UCS Manager 2.2 - LDAP authentication

Similar Questions

• The UCS Manager LDAP question

  Hi guys,.

  I was wondering if anyone could help with a weird problem that we seem to have met with our UCS Manager.  We set it up to use LDAP authentication for log on which works very well for four of the five members of the team, but we have a user that although it is in exactly the same groups as the rest of us continually gets unautheticated errors to the user.

  We did the habit of checking that it is not his machine or installation and in the newspapers that it even does not save an attempt to log on default so not sure what I can check any thoughts would be much appreciated!

  We use UCSM v2.1 (1e) in case it's relevant?

  Thank you very much

  John

  I ran into the same issue.  Has proved to be a bug in the firmware DN was too long.

  CSCth96721

  It is more a limitation of 128 characters for the number of units of organization or the length of the distinguished name (DN) when you use LDAP to Active Directory authentication.

  http://www.Cisco.com/en/us/docs/unified_computing/UCS/release/notes/UCS_28313.html

• Integrating Active Directory and UCS Manager

  I'm looking to create an LDAP authentication provider in the UCS Manager that will authenticate users in Active Directory. I see the configuration guide UCS that a schema change is required to add a new attribute for user accounts and the guide details what the new attribute should be. However there are no detailed instructions on how to make the change to AD. I imagine some sort of import LDIFDE is required, but does anyone have more detailed steps on how to do it?

  Thank you

  You can ssh in your UCS, go to the NxOS prompt and test authentication as follows:

  Laurel - A (nxos) # test cpaggen aaa cisco group ldap
  the user has been authenticated
  Laurel - A (nxos) # test aaa group ldap cpaggen cisco1
  user authentication failed
  Laurel - A (nxos) # test aaa group ldap foo doesntexist
  user authentication failed
  Laurel-a. (nxos) #

  Make sure that this part of work. The role assignment comes from CiscoAVPair and the value must be a shell: roles = 'admin' If you want the user to be an administrator. CiscoAVPair must be an attribute of the user object. I've attached a screenshot of Wireshark for a successful authentication and authorization.

  You will also find the definition of the user and configuration of my UCS.

• UCS Manager logon box Java problem

  I'm testing Java 7 update 55 with the UCS Manager to verify that all features working. When I opened UCS manager connection poster box but I noticed that the 'Domain' option does not appear. Without it, I can't choose between LDAP or local authentication.

  Someone at - it solved this problem with versions of Java (more recent than the 45 update)?

  Thank you.

  You can upgrade UCSM whitout put to rest, but the supported configuration is to have UCSM, fabric and IOM (which is included with the 'Infrastructure package') running the same version...

  Now you can just upgrade the infrastructure bundle and check 'Table 2' both of the links below to confirm compatibility with the Server Bundle (bundle Server = MMIC, BIOS, adapter card controller, etc.) to see what you pouvez/may not combine:

  http://www.Cisco.com/c/en/us/TD/docs/unified_computing/UCS/release/notes...

  http://www.Cisco.com/c/en/us/TD/docs/unified_computing/UCS/release/notes...

  -Record ALL responses and marked the question as answered if what you are looking for.

  Kenny

• Fabric connecting LDAP authentication

  Hi guys,.

  I am running 2.0(2q) UCSM

  I was wondering if there was a way of configuring LDAP authentication by logging in via SSH to the FIs?

  I installed all group mappings and adds users to these groups without any problems, but I can't seem to figure out how to get LDAP for authentication when you use a session SSH on the FI.

  Someone at - he put in place before?

  Thank you

  Doug,

  Are you sure you are using the correct syntax when connecting via CLI?

  If AD authentication works through the GUI, it should work in CLI.

  http://www.Cisco.com/en/us/docs/unified_computing/UCS/SW/CLI/config/Guide/2.0/b_UCSM_CLI_Configuration_Guide_2_0.PDF

  

  Kind regards

  Robert

• UCS Manager 2.0 (1W) read only role grayed out

  Hi, I want to create a user authenticated locally in UCS Manager with read-only permissions, but when I go to add the role of read-only user is not available for selection (it is grayed out). No idea how to solve this problem and make the read-only role available for selection? Screenshot attached. Thank you.

  It is activated by default.

  Don't assign it not all roles to your new user and they will automatically get the read-only.

  Kind regards

  Robert

• Users unable to SSH to UCS Manager

  I have the LDAP users who are not able to ssh in the UCS Manager even though they can connect through the GUI.  But locally defined users are able to get through the GUI and ssh.

  Users who authenticate to UCS Manager via LDAP are able to connect via SSH as well?

  Thank you.

  Hello Bruce,.

  Are you adding "ucs -" domain name?

  For example, for access via SSH.

  # Linux terminal.

  SSH ucs-------@.

  SSH-l ucs-------.

  # Of putty client

  Connect as: ucs-------.

  And the domain name is case-sensitive.

  HTH

  Padma

• El Capitan LDAP authentication

  I am trying to setup on El Capitan Macbook LDAP authentication. I've prepared OpenLDAP server on the Linux host with the necessary users. This LDAP was added in the directory as LDAPv3 with set of mappings of RFC2307 utility.

  Computer can connect to LDAP, because green circle seen in there:

  Users and groups > connection options > network server account > hostname of the LDAP server

  The problem is that the user is unable to connect by using LDAP. No matter what I go to the login prompt (including complete DN), I can see say journal entry:

  SecurityAgent: Unknown user 'adrian' connection attempt SPENT for the audit.

  How can I review more about connection?

  So that the own Apple Open Directory is based on OpenLDAP, it is not the same. Not only do you have conveniently add additional entries to OpenLDAP i.e. Apple own LDAP schema, but you also need to configure Kerberos on the Linux server as well as Open Directory uses a combination of LDAP and Kerberos for authentication.

  In my view, it is possible to do all the extra steps to get a Linux server to fully act as the equivalent of an Open Directory server, but that you're barely at half way.

  See - http://deepport.net/archives/setting-up-a-linux-server-for-os-x-clients/

  and - http://www.torriefamily.org/~torriem/wiki/computer_stuff:opendir_and_ldap

  These articles do not cover Kerberos, but perhaps of additional useful information for the previous link.

  See - http://blog.michael.kuron-germany.de/2009/04/building-your-own-opendirectory-ser ver-on-linux /

  and - http://cs.unk.edu/~zhengaw/projects/openldap-server/

• Error UCS Manager Console KVM to open after Java Update

  After the upgrade to version 1.7_21 Java I tried to access the KVM console from within the UCS Manager (v2.1 (1 d)) and get the error message:

  "Cannot run the program"C:\\Program": CreateProcess = 2 error, the system cannot find the file specified."

  I tried to remove installed applications and applets as well as temporary files from the Java console inside, but it does not solve the problem. We also tried to launch the console KVM in KVM Manager and that works very well. Everything works correctly when you run Java 1.7_17.

  Everyone knows about this problem since upgrade to 1.7_21?

  Thank you.

  In the meantime, you can install Java in a directory path that has no space to work around the problem. For example: c:\Java\jre7

  This will give you access KVM again.

• AnyConnect user using the user certificate authentication and LDAP authentication

  Hello

  I'm trying to implement the Anyconnect VPN for my office. Now, I want the user to authenticate the user certificate based (which is install user local system are we) CN value and LDAP authentication. A help how to achieve this requirement. We install Certificate ROOT and INTERMEDIATE Godaddy and even already installed ASA. Also, we have the user certificate installed on each system user to authenticate the user.

  Any help please.

  Hi subhasisdutta,

  This link will certainly help you with the configuration:

  http://www.Cisco.com/c/en/us/support/docs/security/AnyConnect-secure-mob...

  Hope this info helps!

  Note If you help!

  -JP-

• UCS Manager & Vmware

  Hi guys,.

  Before we set our Cisco UCS solution in we have Vmware running with Nexus 1000v switch. After the installation of the Cisco UCS solution, we migrated a lot off the coast of the old system to the new. By reading the manual on setting up vCenter, Port and VMS profiles in UCS Manager, it seems that this creates a new on the nexus 1000v vsm. Anyway is to import what we have so that we see in the UCS Manager?

  David, the functionality of the UCS you speak is known as VN-Link in the material while the Nexus 1000v is known as VN-link in the software. Installation and configuration is very similar to the Nexus 1000v but they are separated distributed virtual switches.

  Unfortunately, you can't use both because they require the VEM loaded on ESX hosts and the UCS VN-link requires a login policy dynamic UCS vNIC. If you use the 1000v, you will not be able to use the VM tab in UCSM and you will not see anything on the virtual computers tab on a Service profile.

  In my opinion the Nexus 1000v is preferable because is offer more features, more scalable and is managed/set NX - OS. Of the UCS VN-link option also limits the number of virtual machines, you can run on a host computer, because the dynamic vNIC takes in charge a maximum of 56 depending on how rising your chassis to your FIs. If you have only 2 uplinks of your chassis then the max machines virtual host when using the UCS VN-Link is 20-24, according to the number of vNIC ESX host, you create as part of your Service profile.

• 6120 link down on mgmt0 triggers not UCS Manager failover cluster - is?

  Hello friends

  We have recently installed a cluster consisting of two 6120 UCS s configured for HA. When executing fail during test cases, we removed the network cable in mgmt0 on 6120 elementary. Immediately the cluster IP address is not responding ping (as expected) and we lost connectivity to the UCS Manager GUI (also as expected.) At one point, however, we expected the 6120 subordinate to detect that this link was down and launch a failure over the UCS. This is not moved after 20 minutes of waiting.

  My questions are the following:

  1. Is this expected behavior?
  2. If this is not the case, what should us review to ensure that failover occurs in the future?

  I know we can force a failover of the subordinate by issuing a command to the main cluster of local-mgmt but would be interested to see if it should be automatically produced on the failure of primary mgmt0 binding.

  Thank you for your time.

  Configured by default which is the expected behavior.

  You can configure management interface and failover if the management interface loses connectivity such as your test scenario.  That's what you're looking for.

  Admin - Communication Management - Management Interfaces - Management Interface tab strategy control tab.

  

  Kind regards

  Robert

• XenServer on UCS Manager 2.1

  Hello

  According to the compatibility matrix, XenServer is not supported on the blades of the UCS in UCS Manager 2.1...

  I wonder if that is a documentation error, or simply true...

  In case this is the last... How is that possible?

  Thank you

  He has not qualified yet, but it should be in the near future.

  Robert

• UCS Manager release Upgrade Advisor

  Hello

  We have a UCS with UCS Manager 2.0 infrastructure (3) output and vSphere 4.1.

  Now, we would like to improve our infrastructure to vSphere to version 5.1. Taking into account the fact that 2.0 (3) UCS Manager does not support vSphere 5.1, is it interesting in the UCS Manager upgrade to 2.0 (4) or 2.0 (5) compared to upgrade to the latest version 2.1 (1)? I think the stability, or maybe other reasons...?

  Thank you

  Yes - all build train which is more mature (ie. more frequently patched) must inheritly be more stable.  When you introduce new features, as there are a lot of difficulties in the case of 2.1 added after that we discover strange things visitors try to do with the product.  It is impossible to QA a product for each customer & deployment disparity.

  If you don't need the new features, specific HW or SW OS supports, then stay with the current 2.0 train.  It's just more mature than 2.1.  We should have our first 2.1 patch temporarily to come in a few months.  At that point I would start to promote the 2.1 as being the more stable & recommended version.

  Kind regards

  Robert

• installation document ucs Manager

  someone can tell us where ucs manager is executed or can antbody can tell us where we can find a facility for ucs document manager with c-series single pedestal.

  Thanks in advance

  Erick,

  I think you are talking about two different things.  UCS Manager is for blades of series B and C-Series, which are built/managed by UCSM.  Stand-alone C-series is no manager of UCS.  Each C-Series is managed independently by the MMIC (Cisco integrated management controller).

  Kind regards

  Robert