Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4648
Views
5
Helpful
7
Replies

Cisco DCNM Authentication using LDAP

garygrubb
Level 1
Level 1

‎11-14-2017 05:54 AM - edited ‎03-01-2019 06:15 PM

Hi All,

 

I am having trouble getting DCNM to authenticate via LDAP. Could someone please send me a screen-shot from a working config for my reference?

Does anyone know if I can configure more than one LDAP server? Form the DCNM GUI, it looks like I can only add one server.

 

2 people had this problem
Labels:
0 Helpful
7 Replies 7

AFROJ AHMAD
Cisco Employee
Cisco Employee

‎11-14-2017 07:41 PM

Hi ,

 

I have attached one image but I have not authenticated it .. because I do not work on DCNM now a days.

 A good rule of thumb is 389 for non-ssl, and 636 for ssl.

 

also you can refer the below link #

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/6_x/dcnm/fundamentals/guide/dcnm/DCNM-SAN-LAN_published/DCNM_Fundamentals/wc.html#wp1359721

 

If Base , DN etc are fine then foucs of "port number" , it should not be blocked.

 

You can run a wireshark/ tcpdump" to look into the issue further , if required.

 

Thanks-

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****
Preview file
46 KB

garygrubb
Level 1
Level 1
In response to AFROJ AHMAD

‎11-15-2017 01:41 AM

Thanks for the reply. This screenshot shows the default place holder text when DCNM is installed. I'm looking for an actual configured example. I matched up most of these fields but was not able to get it working. Will try & contact the security team for help.

0 Helpful

Albert Smith
Level 1
Level 1
In response to garygrubb

‎02-01-2018 12:43 PM

WHere you able to get the LDAP working for DCNM? I'm having the same issue I can configure but it rejects the login. When I look at the FMServer log I get a

 

acceptsecuritycontext error data 52e v1db1

 

Which states invalid credentials but alas they are not invalid.

 

 

0 Helpful

garygrubb
Level 1
Level 1
In response to Albert Smith

‎02-02-2018 05:28 AM

I was not able to get it working. Went with radius instead.

I worked with one of our LDAP experts & he needed to see what Cisco was expecting as a response from the LDAP server to grant access. As the Cisco documentation was not clear enough we could not proceed further.

 

0 Helpful

Albert Smith
Level 1
Level 1
In response to garygrubb

‎02-02-2018 05:36 AM

I assume it's not working then?

0 Helpful

garygrubb
Level 1
Level 1
In response to Albert Smith

‎02-02-2018 05:40 AM

Yes, it is not working.

So we authenticate with the radius server & Radius gets to authenticate with the LDAP server.

This way we still use our same AD credentials to login.

You can look into using a TACACS \ Radius solution. Note that only DCNM supports only one vendor with TACACS, Radius has more compatibility.

0 Helpful

onefiscus
Level 1
Level 1

‎05-14-2019 01:22 PM

Has anybody actually got this to authenticate to an AD server?  Could you send a real example with values changed for security sake.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card