The UCS Manager LDAP question

Hi guys,.

I was wondering if anyone could help with a weird problem that we seem to have met with our UCS Manager. We set it up to use LDAP authentication for log on which works very well for four of the five members of the team, but we have a user that although it is in exactly the same groups as the rest of us continually gets unautheticated errors to the user.

We did the habit of checking that it is not his machine or installation and in the newspapers that it even does not save an attempt to log on default so not sure what I can check any thoughts would be much appreciated!

We use UCSM v2.1 (1e) in case it's relevant?

Thank you very much

John

I ran into the same issue. Has proved to be a bug in the firmware DN was too long.

CSCth96721

It is more a limitation of 128 characters for the number of units of organization or the length of the distinguished name (DN) when you use LDAP to Active Directory authentication.

http://www.Cisco.com/en/us/docs/unified_computing/UCS/release/notes/UCS_28313.html

Tags: Cisco DataCenter

Similar Questions

Question of the UCS Manager

Hello

I have problem with manager Cisco UCS, after have logged you in the UCS Manager, I get an error.

Print.PNG

Cristobal,

It certainly is a cause of what UCSM bug doesn't do what it is supposed to and the only bug which is really (according to the version you are using) is https://tools.cisco.com/bugsearch/bug/CSCum95854/?reffering_site=dumpcr and seems to be fixed in the latest versions... 2.2.2c; 2.2.3A; 2.5.1a; 3.0.2c (UCS Mini)

Advice is to contact TAC for assistance (if necessary).

-Kenny

Can I see faults offset and deleted in the UCS Manager?

Is there a way to see the flaws that have been deleted in the UCS Manager and deleted once the retention period has expired?

Thank you.

.. .Brian

No, unless you use an external syslog server. It is the only way to maintain indefinitely offset flaws.

Robert

How to configure the UCS Manager?

Hi, this is the first time im using the Cisco server and we have Cisco c240. My task now to monitor this server using SCOM. Research, I understand that it will take to install/configure the UCS Manager. But I'm not really sure how to set it up, I know it's similar with Dell OMSA, but for the OMSA, just install the application. But how do the Cisco server?

Hello

Although it is not clearly documented, integration SCOM is supported only for the blades of the series B and C-series rack mounts, which are integrated with UCS Manager. No support for stand-alone C-Series.

Walter.

Upgrade of the UCS Manager

Hi all

I have my UCS Manager and I need to do an upgrade, my question is the VMS, I executed what I need to move them from one device to the other? or I can do the upgrade with no downtime?

Can someone give me a procedure on how I do this?

Thank you all.

Hello

An upgrade is usually done in two parts:

(1) infrastructure (IOM, UCSM, fabric interconnection networks)

(2) blades (BIOS, adapters, CIMC, Controller Board, Flexflash, etc.)

During upgrade infrastructure, you will need to restart the fabric connects one at a time. When you make one of your two fabrics will be down for about 20 minutes. If you have redundant vNIC/vHBAs in all of your tissues A and B, it should ask only degraded services in the environment. However, a maintenance window is always recommended. When you upgrade the blades, you will need to restart. This is probably where you should move your virtual machines. After that you upgrade the blades make sure you update your OS drivers as well!

UCS firmware update as follows:

http://www.Cisco.com/c/en/us/support/servers-unified-computing/UCS-manag...

Download the firmware:

https://software.Cisco.com/download/release.html?mdfid=283853163&flowid=...

Compatibility matrix:

http://www.Cisco.com/c/en/us/support/servers-unified-computing/unified-c...

I hope this helps.

Justin

The Lab Manager Ldap integration

I, ve configured a vSphere/ESX environment of OTA in a subnet of 172.10.1.0/24.
Open ports on our firewall to manage OTA from our direct environment. Online subnet: 10.128.0.0/16
Installed Labmanager 4.0 and add it to the field in the environment of the OTA.
Everything works fine. After you open the port 389, I want to synchronize LDAP.
When I do "Test LDAP settings" I get the following error:
I read that it is not best practice to place a LM server in a domain.
http://blog.aarondelp.com/2010/03/VMware-Lab-Manager-install-notes-and.html
I tried the Ldap synchronization with the server of LM in a working group, but also, it does not work.
Tried with the domain admin user, manually add the ldap port, it was left empty, different DN, nothing worked.
Read also in the article is not to name the server labmanager LM, and that's exactly what I did...
Also the lab Manager folder described in the article was not created in vCenter.
I think uninstall LM, rename the virtual computer and reinstall LM. I don't know if it will solve this problem.
I hope someone has a solution...
Thank you...

the 'test' LDAP settings actually trying to find the account provided credentials. It's like a back loop... I should be able to find me before as I find other people.

If the test account is not in the basic DN path of research, but can locate other accounts then it should.

Best regards

Jon Hemming

OIM 11 g - authorization of the user management policy questions
Hello

(1) created a body-> human resources
(2) created a role-> HR_Admins
(3) assigned HR_Admins roles as the administrative role of human resources
(4) user1 created with the Organization as a role of human resources & HR_Admins assigned to this user.
(5) permission policy created for the management of users with the following selections
-> Create user authorization.
Constraints of data-> Selected "Users who are members of certain organizations" & selected above human resources organization.
Transfer-> role of the HR_Admins.
now, when I log in User1 I am not able to see Administration tab where I can choose create user.
I'm working on this issue for a few days, but not able to find the solution & I missed some configurations?

Thank you
Rahul Shah
Hello Rahul,
I tried your scénarion... with clause below
1) founded an organization-> human resources
(2) created a role-> HR_Admins
(3) assigned HR_Admins roles as the administrative role of human resources
(4) user1 created with the Organization as a role of Human Resource & allocated HR_Admins to this user. : default role all users
(5) permission policy created for the management of users with the following selections
-> Create user authorization. :-* "Select ALL."
Constraints data-> Selected "Users who are members of certain organizations" & selected above human resources organization.
-> HR_Admins role assignment.

Data constraints
Organization security setting hierarchy aware (include all children's organizations)

Now I am able to see the user tab to create, and I can create user in resources human org only.

If it does not work for you. Just assign 'ADMINISTRATOR of REQUEST' in the AUTH POLICIES. The result of the test.

Also, what is your version of the IOM?

Test with updated as new role name, org, and user data.
-kuldeep

Published by: Kuldeep on May 22, 2012 04:19

rename objects in the UCS Manager

How to rename objects in UCSM - things like service profiles.

models, policies, etc. I can't find anything in the GUI or CLI for this.

Thank you.

Mark,

With the current code review is not possible to rename the Service profile, or templates. It is a future improvement in the pipe, but there is no committed date at this stage.

Kind regards

Robert

Manager of the UCS of 1.2 update (1 d) to 1.3 (1o)

I use the instructions in the UCSM_GUI_Configuration_Guide_1_3_1.pdf to upgrade my equipment ucs. There are several questions and I had.

(1) it says to update the firmware for the IOM and wait until you activate the firmware on the fabric of interconnections that will restart the interconnection fabric and IOM, date on which IOM will be updated. I did the firmware was not updated on IOM. The backup version still shows 1.3 (1o) and the current version is 1.3 (1 c) IOM for, even if the fabric of interconnections successfully updated. When I try to manually activate the firmware on the IOM, I get error combined modification. The compatibility check failed. What is this?

(2) I have treid activating the UCS Manager according to page 141 of the guide of version 1.2 (1 d) 1.3 (1o) and I find failed to start activation. The check of the compatibiity failed.

(3) I tried to update the individual servers of 1.2 interface cards (1 d) to 1.3 (1o) and I will meet with the same errors of compatibility check.

This is the first time I went through and tried to update the firmware on my new box of UCS. Any help would be appreciated.

Thank you

During the activation of the new firmware, you must check the box to ignore the compatibility check.

Use management/KVM ip addresses several areas of the UCS

Hello

We organize several servers UCS blades in two areas of the UCS. In all areas, we configured an IP ext-mgmt pool to join the MMIC of the blades. As our two infrastructure is developing, I was wondering if we could use the IP addresses that we use for pools in both areas?

I read the guide management (http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/ucs-manager/G...) and as far as I understand it, if we use the inband IPv4 addresses these addresses are used between the fabric interconnects and server blades?

So I could not addressed the KVM from "outside" so through the UCS Manager (equipment-> frame-> Server-> Actions "Console KVM"). Am I wrong? I did a few tests well failed to start KVM without our current configuration (IP ext-mgmt pool provides extrabande for each unique server IPv4 addresses).

Thanks in advance!

Concerning

Martin

Hi Martin

I think that's not possible! as soon as you insert a blade, it will have an IP address from the ext-mgmt pool and assigns it to the MMIC! That's why this IP address is assigned to a chassis / slot, which means that if you move the blade to another location, most likely, it will get another address. It is a challenge, if you want a DNS entry for a blade / KVM access.

Walter.

UCS Manager logon box Java problem

I'm testing Java 7 update 55 with the UCS Manager to verify that all features working. When I opened UCS manager connection poster box but I noticed that the 'Domain' option does not appear. Without it, I can't choose between LDAP or local authentication.

Someone at - it solved this problem with versions of Java (more recent than the 45 update)?

Thank you.

You can upgrade UCSM whitout put to rest, but the supported configuration is to have UCSM, fabric and IOM (which is included with the 'Infrastructure package') running the same version...

Now you can just upgrade the infrastructure bundle and check 'Table 2' both of the links below to confirm compatibility with the Server Bundle (bundle Server = MMIC, BIOS, adapter card controller, etc.) to see what you pouvez/may not combine:

http://www.Cisco.com/c/en/us/TD/docs/unified_computing/UCS/release/notes...

http://www.Cisco.com/c/en/us/TD/docs/unified_computing/UCS/release/notes...

-Record ALL responses and marked the question as answered if what you are looking for.

Kenny

Integrating Active Directory and UCS Manager

I'm looking to create an LDAP authentication provider in the UCS Manager that will authenticate users in Active Directory. I see the configuration guide UCS that a schema change is required to add a new attribute for user accounts and the guide details what the new attribute should be. However there are no detailed instructions on how to make the change to AD. I imagine some sort of import LDIFDE is required, but does anyone have more detailed steps on how to do it?

Thank you

You can ssh in your UCS, go to the NxOS prompt and test authentication as follows:

Laurel - A (nxos) # test cpaggen aaa cisco group ldap
the user has been authenticated
Laurel - A (nxos) # test aaa group ldap cpaggen cisco1
user authentication failed
Laurel - A (nxos) # test aaa group ldap foo doesntexist
user authentication failed
Laurel-a. (nxos) #

Make sure that this part of work. The role assignment comes from CiscoAVPair and the value must be a shell: roles = 'admin' If you want the user to be an administrator. CiscoAVPair must be an attribute of the user object. I've attached a screenshot of Wireshark for a successful authentication and authorization.

You will also find the definition of the user and configuration of my UCS.

Replace the UCS - b2xx HARD drive

We have a UCS with blades B200.

One of the HARD drive led STATIC amber, (it is a HARD drive failure according to the documentation), but UCS Manager did no show any alert.

My first question is... I see not awake in the UCS Manager? I have to turn on any kind of follow-up to the HARD drive?

The HARD drive was reflected with RAID 1, then why has decided to install a replacement.

We extracted the defective HARD drive and inserted a new (because they are Hot Swap we did with the server on).

But now the UCS Manager is showing the HARD drive as a disc UNKNOWN, so he did not recognize it

We rebooted the server with no luck.

What should I do any kind of procedure of the UCS to recognize the new drive and rebuild the RAID 1 mirror?

Thank you

Hello

Which firmware version are you running?

In versions prior to 2.0, we had has very little followed HDD and reports. The status UNKNOWN to the driver after installing a new is also due to a bug known in versions 1.4 or previous.

If you see the normal LEDs on the disc, then you know that the re - build is finished, you can also restart the blade and enter the optional ROM of LSI, and check the status of the drivers.

. / Afonso

6120 link down on mgmt0 triggers not UCS Manager failover cluster - is?

Hello friends

We have recently installed a cluster consisting of two 6120 UCS s configured for HA. When executing fail during test cases, we removed the network cable in mgmt0 on 6120 elementary. Immediately the cluster IP address is not responding ping (as expected) and we lost connectivity to the UCS Manager GUI (also as expected.) At one point, however, we expected the 6120 subordinate to detect that this link was down and launch a failure over the UCS. This is not moved after 20 minutes of waiting.

My questions are the following:
1. Is this expected behavior?
2. If this is not the case, what should us review to ensure that failover occurs in the future?
I know we can force a failover of the subordinate by issuing a command to the main cluster of local-mgmt but would be interested to see if it should be automatically produced on the failure of primary mgmt0 binding.

Thank you for your time.

Configured by default which is the expected behavior.

You can configure management interface and failover if the management interface loses connectivity such as your test scenario. That's what you're looking for.

Admin - Communication Management - Management Interfaces - Management Interface tab strategy control tab.

Kind regards

Robert

Users unable to SSH to UCS Manager

I have the LDAP users who are not able to ssh in the UCS Manager even though they can connect through the GUI. But locally defined users are able to get through the GUI and ssh.

Users who authenticate to UCS Manager via LDAP are able to connect via SSH as well?

Thank you.

Hello Bruce,.

Are you adding "ucs -" domain name?

For example, for access via SSH.

# Linux terminal.

SSH ucs-------@.

SSH-l ucs-------.

# Of putty client

Connect as: ucs-------.

And the domain name is case-sensitive.

HTH

Padma

The UCS Manager LDAP question

Similar Questions

Print.PNG

Maybe you are looking for