04-11-2011 10:57 PM
Hi,
Authentication and Accounting both function correctly, however Authorization fails with a code 0x10 denial (backed up by ACS accounting). Upon sniffing and decrypting the Authorization packet the Nexus sends, it is clear that all usernames are being truncated after 8 characters, and hence failing when it reaches ACS. Obviously in a multidomain windows authentication world it's nearly impossible to have a username string shorter than 8 characters.
For example if I login with a username of:
ciscoengineer
the decrypted authorization packet will contain the tag of:
user: ciscoeng
This is affecting both the 1000v and the 1010 appliance, both are on code version 4.2(1)SP1(2).
I cannot find any reference to a similiar existing open bug, so I'm going to raise a TAC case, however I thought I'd check on here to see if anyone had experienced anything similiar?
Many thanks,
Doug
04-11-2011 11:48 PM
Doug,
This is a known bug CSCtn75755 "Username with more than 8 characters login but have limited CLI access"
This is expected to be fixed in an upcoming patch release for 4.2(1)SV1(4)
I still suggest you log a TAC case so we can link the bug for tracking.
Regards,
Robert
04-12-2011 12:00 AM
Thanks for the info Robert. Do you happen to have any timescale info for the release?
Regards,
Doug
04-12-2011 12:30 AM
No tentative release date yet. I'd guess within the next 3-5 months.
Regards,
Robert
08-22-2011 06:18 PM
Any update on this?
08-22-2011 07:10 PM
According to our bug database it was fixed in the latest release which is 1.4a.
louis
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide