Remote
Authentication
Guidelines and Recommendations for Remote Authentication Providers
If you configure a system for one of the supported remote authentication services, you must create a provider for that service to ensure that Cisco UCS Central can communicate with it. In addition, be aware of the following guidelines that impact user authorization:
User Accounts in Remote Authentication Services
User accounts can exist locally in Cisco UCS Central or in the remote authentication server. You can view the temporary sessions for users who log in through remote authentication services through Cisco UCS Central GUI or Cisco UCS Central CLI.
User Roles in Remote Authentication Services
Local and Remote User Authentication Support
Cisco UCS Central uses LDAP, RADIUS and TACACS+ for remote authentication.
User Attributes in Remote Authentication Providers
When a user logs in, Cisco UCS Central:
-
Queries the remote authentication service.
-
Validates the user.
-
Checks for the roles and locales assigned to that user, (if user passed validation).
Sample OID for LDAP User Attribute
The following is a sample OID for a custom CiscoAVPair attribute:
CN=CiscoAVPair,CN=Schema, CN=Configuration,CN=X objectClass: top objectClass: attributeSchema cn: CiscoAVPair distinguishedName: CN=CiscoAVPair,CN=Schema,CN=Configuration,CN=X instanceType: 0x4 uSNCreated: 26318654 attributeID: 1.3.6.1.4.1.9.287247.1 attributeSyntax: 2.5.5.12 isSingleValued: TRUE showInAdvancedViewOnly: TRUE adminDisplayName: CiscoAVPair adminDescription: UCS User Authorization Field oMSyntax: 64 lDAPDisplayName: CiscoAVPair name: CiscoAVPair objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,CN=X