How to set UCS Locales using Radius/Tacacs+ Attributes

Doug Barnes · ‎07-20-2010

I know how to set a remotely authenticated/authorized users Role using the Radius av-pairs with UCS.

What Radius attribute/av-pair syntax is needed to set the users Locale within UCS?

I have tried shell:roles="role@locales" and shell:locales="locale name" with no success.

ncowger · ‎08-04-2010

It's not straight forward. See the attached PDF how I made it work.

Vincent La Bua · ‎10-26-2010

Something else to note:

Configuring locales to the user roles are not valid as these are global-system users:

- aaa

- admin

- operations

Locales can be configured only with following user roles:

- Network

- Server-equipment

- Server-profile

- Server-security

- Storage

Peter Cronwright · ‎07-21-2011

Is there an example of using locales with IAS or Radius, roles are working but the locales seem to be ignored. Should the locales be a seperate attribute or combined with the role?

Gabor Szabo · ‎08-16-2011

Hi Peter,

I have tested this using Tacacs and it had worked well:

shell:roles*" " shell:locales*" "

(single attribute, separator between role and locale is SPACE, separator between multiple roles/locales is also SPACE)

Probably the same syntax will work with Radius as well.

Cheers,

Gabor

james.munroe · ‎01-10-2014

Just a FYI to those out there trying to get Locales in UCSM working with with Cisco ACS 5.x. The attached image is the method to create the proper shell profile attribute values for locales support in UCSM with TACACS+ as the authenication domain. Vincent above also has it right on the priviledges available with locales support.

I am using the Manditory requirement as this shell profile is only used on Cisco UCS Devices.

I hope this saves someone a lot of frigging around! :-)

Jim