Cisco Bug: CSCuq33965 - Cannot login via SSH with user-id and domain to APIC
Mar 25, 2018
- Cisco Application Policy Infrastructure Controller (APIC)
Known Affected Releases
Symptom: APIC supports multiple login domains; with GUI and API, user can select the login domain when logging-in to APIC. The GUI sign in page has the Domain dorp down listbox to selet the login domain; both GUI and API accept the following username format for login authentication: apic:<login_domain>\\<user-id> The apic:<login_domain>\\<user-id> format does not work when used with SSH to APIC: bash% ssh -2l apic:TACACS_domain\\user01 10.0.32.29 Application Policy Infrastructure Controller apic:TACACS_domain\firstname.lastname@example.org's password: Permission denied, please try again. The following also does not work with SSH to APIC: <user-id>@<login_domain> <user-id>\\<login_domain> <user-id>\<login_domain> APIC SSH login with <user-id>:<login_domain> username works, but only if the <user-id> is a valid user of the default authentication realm; i.e. the <login-domain> part of the username does not serve any purpose. APIC should accept the follwoing format for username for GUI, API, and SSH: <user-id>@<login_domain> The apic:<login_domain>\\<user-id> username format can be retained for backward compatibility. Conditions: SSH login on APIC with user-id and domain.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases