Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started.

New Member

CIMC syncrhonize with Active Directory

Hello,

I'm trying to use Active Directory Authentication to connect to CIMC and it is not working.

Following documentation I have done the following:

Logged on to the website

Went to Admin and then to Active Directory

Enabled: Checked

Server IP Address: static IP of domain controller

Timeout: 60

Enable Encryption: unchecked

Domain: domain name.  Example: test.local

Attributes: CiscoAVPair

In AD Schema

I added the attribute:

CiscoAVPair

Description: CiscoAVPair

Common Name: CiscoAVPair

X 500 OID: 1.3.6.1.4.1.9.287247.1

Syntax: Case Sensitive String

Minimum: Blank

Maximum: Blank

Attribute is active: Checked

Index this attribute: unchecked

replicate this attribute to the global catalog: unchecked

Attribute is copied when duplicating a user: unchecked

index this attribute for containerized searches: unchecked

I added the pair under classes for user

Under my account in adsi edit I went into my properties found the CiscoAVPair

and changed its properties to

shell:roles="admin"

I tried logging on as

user

password

and

test\user

password

Both say Login failed.  Verify that your username and password are correct.

Any help would be appreciated.

Thank you,


Walter

  • Unified Computing
7 REPLIES
Cisco Employee

CIMC syncrhonize with Active Directory

Walter,

What is the CIMC version ?

Padma

New Member

CIMC syncrhonize with Active Directory

Hello,

Thank you for your reply.

Cisco Integrated Management Controller

ucs-c2xx-m2

Version 1.3(2j)

Cisco Employee

CIMC syncrhonize with Active Directory

Hello Walter,

I tested with 1.4 and had no issues with it.

Can you please check CLI access ?

If it is Linux client,

ssh -l \\ 

If it fails, please login into CIMC with local user account and provide us the relevant log messages from CIMC > Admin > CIMC log section for the failed login attempt.

Padma

New Member

CIMC syncrhonize with Active Directory

Hello,

I found the following entries in the log that seem related.

I tried from Putty and it did not work.   I tried vdc\bea0196 and just bea0196 and neither seemed to matter

pam_session_manager(sshd:auth): Authentication Failure user bea0196

authTempCredentials2() - could not open /tmp/aim/dynamic/tempcred/bea0196

last message repeated 15 times

mcddI2CDrv.c:861:PI2CPerformOP: ioctl to driver failed to read Bus[f0].Dev[c2]!  ErrorStatus[fe]

Login failed (user:bea0196, ip:10.86.253.13, service:sshd)

pam_auth_status(sshd:auth): Login Failed for user=bea0196, host=10.86.253.13

pam_local_manager(sshd:auth): Authentication Failure user bea0196

pam_ldap_manager(sshd:auth): Start ----------->

Thank you,

Walter

Cisco Employee

CIMC syncrhonize with Active Directory

Hello,

Can you please share additional logs for the event ?

LDAP messages would be logged by pam_ldap_manager

Padma

New Member

CIMC syncrhonize with Active Directory

Hello,

Here are the results

pam_ldap_manager(webgui:account): Could not get pam data for authTok

pam_ldap_manager(webgui:account): At least one Role Group must be configured

Cisco Employee

CIMC syncrhonize with Active Directory

Hello Walter,

Please open a TAC service request along with the logs so that we can take a look at it.

Padma

1374
Views
0
Helpful
7
Replies