Re: User group access (read-only) to the Fabric Interconnect's console

Acedude · ‎08-01-2019

Is there a way to set up group access to the FI's console?

We are able to add a read-only 'Locally Authenticated User,' and provide read-only access to the FI console, which works.

However, we would like to setup a group of ldap users (UCSM 'Admin > User Management > User Services > Roles') and have them show up as 'network-operator read-only' users on the FI.

Thank you in advance.

Stephan Cook · ‎08-01-2019

Do you use AD or LDAP for authentication. If you do you can create a group mapping and then assign that mapping to a role.

Acedude · ‎08-02-2019

We do have several AD group mappings assigned to roles for various tasks.
However, it appears that there are no 'Privileges' within a role that creates the user account in the FI for FI Console access.

We have a need for a group of users to be able to SSH into the FI console as read-only users.

Currently, we can only accomplish this by adding each user manually to the 'Locally Authenticated Users' group, checking the 'read-only' role for that user. Then this user shows up in the FI as a 'network-operations read-only' user, and can then SSH into the FI Console.

We are stuck not being able to create a user group because:
1. 'Locally Authenticated Users' does not appear to integrate with AD.
2. The 'Roles' seem to authenticate users for UCSM operations. There does not seem to be a 'Privilege' that allows users to Console into the FI.