Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2552
Views
0
Helpful
4
Replies

VCS Login Failure

Go to solution
RICHARD MESSINGER
Level 7
Level 7

‎09-05-2013 11:58 AM - edited ‎03-18-2019 01:45 AM

have a physical VCS running 7.2.2 software as a Controller.

Somehow the configuration got changed so that it is trying to authenticate Remote logins via LDAP that has not been configured.

Therefore, all web access seems to be dead, but I can connect through the console cable to make changes.

But I can not find in the xconfinguration parameters where I tell the system to use the local database for authentication for both admin and user.

any help is appreciated

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Alok Jaiswal
Cisco Employee
Cisco Employee

‎09-05-2013 11:20 PM

Hi Richard,

Even though the LDAP fails your local authenticaton works if under the configuration you set to remote login "both".

Coming to your problem, If you have root access then you can login through the root and then run the command "tsh" which takes you to t-shell basically to admin login.

run the command "xcommand DefaultValuesSet level: 2" this will wipe of your LDAP authentication configuration.

now you should be able to login as local admin through web page. if you don't have admin password then login through root again and run the command "passwd admin" and reset the password for admin.

Rgds

Alok

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Wayne DeNardi
VIP Alumni
VIP Alumni

‎09-05-2013 07:04 PM

According to the documentation, even if the authentication source is set to something else, you should still be able to log in via the "admin" account.

You could try taking note of what the LDAP Server Address is in the config, then set it back to blank to make the LDAP fail and revert to local authentication with:

   xConfiguration Login Remote LDAP Server Address: ""

Failing that, you could try resetting the authentication source (step 4 below) and/or the root or admin password via the serial connection:

1. Connect a PC to the VCS using the serial cable

2. Restart the VCS.

3. Log in from the PC with the username pwrec

4. If the administrator account authentication source is set to Remote, you are given the option to change the setting to Both; this will allow local administrator accounts to access the system.

5. Select the account (root or admin) whose password you want to change.

6. You will be prompted for a new password.

The pwrec account is only active for one minute following a restart.

Wayne

Please remember to mark helpful responses and to set your question as answered if appropriate.

0 Helpful

Go to solution
Alok Jaiswal
Cisco Employee
Cisco Employee

‎09-05-2013 11:20 PM

Hi Richard,

Even though the LDAP fails your local authenticaton works if under the configuration you set to remote login "both".

Coming to your problem, If you have root access then you can login through the root and then run the command "tsh" which takes you to t-shell basically to admin login.

run the command "xcommand DefaultValuesSet level: 2" this will wipe of your LDAP authentication configuration.

now you should be able to login as local admin through web page. if you don't have admin password then login through root again and run the command "passwd admin" and reset the password for admin.

Rgds

Alok

0 Helpful

Go to solution
RICHARD MESSINGER
Level 7
Level 7
In response to Alok Jaiswal

‎09-06-2013 01:58 PM

That did work, but caused some additional problems in that I had to re add all of the configuration information.

there has got to be a more gentle way of fixing that.

but it is working again.

Thanks

0 Helpful

Go to solution
Alok Jaiswal
Cisco Employee
Cisco Employee
In response to RICHARD MESSINGER

‎09-06-2013 09:18 PM

Hi Richard,

It should not have done that. it is supposed to wipe of LDAP configuratin only.  if you run value set level as "3" it will remove all the configuration along with ip-address, but level "2" should be ok.

value set level 2 should reset below things.

Configuration items reset by DefaultValuesSet level 2

The following table lists the configuration items that are reset by xCommand DefaultValuesSet

Level: 2 and their reset values.

Configuration item Reset value

Alternates Cluster Name

Authentication ADS ADDomain

Authentication ADS Clockskew 300

Authentication ADS DC Address

Authentication ADS Encryption TLS

Authentication ADS KDC Address

Authentication ADS KDC Port 88

Authentication ADS Mode Off

Authentication ADS SecureChannel Auto

Authentication ADS SPNEGO Enabled

Authentication ADS Workgroup

Login Administrator Groups Group [1..30] Access ReadWrite

Login Administrator Groups Group [1..30] Name

Login Administrator Source Local

Login Remote LDAP BaseDN Accounts

Login Remote LDAP BaseDN Groups

Login Remote LDAP DirectoryType ActiveDirectory

Login Remote LDAP Encryption Off

Login Remote LDAP SASL DIGEST-MD5

Login Remote LDAP Server Address

Login Remote LDAP Server Port 389

Login Remote LDAP VCS BindDN

Login Remote LDAP VCS BindPassword

Login Remote LDAP VCS BindUsername

Login Remote Protocol LDAP

Login User Groups Group [1..15] Access ReadWrite

Login User Groups Group [1..15] Name

Login User Source Local

Rgds

Alok

0 Helpful
Customers Also Viewed These Support Documents