Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1568
Views
0
Helpful
4
Replies

UCSManager (v.2.0(1s)) - Locales and Remotely Authenticated Users (AD)

James Johnston
Level 1
Level 1

‎05-11-2012 08:30 AM - edited ‎03-01-2019 10:24 AM

Hello,

We recently added LDAP authentication to our UCS Manager (v2.0(1s)) and the binding of roles works and users are able to login using their AD accounts.  However, I was wondering if anyone knows how to assign a locale to a remotely authenticated user.  The option seems greyed out on my end.  There are a handful of people that only need to see their single blade and we don't want them to see the rest of our servers.

Thanks,

0 Helpful
4 Replies 4

padramas
Cisco Employee
Cisco Employee

‎05-11-2012 10:50 AM

Hello James,

Are those remote users assigned with one of the following roles ?

aaa

admin

operation

If yes, locale cannot be mapped to them as they have system access.

http://www.cisco.com/en/US/docs/unified_computing/ucs/sw/gui/config/guide/2.0/b_UCSM_GUI_Configuration_Guide_2_0_chapter_01001.html#concept_5D024749129F4B518E0C394637D34E8C

Padma

0 Helpful

James Johnston
Level 1
Level 1
In response to padramas

‎05-11-2012 11:20 AM

No they weren't part of those groups.  I see where I went wrong: the mappings I made didn't include the locale, only the roles section.

However, I noticed another issue.  Anyone that is in the base OU and below is allowed access to UCS Manager.  Even if they are NOT apart of a UCS mapping, they get read-only access and see everything.  Is there a way to deny all access unless a user is specifically apart of a group in AD that is mapped to a role in UCS Manager?

Lets say I have a blade on chassis 1 slot 6.  I want a user in AD to only see and have access to that blade.  Nothing else.  Is that possible?

Thank you in advance for any help.

0 Helpful

padramas
Cisco Employee
Cisco Employee
In response to James Johnston

‎05-11-2012 11:34 AM

James,

It is not possible to restrict user to view only the blades that  are mapped under configured locale.

On a side note, a user not mapped to any roles in UCSM can be denied access to UCSM.

http://www.cisco.com/en/US/docs/unified_computing/ucs/sw/gui/config/guide/2.0/b_UCSM_GUI_Configuration_Guide_2_0_chapter_0111.html#concept_7148E6B8D176423394C1227B48EDFEDE

Padma

0 Helpful

James Johnston
Level 1
Level 1
In response to padramas

‎05-11-2012 11:47 AM

Ahh, there we go, perfect!

I guess it should be OK for them to view the other aspects of our environment.  Thank you very much Padma!

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Review Cisco Networking for a $25 gift card