Network Management

Reply
Occasional Contributor II
Posts: 21
Registered: ‎02-12-2013

Troubleshooting TACACS+ on Airwave

I'm struggling to get Airwave integrated with our TACACS+ service (tac_plus from shrubbery networks) and I can't seem to find where Airwave is logging the TACACS+ communication so I can see why it is failing.  I see the requests on the server side but the client (AIrwave) isn't handling what my server is giving it properly.

 

Does anyone know where the authentication is logged and if there is a debug option to run?

 

I'm running AMP 8.0.5 if it matters.

Guru Elite
Posts: 20,388
Registered: ‎03-29-2007

Re: Troubleshooting TACACS+ on Airwave

Are you returning the Admin role?  http://community.arubanetworks.com/t5/Monitoring-Management-Location/Integrating-an-ACS-TACACS-server-to-Authenticate-AWMS-Users/ta-p/170116

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 21
Registered: ‎02-12-2013

Re: Troubleshooting TACACS+ on Airwave

I believe I am,  as I can confirm from my other devices that I have configured to use TACACS to send the role=Admin or the other roles I have configured.  But I can't find a way to put the tacacs service into debug mode in Airwave so that I can confirm see what the actual problem is.

 

I am not using Cisco's ACS (as per your linked article) I am using the OSS implementation of tacacs developed by shrubbery networks.

Moderator
Posts: 1,244
Registered: ‎10-16-2008

Re: Troubleshooting TACACS+ on Airwave

From the AMP side, try looking in:

/var/log/httpd/access_log

This is the log of all inbound GUI access requests.

 

Most GUI related errors typically show up in /var/log/httpd/error_log.

If it's silent (UI hangs/no response), then possible /var/log/amp_events or messages


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
Occasional Contributor II
Posts: 21
Registered: ‎02-12-2013

Re: Troubleshooting TACACS+ on Airwave

Nothing is logged in any of the below files during a failed tacacs log in.  What I included below is the only thing that is logged during a successful local login.

 

access_log.2015-01-28

--------------------------------

[28/Jan/2015:09:18:56 -0500] "POST /LOGIN HTTP/1.1" 503 395

 

error_log.2015-01-28

--------------------------------

 

amp_events

--------------------------------

 

 

Moderator
Posts: 1,244
Registered: ‎10-16-2008

Re: Troubleshooting TACACS+ on Airwave

Hm...

Try /var/log/pound.  Pound is the first hit before apache, so it's possible that the log may show something.

 

If there's still nothing helpful in the log, then it's worth opening up a support case to try getting help tackling this.


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
Search Airheads
Showing results for 
Search instead for 
Did you mean: