Solved: UCS LDAP and Native Authentication

Raghavendra Barengala Sripada Rao · ‎03-31-2014

Hello,

We have set Native authentication to LDAP and UCS Manager login to LDAP as well. We're able to login to GUI & SSH using the LDAP account. But can't login to GUI using local account (admin).

If I change the Native authentication to local, we can login to GUI via local account (admin), but can't login to SSH via LDAP account.

Are we missing anything?

Please let me know.

/Rags

padramas · ‎04-01-2014

Hello,

When you changed the native auth to LDAP and are using local account, are you prepending the local user name with local auth domain name ?

* From Linux / MAC machine

ssh ucs-<domain-name>\\<username>@<UCSM-IP-Address>

ssh -l ucs-<domain-name>\\<username> <UCSM-IP-address>

ssh <UCSM-IP-address> -l ucs-<domain-name>\\<username>

* From putty client

Login as: ucs-<domain-name>\<username>

NOTE Domain name is case sensitive and should match the domain-name configured in UCSM.

Try logging in with domain name\username and let us know the outcome.

Padma

View solution in original post

Walter Dey · ‎04-01-2014

You can / should create a “local” Authentication Domain and select "local", to give you a method to gain access to UCS to correct invalid configuration. This is not necessary, as a “Native” account is created by default. This allows you to get to UCS via local authentication in the event your AD credentials are mis-configured. But, I like to have a known back-door in case I mis-configure AD. Once AD is validated you can remove the local account.

In the login menue, you will then see your AD domain and local !

In the Native Authentication: Default Authentication Realm on "LDAP"

Raghavendra Barengala Sripada Rao · ‎04-01-2014

AS described above, that is exactly we have configured except for deleting the local account (admin). The Native Authentication is also Realm to "LDAP"

After we did this we are not able to login to GUI using local account (admin). So my question is can we login to GUI & SSH session using both local account and AD account?

If I change the Native Authentication to local from LDAP we are able to login in to GUI &SSH using local account. But we can't log in to SSH session using AD account.

Please let me know. Thank you for your prompt reply.

Best Regards,

Rags

padramas · ‎04-01-2014

Hello,

When you changed the native auth to LDAP and are using local account, are you prepending the local user name with local auth domain name ?

* From Linux / MAC machine

ssh ucs-<domain-name>\\<username>@<UCSM-IP-Address>

ssh -l ucs-<domain-name>\\<username> <UCSM-IP-address>

ssh <UCSM-IP-address> -l ucs-<domain-name>\\<username>

* From putty client

Login as: ucs-<domain-name>\<username>

NOTE Domain name is case sensitive and should match the domain-name configured in UCSM.

Try logging in with domain name\username and let us know the outcome.

Padma

Walter Dey · ‎04-01-2014

Which UCS version ?

If you have 2 domains, they should appear in the GUI login menu ? irrelevant of the native authentication.

Raghavendra Barengala Sripada Rao · ‎04-04-2014

Padma,

This worked. Thank you so much!!

//Rags