Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

UCS Manager LDAP issue

Hi guys,

Just wondering if anyone could help with an odd issue we seem to have come across with our UCS manager.  We have set it up to use LDAP authentication for log on which is working fine for four of our five team members however we have one user who although he is in exactly the same groups as the rest of us continually gets unautheticated user errors. 

We've done the usual of checking it is not his machine or setup and in the logs it doesn't even register an attempt at log on failing so not to sure what I can check so any thoughts would be very much appreciated!

We are using UCSM v2.1 (1e) in case that is relevant?

Many Thanks

John

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

UCS Manager LDAP issue

I had run into the same issue.  Turned out to be a bug in the firmware when DN's were too long.

CSCth96721

There is no longer a 128 character limitation to the number of OUs or the length of the Distinguished Name (DN) when using LDAP authentication with Active Directory.

http://www.cisco.com/en/US/docs/unified_computing/ucs/release/notes/UCS_28313.html

5 REPLIES
Cisco Employee

Re: UCS Manager LDAP issue

Hello John,

Are you using MS AD ?

Please make sure that LDAP group map is referring to correct DN.

Anything special about non-working user account ?

Please turn on the following debugs and request the user to login.

connect nxos

debug aaa all

debug ldap all

debug aaa aaa-request

After login attempt, you can turn off the debugs by " undebug all " .

Please share the debug output.

Padma

New Member

Re: UCS Manager LDAP issue

Hi Padma,

Thanks for the reply, nope there is nothing special about this user that I can see and if I create a brand new user and just put it in domain admins and the LDAP group for UCS then it logs in just fine.

I have enabled the debugging options and get the user to try logging in but it doesn't even seem to register his attempt, another member of the team logs in and the log updates in front of me but when this other person does nothing comes up!  Very odd.

Many Thanks

John

Cisco Employee

UCS Manager LDAP issue

Hello John,

Please save the SSH session output and then turn on the debug.

After the login attempt, please share the session log file.

Are all these users belong to same group as defined in LDAP group map ?

Thanks

Padma

New Member

UCS Manager LDAP issue

I had run into the same issue.  Turned out to be a bug in the firmware when DN's were too long.

CSCth96721

There is no longer a 128 character limitation to the number of OUs or the length of the Distinguished Name (DN) when using LDAP authentication with Active Directory.

http://www.cisco.com/en/US/docs/unified_computing/ucs/release/notes/UCS_28313.html

New Member

Re: UCS Manager LDAP issue

Bruce you're a star, thank you.

Thanks again Padma for the offer, I was just popping on to post results when I saw Bruce's comment and did some testing, the non working account is 5 letters longer than any of our others which is apperently just enough to tip his DN over to too long!  Have created an account with Alex instead of Alexander as the name and he is up and running perfectly.

Much appreciated guys

John

482
Views
0
Helpful
5
Replies