Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2145
Views
0
Helpful
3
Replies

aaa ldap problem on UCS Manager

dinoantonucci
Level 1
Level 1

‎08-10-2012 02:57 PM - edited ‎03-01-2019 10:33 AM

Hi all,

i'm working on UCS Manager Suite and i would like configure Authentication method using LDAP protocol ( AD : Windows 2008 R2 Standard Edition).

I follow this configuration guide:

http://www.cisco.com/en/US/docs/unified_computing/ucs/sw/sample_configurations/UCSM_1_4_LDAP_with_AD/b_Sample_Configuration_LDAP_with_AD.pdf

but i obtained some message : authentication failed.

10.164.85.2 (UCS Manager)

10.164.85.21 (AD)

I have some doubt regarding  "Non-Admin Bind User Account" : what are the privileges that it need?

In attach wireshark capture taken on AD Server.

Regards.

Dino

133154-ldap_trace.pcapng.zip
0 Helpful
3 Replies 3

Brian Morrissey
Cisco Employee
Cisco Employee

‎08-10-2012 06:03 PM

Hi Dino,

It looks like it is trying to bind using the account "ucs binduser" and no password.  Can you verify a password is set on the bind account in ucs?  The bind account needs only read access to active directory.

scope security

scope ldap

show server

0 Helpful

dinoantonucci
Level 1
Level 1
In response to Brian Morrissey

‎08-11-2012 01:44 AM

Hi Brian,

this is output as you request:

UCS-DEMO-A /security/ldap # show server

LDAP server:

    Hostname or IP address   DN to search and read    Port  SSL  Password

    ------------------------ ------------------------ ----- ---- --------

    10.164.85.21             CN=ucs binduser,OU=DDUsers,DC=didata-dc,DC=local

                                                      389   No

You're right regarding no password set but i configure in "ldap provider menu'" password type.

Can you explain where do I define password for "ucs binduser" ?

Thank you for quick answer.

Dino

0 Helpful

dinoantonucci
Level 1
Level 1
In response to dinoantonucci

‎08-11-2012 04:54 AM

Hi Brian,

I deleted ldap provider profle and reconfigure new profile with same parameters and now it works.

I already use "aaa test server" command to verify authentication and it's works BUT if i checks output

scope security

scope ldap

show server

i obtained same output

DAP server:

    Hostname or IP address   DN to search and read    Port  SSL  Password

    ------------------------ ------------------------ ----- ---- --------

    10.164.85.21             CN=ucs binduser,OU=DDUsers,DC=didata-dc,DC=local

                                                      389   No

I expected **** under Password column.

Thank you for support.

Regards.

Dino

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking products for a $25 gift card