Cisco Systems OL-25712-04 Security Camera User Manual

Open as PDF

of 768

User Accounts in Remote Authentication Services

User accounts can exist locally in Cisco UCS Manager or in the remote authentication server.

The temporary sessions for users who log in through remote authentication services can be viewed through

Cisco UCS Manager GUI or Cisco UCS Manager CLI.

User Roles in Remote Authentication Services

If you create user accounts in the remote authentication server, you must ensure that the accounts include the

roles those users require for working in Cisco UCS Manager and that the names of those roles match the

names used in Cisco UCS Manager. Depending on the role policy, a user may not be allowed to log in or will

be granted only read-only privileges.

User Attributes in Remote Authentication Providers

For RADIUS and TACACS+ configurations, you must configure a user attribute for Cisco UCS in each remote

authentication provider through which users log in to Cisco UCS Manager. This user attribute holds the roles

and locales assigned to each user.

This step is not required for LDAP configurations that use LDAP Group Mapping to assign roles and

locales.

Note

When a user logs in, Cisco UCS Manager does the following:

Queries the remote authentication service.

Validates the user.

If the user is validated, checks for the roles and locales assigned to that user.

The following table contains a comparison of the user attribute requirements for the remote authentication

providers supported by Cisco UCS.

Table 7: Comparison of User Attributes by Remote Authentication Provider

Attribute ID RequirementsSchema ExtensionCustom

Attribute

Authentication

Provider

The Cisco LDAP implementation

requires a unicode type attribute.

If you choose to create the

CiscoAVPair custom attribute, use

the following attribute ID:

1.3.6.1.4.1.9.287247.1

A sample OID is provided in the

following section.

Optional. You can choose to do

either of the following:

• Do not extend the LDAP

schema and configure an

existing, unused attribute

that meets the requirements.

• Extend the LDAP schema

and create a custom attribute

with a unique name, such as

CiscoAVPair.

Not required if

group mapping

is used

Optional if

group mapping

is not used

LDAP

Cisco UCS Manager GUI Configuration Guide, Release 2.0

132 OL-25712-04

User Attributes in Remote Authentication Providers

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems OL-25712-04 Security Camera User Manual