Cisco UCS and Default Authentication Domains

I’ve recently been working with Cisco UCS — and more specifically the UCS Powertool (the powershell management component). Initially, my scripts were using a local account in UCSM for authentication. However, after changing the “Default Authentication Realm” from Local to LDAP (see screenshot below), I could no longer authenticate using a local account in my script

Using an account from the configured default realm worked — which makes plenty of sense as this is the provider UCS uses for authentication by default.  However, I wanted to be able to specify the authentication realm in my scripts and override the default if necessary.

I had an idea on how to attempt this configuration while looking at the remotely authenticated user section.  You’ll notice in the screenshot below that I have a remotely connected LDAP user with a prefix of ucs-ldap22\ (its at the bottom of the image).

Yes, that’s right.  UCS hyphen NameOfAuthenticationDomain backslash UserName.  I created an authentication domain named local, which maps to the local authentication provider, and then attempted to Connect-UCS specifying the username in the format ucs-local\myUserID — SUCCESS!    Just thought I’d share this information in case anyone else has a similar need.

5 comments

  1. Sean Ferguson says:

    Excellent, this helps me out quite a bit. Thanks for sharing this!

  2. Drew says:

    Thanks for this post, it was a life saver!

    We’ve setup our UCS domains for LDAP auth, but I was trying to use a local account for some scripted backups.

    Thanks again for posting this.

  3. daveStyle says:

    Epic. Real time saver, cheers friend

  4. PP says:

    try
    ucs-local\admin

  5. Steve-0 says:

    Thank you !!! Saved my sanity!!

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Notify me of followup comments via e-mail. You can also subscribe without commenting.