Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2147
Views
0
Helpful
7
Replies

CIMC syncrhonize with Active Directory

walter_beach
Level 1
Level 1

‎03-22-2012 03:51 PM - edited ‎03-01-2019 10:20 AM

Hello,

I'm trying to use Active Directory Authentication to connect to CIMC and it is not working.

Following documentation I have done the following:

Logged on to the website

Went to Admin and then to Active Directory

Enabled: Checked

Server IP Address: static IP of domain controller

Timeout: 60

Enable Encryption: unchecked

Domain: domain name.  Example: test.local

Attributes: CiscoAVPair

In AD Schema

I added the attribute:

CiscoAVPair

Description: CiscoAVPair

Common Name: CiscoAVPair

X 500 OID: 1.3.6.1.4.1.9.287247.1

Syntax: Case Sensitive String

Minimum: Blank

Maximum: Blank

Attribute is active: Checked

Index this attribute: unchecked

replicate this attribute to the global catalog: unchecked

Attribute is copied when duplicating a user: unchecked

index this attribute for containerized searches: unchecked

I added the pair under classes for user

Under my account in adsi edit I went into my properties found the CiscoAVPair

and changed its properties to

shell:roles="admin"

I tried logging on as

user

password

and

test\user

password

Both say Login failed.  Verify that your username and password are correct.

Any help would be appreciated.

Thank you,


Walter

0 Helpful
7 Replies 7

padramas
Cisco Employee
Cisco Employee

‎03-22-2012 10:24 PM

Walter,

What is the CIMC version ?

Padma

0 Helpful

walter_beach
Level 1
Level 1
In response to padramas

‎03-23-2012 07:33 AM

Hello,

Thank you for your reply.

Cisco Integrated Management Controller

ucs-c2xx-m2

Version 1.3(2j)

0 Helpful

padramas
Cisco Employee
Cisco Employee
In response to walter_beach

‎03-23-2012 07:45 AM

Hello Walter,

I tested with 1.4 and had no issues with it.

Can you please check CLI access ?

If it is Linux client,

ssh -l \\ 

If it fails, please login into CIMC with local user account and provide us the relevant log messages from CIMC > Admin > CIMC log section for the failed login attempt.

Padma

0 Helpful

walter_beach
Level 1
Level 1
In response to padramas

‎03-23-2012 07:56 AM

Hello,

I found the following entries in the log that seem related.

I tried from Putty and it did not work.   I tried vdc\bea0196 and just bea0196 and neither seemed to matter

pam_session_manager(sshd:auth): Authentication Failure user bea0196

authTempCredentials2() - could not open /tmp/aim/dynamic/tempcred/bea0196

last message repeated 15 times

mcddI2CDrv.c:861:PI2CPerformOP: ioctl to driver failed to read Bus[f0].Dev[c2]!  ErrorStatus[fe]

Login failed (user:bea0196, ip:10.86.253.13, service:sshd)

pam_auth_status(sshd:auth): Login Failed for user=bea0196, host=10.86.253.13

pam_local_manager(sshd:auth): Authentication Failure user bea0196

pam_ldap_manager(sshd:auth): Start ----------->

Thank you,

Walter

0 Helpful

padramas
Cisco Employee
Cisco Employee
In response to padramas

‎03-23-2012 08:04 AM

Hello,

Can you please share additional logs for the event ?

LDAP messages would be logged by pam_ldap_manager

Padma

0 Helpful

walter_beach
Level 1
Level 1
In response to padramas

‎03-23-2012 09:30 AM

Hello,

Here are the results

pam_ldap_manager(webgui:account): Could not get pam data for authTok

pam_ldap_manager(webgui:account): At least one Role Group must be configured

0 Helpful

padramas
Cisco Employee
Cisco Employee
In response to walter_beach

‎03-26-2012 05:00 AM

Hello Walter,

Please open a TAC service request along with the logs so that we can take a look at it.

Padma

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Review Cisco Networking for a $25 gift card