Dave,
You may be running into a variant of this bug.
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCto71695
Symptom:
When a customer uses external servers (radius,tacacs,ldap,etc) for UCSM authentication and the total characters for the username and domain combined exceed 28, UCSM will report that User Authentication has failed. External server has no record that a request was sent.
When user logs in with a name of combined 27 characters, it is shown in the remote authentication tab as ucs-AuthenticationDomain\UserName. The total length of this string is 32 characters which is the limit of a locally created username. UCS is adding 5 characters to the string 'ucs-' and '\'.
If the remote users are limted to 32 characters, the error message should state 'AuthenticationDomain'\'UserName' exceeds limit of 27 characters.
HTH,
Dan