cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

198
Views
0
Helpful
3
Replies
khgrant
Cisco Employee

NSO 4.1.1 Auth issues

 

Hi folks,

 

 

I am working to setup 4.1.1 in a system-install mode. The installation completes successfully and throws some information out towards the end regarding PAM-based authentication (vs. Local Auth in pre-4.1 NSO versions).

 

    • I went ahead and created some local accounts (admin / oper); assigned them to suggested groups (ncsadmin, ncsoper) respectively.

    • I also enabled WebUI to allow for NSO portal in ncs.conf

    • I have enabled Local-Authentication leaving PAM Auth enabled

    • I then disabled PAM Authentication

    • Each time I made a change – I’ve saved ncs.conf and restated NCS.

  Issues I’m running into: 

    • When I connect the the Web Portal – I’m unable to log on to using any of the user IDs on my system (Nick, admin, oper) - Local or PAM.

    • If I disable PAM while keeping Local-Authentication in place. Same result with different messages in audit.log.

 

  1. Audit.log with Local Authentication

 

Audit.log with PAM enabled

 

Initially, when I connected to the NSO CLI (ncs_cli –u admin), all I saw was just one command ‘exit’. Eventually, after a reboot, I was able to see the normal set of options I would expect to see. CLI is working as expected.

 

 

Is there any documentation that explains the optimum set of user / group configuration one must use to get NSO installed seamlessly ??

 

 

Thanks & Regards,

 
Nick Khemani

1 ACCEPTED SOLUTION

Accepted Solutions
khgrant
Cisco Employee

 

The main thing that helped me was the correctly assign Linux users to ‘ncsadmin’ and ‘ncsoper’ groups and leave PAM enabled. In terms of authentication, IF all methods are enabled, NSO will try (1) PAM (2) external auth and lastly (3) local-authenticaion mechanisms.