User Accounts in Remote Authentication Services
Useraccounts can exist locally in Cisco UCS Manager or in the remote authentication server.
Thetemporary sessions for users who log in through remote authentication services can be viewed through
CiscoUCS Manager GUI orCisco UCS ManagerCLI.
User Roles in Remote Authentication Services
Ifyou create user accounts in the remote authentication server, you must ensure that the accounts include the
rolesthose users require for working inCisco UCS Manager and that the names of those roles match the
namesused in Cisco UCS Manager. Depending on the role policy, a user may not be allowed to log in or will
begranted only read-onlyprivileges.
User Attributes in Remote Authentication Providers
ForRADIUS and TACACS+ configurations, you must configure a user attribute for Cisco UCS in each remote
authenticationprovider through which users log in to Cisco UCS Manager. This user attribute holds the roles
andlocales assigned toeach user.
Thisstep is not required for LDAP configurations that use LDAP Group Mapping to assign roles and
locales.
Note
Whena userlogs in, CiscoUCS Manager does thefollowing:
1Queriesthe remoteauthentication service.
2Validatesthe user.
3Ifthe user isvalidated, checks for the roles and locales assigned to that user.
Thefollowing table contains a comparison of the user attribute requirements for the remote authentication
providerssupported by CiscoUCS.
Table 7: Comparison of User Attributes by Remote Authentication Provider
Attribute ID RequirementsSchema ExtensionCustom
Attribute
Authentication
Provider
TheCisco LDAP implementation
requiresa unicode type attribute.
Ifyou chooseto createthe
CiscoAVPaircustom attribute, use
thefollowing attributeID:
1.3.6.1.4.1.9.287247.1
Asample OID is provided in the
followingsection.
Optional.You can choose to do
eitherof the following:
• Do not extend the LDAP
schemaand configure an
existing,unused attribute
thatmeets the requirements.
• Extend the LDAP schema
andcreate a custom attribute
witha unique name, such as
CiscoAVPair.
Notrequired if
groupmapping
isused
Optionalif
groupmapping
isnot used
LDAP
Cisco UCS Manager GUI Configuration Guide, Release 2.0
132 OL-25712-04
User Attributes in Remote Authentication Providers