Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

UCS LDAP and Native Authentication

Hello,

 

We have set Native authentication to LDAP and UCS Manager login to LDAP as well. We're able to login to GUI & SSH using the LDAP account. But can't login to GUI using local account (admin).

If I change the Native authentication to local, we can login to GUI via local account (admin), but can't login to SSH via LDAP account.

Are we missing anything?

 

Please let me know.

 

/Rags

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Hello, When you changed the

Hello,

 

When you changed the native auth to LDAP and are using local account, are you prepending the local user name with local auth domain name ?

* From Linux / MAC machine 

ssh ucs-<domain-name>\\<username>@<UCSM-IP-Address>

ssh -l ucs-<domain-name>\\<username> <UCSM-IP-address>

ssh <UCSM-IP-address> -l ucs-<domain-name>\\<username>

 

* From putty client

Login as: ucs-<domain-name>\<username>

NOTE Domain name is case sensitive and should match the domain-name configured in UCSM.

Try logging in  with domain name\username and let us know the outcome.

 

Padma

5 REPLIES
VIP Green

You can / should create a

You can / should create a “local” Authentication Domain and select "local", to give you a method to gain access to UCS to correct invalid configuration. This is not necessary, as a “Native” account is created by default. This allows you to get to UCS via local authentication in the event your AD credentials are mis-configured. But, I like to have a known back-door in case I mis-configure AD. Once AD is validated you can remove the local account.

In the login menue, you will then see your AD domain and local !

In the Native Authentication: Default Authentication Realm on "LDAP"

 

AS described above, that is

AS described above, that is exactly we have configured except for deleting the local account (admin). The Native Authentication is also Realm to "LDAP"

 

After we did this we are not able to login to GUI using local account (admin). So my question is can we login to GUI & SSH session using both local account and AD account?

 

If I change the Native Authentication to local from LDAP we are able to login in to GUI &SSH using local account. But we can't log in to SSH session using AD account.

 

Please let  me know. Thank you for your prompt reply.

 

Best Regards,

Rags

Cisco Employee

Hello, When you changed the

Hello,

 

When you changed the native auth to LDAP and are using local account, are you prepending the local user name with local auth domain name ?

* From Linux / MAC machine 

ssh ucs-<domain-name>\\<username>@<UCSM-IP-Address>

ssh -l ucs-<domain-name>\\<username> <UCSM-IP-address>

ssh <UCSM-IP-address> -l ucs-<domain-name>\\<username>

 

* From putty client

Login as: ucs-<domain-name>\<username>

NOTE Domain name is case sensitive and should match the domain-name configured in UCSM.

Try logging in  with domain name\username and let us know the outcome.

 

Padma

VIP Green

Which UCS version ?If you

Which UCS version ?

If you have 2 domains, they should appear in the GUI login menu ? irrelevant of the native authentication.

Padma, This worked. Thank you

Padma,

 

This worked. Thank you so much!!

//Rags

4581
Views
0
Helpful
5
Replies
CreatePlease to create content