Does UCS fallback to local authentication when TACACS fail?

Unanswered Question
Aug 24th, 2010

I am considering configuring UCS to use TACACS but can't find any documentaion to suggest if the UCS would fallback

to Local when TACACS fail.  One would assume that it would so any link or pointers would be appreciated. Thank you.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 1 (1 ratings)
stechamb Wed, 08/25/2010 - 00:04

No it doesn't, you won't be able to log on.  For this reason you should always configure Console access as Local as a safety net / fall back should TACACS fail.  THen at least you can console in, change the auth to Local and use local accounts.

So in effect, you have to "manually fall back to local" - it isn't automatic.

Cheers

Steve

tin.ngo Wed, 08/25/2010 - 04:18

Oh, Thank you for the information. Since console acccess means command line only.

Am i right to suggest that one should know how to make changes and back out via command line

as the Web GUI won't be available when TACACS goes down?

timsilverline Wed, 11/02/2011 - 23:24

I read this post and thought fallback was not supported but have since found out that Steve was incorrect in his statement.

If you look at the user guide you will see that it states:

"If all of the configured servers are unavailable or unreachable, Cisco UCS Manager automatically falls back to the local authentication method using the local username and password."

Upon testing indeed fallback works properly.

Gregory Scarlett Wed, 11/02/2011 - 23:29

Adding on Tims post.  This behaviour is documented here:

http://www.cisco.com/en/US/docs/unified_computing/ucs/sw/cli/config/guide/2.0/UCSM_CLI_Configuration_Guide_2_0_chapter7.html#d15831e2899_navtitle

Provider Groups

A provider group is a set of providers that will be used by Cisco UCS during the authentication process. Cisco UCS Manager allows you to create a maximum of 16 provider groups, with a maximum of eight providers allowed per group.

During authentication, all the providers within a provider group are tried in order. If all of the configured servers are unavailable or unreachable, Cisco UCS Manager automatically falls back to the local authentication method using the local username and password.

Actions

Login or Register to take actions

This Discussion

Posted August 24, 2010 at 6:51 PM
Stats:
Replies:4 Avg. Rating:1
Views:2057 Votes:0
Shares:0
Tags: No tags.
Categories: General UCS Hardware
+

Discussions Leaderboard