03-16-2022 07:07 AM
Hi Experts,
I was creating a local user account with the name "test" on APIC and after i did, i could not login with that. am i missing something here
DOC-APIC3-B18# show username admin
UserName : admin
First-Name :
Last-Name :
Email :
Account Status : active
Password strength check : yes
TOTP Status : no
TOTP Secret : N/A
*********
DOC-APIC3-B18# config t
DOC-APIC3-B18(config)# username test
DOC-APIC3-B18(config-username)# password
Password:
Retype password:
DOC-APIC3-B18(config-username)# show username test
UserName : test
First-Name :
Last-Name :
Email :
Account Status : active
Password strength check : yes
TOTP Status : no
TOTP Secret : N/A
DOC-APIC3-B18(config-username)#
I did the above config on APIC device but after i open another session and try to login with username "test", it will not login
Also, can someone please help me with the commands to configure local user account on N9K-C9336PQ
03-17-2022 12:59 AM
Out of curiosity, why don't you configure a new user using the APIC GUI?
Maybe you are not aware, but mixing the configuration of GUI and CLI is not supported. As a small suggestion: do all config changes from APIC GUI. It saves you the trouble of missing configuration or misconfig.
Anyway... about the problem you face:
1. You cannot login probably because you haven't selected the domain at the login prompt. I am just making the assumption that you have tacacs enabled and it's the default login domain.
2. Here is how the full config should look like (I highlighted with red what you missed in your configuration):
username test domain common role read-all exit exit domain all role admin priv-type writePriv exit exit exit
Basically, you need to add the domain, role and privilege type. The common domain is added by default.
For GUI config of users, you can find the details here: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/4-x/basic-configuration/Cisco-APIC-Basic-Configuration-Guide-401/Cisco-APIC-Basic-Configuration-Guide-401_chapter_011.html#concept_C29611371F5549F7AD548BA528CECE3E
For Nexus, here is the config guide: https://www.cisco.com/c/en/us/td/docs/dcn/nx-os/nexus9000/102x/configuration/Security/cisco-nexus-9000-nx-os-security-configuration-guide-102x/m-configuring-user-accounts-and-rbac.html
Take care,
Sergiu
03-17-2022 11:35 AM
hi,
thanks for your valuable suggestion. I tried from GUI and it worked. I am new to Nexus9k environment and we have two datacenters and have ACI fabric. So, just learning.
So, i tried to login to APIC with the new credentials i created and i was through however cli did not work. Do you think there is something i am missing.
03-18-2022 12:00 AM
Because you have tacacs/radius domains configured as default domain, when you want to ssh to APIC, you need to use the following format to specify any other format (including the fallback/local)
apic#<domain>\\<username>
For example, when the you have the fallback domain enabled, and want to login as admin, try: apic#fallback\\admin
Stay safe,
Sergiu
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide