Introduction
Cisco DCNM implements user-based access to allow you to control who can access a Cisco DCNM server by using the Cisco DCNM client. User access is secured by a password. Cisco DCNM supports strong passwords. You can use local authentication as the primary authentication mode. If you specify RADIUS or TACACS+ as the primary authentication mode, the Cisco DCNM server always falls back to local authentication if no authentication server for the current authentication mode is reachable.
RADIUS and TACACS+ Authentication
You can configure Cisco DCNM to authenticate users with either the RADIUS or TACACS+ AAA protocol. Cisco DCNM supports primary, secondary, and tertiary authentication servers for RADIUS and TACACS+. Only a primary server is required. For each authentication server, you can specify the port number that the server listens to for authentication requests.
User Role Assignment by RADIUS and TACACS+
Cisco DCNM supports the assignment of a user role by the RADIUS or TACACS+ server that grants a user access to the Cisco DCNM client. The user role assigned to a user is in effect for the current session in the Cisco DCNM client only.
To assign a Cisco DCNM user role by RADIUS, configure the RADIUS server to return the RADIUS vendor-specific attribute 26/9/1, which is the Cisco-AV-Pair attribute. To assign a Cisco DCNM user role by TACACS+, the TACACS+ server must return a cisco-av-pair attribute-value pair. If an authentication response does not assign the user role, Cisco DCNM assigns the User role.
Change Admin Password
Follow the steps to change admin password.
1. SSH to the DCNM server
2. cd to /usr/local/cisco/dcm/fm/bin
3. "./addUser.sh --help" to see the syntax of the command.
The syntax for the addUser.sh script is "./addUser.sh <username> <password> <dbpassword>". The adduser script can be used to add new user accounts or to change the password of existing user accounts.
4. To change the admin password, the command would look something like this,
"./addUser.sh admin <new password> <dbpassword>"
If you have forgetten the database password, then you can find it in the file, /usr/local/cisco/dcm/jboss-as.7.2.0-Final/standalone/conf/postgres.cfg.xml. Use the command "cat /usr/local/cisco/dcm/jboss-as.7.2.0-Final/standalone/conf/postgres.cfg.xml" to print the contents of the file to the screen.
Related Information
Administering DCNM Authentication Settings
Cisco DCNM License Management
Cisco Prime DCNM - change GUI admin password from CLI