On the UCSM, is the console authentication set to ldap as well?
If yes, connect to the console port and the default authentication should fall back to local from ldap.
The below section includes scenario where native authentication was changed to LDAP and the user was locked out from UCSM, as well as when Console authentication is also set to LDAP
While trying to configure UCSM to allow for LDAP authentication, native authentication was changed to LDAP and the user was locked out from UCSM. How to recover from this situation ? Answer From the serial management console of the Primary FI<http://www.cisco.com/en/US/docs/unified_computing/ucs/hw/switch/install/connect.html#wp1028307>, run the following commands :
SJ-SV-1-16-2-A# scope security SJ-SV-1-16-2-A /security # set authentication console local SJ-SV-1-16-2-A /security # set authentication default local
Console authentication is also set to LDAP In this case, you will have to stop IP connectivity to the LDAP server from the UCS FI's.
Option 1: Block IP connectivity in the network path between UCS FI's and LDAP server.
* Once the FI is unable to see the LDAP server at all on the network, meaning the FI does not have IP connectivity to the LDAP server, it will fail back to the local database regardless of the settings. * If the network has a firewall between the FI's and the LDAP server, the administrator can block access to tcp port 389 (LDAP), or tcp port 3268 (Global Catalog which will satisfy schema lookups for LDAP Auth). Older systems may also need to block tcp port 636 (LDAPS / LDAP over SSL, which has since been depricated for startTLS over 389). Option 2: Disconnect the management interface of the primary FI to force the system to login locally for console as this satisfies the condition to stop IP connectivity.
* Once you can access the PRIMARY Fabric Interconnect physically, follow the below steps.
1. Take out console and management cables from the port. 2. Connect your PC directly to your management interface. 3. Configure your PC to have the IP address in the same subnet as the FI's management IP address. 4. Make sure you can ping the FI from your PC. 5. SSH into the FI using either the FI IP or VIP. 6. Run the following commands: # scope security # set authentication console local # set authentication default local # commit-buffer
7. Verify the configuration by issuing the following command: # show authentication Console authentication: Local Default authentication: Local Role Policy For Remote Users: Assign Default Role 8. Put the original cable back into the management port and normalize. 9. Try to log in using the local credential.
Introduction This article will help you understand the steps on how to
download the UCS licenses from the Cisco Systems website and then
installing it on the UCS. The redacted (blue lines) just covers up
certain numbers for privacy please do not take them...
Introduction This article will help you understand and educate the
customer on how to clear their "expired licenses"
(license-graceperiod-expired) from their UCS-M. If a customer just
purchased a license and needs a step by step guide on how to download
==================== VIC FNIC driver does not support Virtual Volumes (
second level LUN ID ) An enhancement request has been created to track
this feature - CSCux64473 UPDATE - 12-14-2016 We made some traction on
the enhancement request - The Fix is in t...