cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
33
Views
2
Helpful
3
Replies
Cisco Employee

NSO External Authentication not working for Web GUI

 

Hi Team,

 

 

We are facing a strange problem after turning on the external authentication through AAA for the NSO.The ‘curl’ and ‘ssh’ from the local host into the NCS works fine.The ‘curl’ also works fine from a remote host into this ncs into port 8080.The problem is with the ‘Web Gui page login’

 

 

When we try to login through the 'web gui’ page it says the authentication failed but the ncs 'audit logs' show that the external authentication has been successful.

 

 

Audit log captures -

 

<INFO> 24-Aug-2016::18:11:15.171 sngkc-nfv-nso-2 ncs[29765]: audit user: nsouser/0 Logged in over ssh using externalauth, member of groups: ncsadmin

 

<INFO> 24-Aug-2016::18:11:22.070 sngkc-nfv-nso-2 ncs[29765]: audit user: nsouser/0 Logged in over ssh using externalauth, member of groups: ncsadmin

 

(END)

 

 

Web Gui – what we see

 

Everyone's tags (4)
3 REPLIES 3
Highlighted
Cisco Employee

Re: NSO External Authentication not working for Web GUI

 

<Second Try>

 

 

Hi Team,

 

 

Has anyone come across this issue?TAC case is open at the moment.

 

Appreciate any inputs if anyone has come across this issue before.

 

 

Thanks,

 

Vineet

 

Highlighted
Cisco Employee

Re: NSO External Authentication not working for Web GUI

 

Hi,

 

 

Let me answer here too for later reference.

 

I found that it's due to a bug, and it's fixed in 4.1.2 for 4.1 branch.

 

NSO 4.2 has the fix already.

 

 

External authentication has a feature to ask user for any warning.

 

ncs.conf has the switch how the warning should be treated.

 

 

-----

 

<aaa>

 

   <expiration-warning>prompt</expiration-warning>

 

</aaa>

 

-----

 

This config is there at default for system install.

 

To workaround, remove this or change it to ignore.

 

 

Regards,

 

Akira

 

Highlighted
Cisco Employee

Re: NSO External Authentication not working for Web GUI

 

HI Akira,

 

 

Let me thank you here as well

 

Its indeed was the mentioned bug and the workaround works.We tried it at out customer’s environment and its working.Thank you.Totally appreciated!

 

 

Also extending thanks to the guys who were helping out here – Michel, Fatih and Tamal.Thank you guys for all the support!

 

 

Best,

 

Vineet