02-16-2017 10:42 AM - edited 03-01-2019 01:04 PM
I have 2 environments that were recently upgraded to 3.1(2e). After upgrading, I've found that logging into the CLI with local accounts is failing. It is also failing if I have the console auth set to local, and pass along my auth domain to log in via LDAP credentials, eg. using ucs-<authdomain>\<username>. The only way I can log into the CLI is if I change the native authentication to LDAP and log in with an AD account. My other environments that are running 3.1(2b) still work normally. Is this a known issue in 3.1(2e)? I'm not seeing it in the open caveats of the 3.1(2e) release notes nor am I finding anything in the bug tracker. It's not a significant issue for us so I haven't bothered to engage TAC yet...just wondering if others are seeing this issue as well.
02-16-2017 10:51 AM
Hey Brad,
I would enable some ldap debugging and see what is happening when the login fails and subsequently when the login is successful and compare the outputs.
http://www.cisco.com/c/en/us/support/docs/servers-unified-computing/ucs-infrastructure-ucs-manager-software/200092-UCSM-LDAP-Troubleshooting-guide.html
I cant think of any bugs off the top of my head, but if LDAP is native, you usually need to select the "local" dropdown when you login to use non-LDAP "admin" account.
HTH,
Wes
02-16-2017 05:28 PM
Hey Wesley,
Thanks for your reply. Just to clarify, this is more an issue with logging into the CLI with local accounts than an LDAP issue from what I am seeing. I have created multiple local accounts and am unable to log in via SSH using any of them. This is the case whether native authentication for the console is set to Local or when set to LDAP and using "ucs-Local\<username>" to log in.
There is a problem with logging in with LDAP credentials when native authentication for console sessions is set to Local, but I suspect that to be an artifact of the overall local login issue I'm seeing. I can log into the GUI with LDAP credentials, and I can log into the CLI with LDAP creds if I set native auth to LDAP. I'll do some digging and see what debug I might be able to turn up to get more insight into where this is failing.
Thanks,
Brad
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide