning the Admin role?  http://community.arubanetworks.com/t5/Monitoring-Management-Location/Integrating-an-ACS-TACACS-server-to-Authenticate-AWMS-Users/ta-p/170116

I believe I am,  as I can confirm from my other devices that I have configured to use TACACS to send the role=Admin or the other roles I have configured.  But I can't find a way to put the tacacs service into debug mode in Airwave so that I can confirm see what the actual problem is.

I am not using Cisco's ACS (as per your linked article) I am using the OSS implementation of tacacs developed by shrubbery networks.

From the AMP side, try looking in:

/var/log/httpd/access_log

This is the log of all inbound GUI access requests.

Most GUI related errors typically show up in /var/log/httpd/error_log.

If it's silent (UI hangs/no response), then possible /var/log/amp_events or messages

Nothing is logged in any of the below files during a failed tacacs log in.  What I included below is the only thing that is logged during a successful local login.

access_log.2015-01-28

--------------------------------

[28/Jan/2015:09:18:56 -0500] "POST /LOGIN HTTP/1.1" 503 395

error_log.2015-01-28

--------------------------------

amp_events

--------------------------------

Hm...

Try /var/log/pound.  Pound is the first hit before apache, so it's possible that the log may show something.

If there's still nothing helpful in the log, then it's worth opening up a support case to try getting help tackling this.