Guest

Preview Tool

Cisco Bug: CSCuq33965 - Cannot login via SSH with user-id and domain to APIC

Last Modified

Mar 25, 2018

Products (1)

  • Cisco Application Policy Infrastructure Controller (APIC)

Known Affected Releases

1.0

Description (partial)

Symptom:
APIC supports multiple login domains; with GUI and API, user can select the login domain when logging-in to APIC. The GUI sign in page has the Domain dorp down listbox to selet the login domain; both GUI and API accept the following username format for login authentication:
apic:<login_domain>\\<user-id>

The apic:<login_domain>\\<user-id> format does not work when used with SSH to APIC:
bash% ssh -2l apic:TACACS_domain\\user01 10.0.32.29
Application Policy Infrastructure Controller
apic:TACACS_domain\uer01@10.0.32.29's password: 
Permission denied, please try again.

The following also does not work with SSH to APIC:
<user-id>@<login_domain>
<user-id>\\<login_domain>
<user-id>\<login_domain>

APIC SSH login with <user-id>:<login_domain> username works, but only if the <user-id> is a valid user of the default authentication realm; i.e. the <login-domain> part of the username does not serve any purpose.

APIC should accept the follwoing format for username for GUI, API, and SSH:
<user-id>@<login_domain>

The apic:<login_domain>\\<user-id> username format can be retained for backward compatibility.

Conditions:
SSH login on APIC with user-id and domain.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.