TACACSGUI (https://tacacsgui.com) is a free opensource TACACS server with a robust interface. When setting up TACACS in an Aruba Airwave and if you are using TACACSGUI (even the cisco equivalent) normal TACACS users are unable to logon. I did not have any issues like this when I setup TACACS for Aruba Mobility Masters and Mobility Controllers. I only ran into this with Aruba AirWave. AirWave’s interface looked allot older in design when compared to Mobility Master and Mobility Controllers. You need to create an admin role (or service in TACACSGUI) for the user to authenticate as AirWave is expecting a specific role.
Currently as of 1/10/22, TACACSGUI does not have a predefined service or role for Aruba AirWave, so I manually need to create one.
In TACACSGUI, goto Access Control, then Services. Under Services, click the Add button to define a new service.
For the service name, you can call it whatever you like, I called mine: Aruba-Airwave-access. I then selected “Only manual configuration”. In the manual configuration enter the following:
service = AMP { set role = Admin }
Once that is entered, you can save the Service (role). Next you need to add the new service (role) to a user in TACACSGUI
Below is where you add the newly created service (role) to the user. A user can have more than one service (role) in TACACSGUI. In the picture below, this user has only one service associated with them. For example, my user has services (roles) for Airwave, Juniper, and Cisco shell access with a specific privilege level specified.
Here is a picture showing the TACACS configuration settings in Aruba Airwave:
