Developer Network

« Back to Technical Discussions

aaaRefresh and aaaLogout works on UCSPE but not a real UCS?

Combination View

Steve Chambers Posts: 5 Join Date: 4/9/10 Recent Posts	aaaRefresh and aaaLogout works on UCSPE but not a real UCS? Answer 10/4/10 3:35 PM Mark as an Answer Submit Reply with Quote Quick Reply I had the two aaaRefresh/aaaLogout methods working fine on the UCS Platform Emulator, but then when I point at a "real" UCS I get errors back from the API. Here's the response for the aaaLogin (works fine) and then the two "broken" methods: Login works fine, we get the cookie back: <aaaLogin cookie="" response="yes" outCookie="1286188141/01f3a63b-0881-4779-8883-78897329b861" outRefreshPeriod="600" outPriv="admin,read-only" outDomains="" outChannel="noencssl" outEvtChannel="noencssl" outSessionId="web_37413_B" outVersion="1.3(1c)"> </aaaLogin> I can get MOs back: Sent: <configResolveClass inHierarchical='false' cookie='1286188242/5eda8671-76a3-4678-9084-6e42f2306084' classId='networkElement'/> Received: <configResolveClass cookie="1286188242/5eda8671-76a3-4678-9084-6e42f2306084" response="yes" classId="networkElement"> <outConfigs> <networkElement adminInbandIfState="disable" dn="sys/switch-A" fltAggr="4294967296" id="A" inbandIfGw="0.0.0.0" inbandIfIp="0.0.0.0" inbandIfMask="0.0.0.0" inbandIfVnet="0" model="N10-S6100" oobIfGw="10.52.204.222" oobIfIp="10.52.204.193" oobIfMask="255.255.255.224" operability="operable" revision="0" serial="SSI132107CJ" totalMemory="3549" vendor="Cisco Systems, Inc."/> <networkElement adminInbandIfState="disable" dn="sys/switch-B" fltAggr="8589934592" id="B" inbandIfGw="0.0.0.0" inbandIfIp="0.0.0.0" inbandIfMask="0.0.0.0" inbandIfVnet="0" model="N10-S6100" oobIfGw="10.52.204.222" oobIfIp="10.52.204.194" oobIfMask="255.255.255.224" operability="operable" revision="0" serial="SSI13180DB5" totalMemory="3549" vendor="Cisco Systems, Inc."/> </outConfigs> </configResolveClass> But aaaRefresh doesn't work with the same cookie: Sent: <aaaRefresh inCookie='1286188242/5eda8671-76a3-4678-9084-6e42f2306084'/> Received: <aaaRefresh cookie="1286188141/01f3a63b-0881-4779-8883-78897329b861" response="yes" errorCode="552" invocationResult="unidentified-fail" errorDescr="Authorization required"> </aaaRefresh> Neither does aaaLogout" Sent: <aaaLogout inCookie='1286188242/5eda8671-76a3-4678-9084-6e42f2306084'/> Received: <aaaLogout cookie="1286184622/6788cb4d-8806-4be8-9674-4dcfdcf10bed" response="yes" errorCode="555" invocationResult="unidentified-fail" errorDescr="Session not found"> </aaaLogout> Any ideas?
	Sign in to vote. Flag Please sign in to flag this as inappropriate. Top

Steve Chambers Posts: 5 Join Date: 4/9/10 Recent Posts	RE: aaaRefresh and aaaLogout works on UCSPE but not a real UCS? Answer 10/4/10 4:05 PM as a reply to Steve Chambers. Mark as an Answer Submit Reply with Quote Quick Reply ...and here's me running the exact same code but this time @ UCSPE... this is the end of a debug log (I'm using Ruby, but I get the same results with Firefox Poster). First, aaaRefresh works: I, [2010-10-04T12:03:24.681215 #50103] INFO -- CiscoUCS:UCSM: dispatch called with <aaaRefresh inCookie='1283408575/96edbd49-6f0d-4087-800f-ddf18cb1f432'/> I, [2010-10-04T12:03:24.694525 #50103] INFO -- CiscoUCS:UCSM: dispatch received <aaaRefresh cookie="" response="yes" outCookie="1283408575/443b4d43-9492-489c-a5fe-c94c8db805d2" outRefreshPeriod="600" outPriv="aaa,admin,ext-lan-config,ext-lan-policy,ext-lan-qos,ext-lan-security,ext-san-config,ext-san-policy,ext-san-security,fault,operations,pod-config,pod-policy,pod-qos,pod-security,read-only" outDomains="org-root" outChannel="noencssl" outEvtChannel="noencssl"> </aaaRefresh> and so does aaaLogout: I, [2010-10-04T12:03:24.696213 #50103] INFO -- CiscoUCS:UCSM: logout @url=http://192.168.1.66/nuova, @cookie=1283408575/443b4d43-9492-489c-a5fe-c94c8db805d2 I, [2010-10-04T12:03:24.702486 #50103] INFO -- CiscoUCS:UCSM: dispatch starting I, [2010-10-04T12:03:24.702667 #50103] INFO -- CiscoUCS:UCSM: dispatch called with <aaaLogout inCookie='1283408575/443b4d43-9492-489c-a5fe-c94c8db805d2'/> I, [2010-10-04T12:03:24.705481 #50103] INFO -- CiscoUCS:UCSM: dispatch received <aaaLogout cookie="" response="yes" outStatus="success"> </aaaLogout>
	Sign in to vote. Flag Please sign in to flag this as inappropriate. Top

Steve Chambers Posts: 5 Join Date: 4/9/10 Recent Posts	RE: aaaRefresh and aaaLogout works on UCSPE but not a real UCS? Answer 10/4/10 5:11 PM as a reply to Steve Chambers. Mark as an Answer Submit Reply with Quote Quick Reply Tested this again with Firefox and Poster: If I send aaaLogin I get an outCookie. If I send aaaRefresh with inCookie set to outCookie value, I get the response errorCode="552" invocationResult="unidentified-fail" errorDescr="Authorization required" If I send aaaRefresh with cookie set to outCookie value, I get the response errorCode="552" invocationResult="unidentified-fail" errorDescr="Authorization required" When I do this on UCSPE: If I send aaaLogin I get an outCookie. If I send aaaRefresh with inCookie set to outCookie value, I get the response <aaaRefresh cookie="" response="yes" outCookie="1283410307/ddcf6b84-36e8-4513-b8d5-d4a8ab45e859" outRefreshPeriod="600" outPriv="aaa,admin,ext-lan-config,ext-lan-policy,ext-lan-qos,ext-lan-security,ext-san-config,ext-san-policy,ext-san-security,fault,operations,pod-config,pod-policy,pod-qos,pod-security,read-only" outDomains="org-root" outChannel="noencssl" outEvtChannel="noencssl"> </aaaRefresh>
	Sign in to vote. Flag Please sign in to flag this as inappropriate. Top

John McDonough Posts: 35 Join Date: 5/21/08 Recent Posts	RE: aaaRefresh and aaaLogout works on UCSPE but not a real UCS? Answer 11/24/10 10:10 PM as a reply to Steve Chambers. Mark as an Answer Submit Reply with Quote Quick Reply Tested this again with Firefox and Poster: If I send aaaLogin I get an outCookie. If I send aaaRefresh with inCookie set to outCookie value, I get the response errorCode="552" invocationResult="unidentified-fail" errorDescr="Authorization required" If I send aaaRefresh with cookie set to outCookie value, I get the response errorCode="552" invocationResult="unidentified-fail" errorDescr="Authorization required" When I do this on UCSPE: If I send aaaLogin I get an outCookie. If I send aaaRefresh with inCookie set to outCookie value, I get the response <aaaRefresh cookie="" response="yes" outCookie="1283410307/ddcf6b84-36e8-4513-b8d5-d4a8ab45e859" outRefreshPeriod="600" outPriv="aaa,admin,ext-lan-config,ext-lan-policy,ext-lan-qos,ext-lan-security,ext-san-config,ext-san-policy,ext-san-security,fault,operations,pod-config,pod-policy,pod-qos,pod-security,read-only" outDomains="org-root" outChannel="noencssl" outEvtChannel="noencssl"> </aaaRefresh> Steve, aaaRefresh requires the current cookie plus the user and password that were used to generate the cookie. The reason it worked on the emulator is because the security is not enforced on the emulator. Examples below run against a real UCS using Poster aaaLogin Request <aaaLogin inName="jomcodno" inPassword="cisco@123" /> aaaLogout Response <aaaLogin cookie="" response="yes" outCookie="1290611842/f4e1e894-8672-4ba6-8f52-3caef28756f5" outRefreshPeriod="600" outPriv="admin,read-only" outDomains="" outChannel="noencssl" outEvtChannel="noencssl" outSessionId="web_43656_A" outVersion="1.3(1c)"> </aaaLogin> aaaRefresh Request <aaaRefresh inName="jomcdono" inPassword="cisco@123" inCookie="1290611842/f4e1e894-8672-4ba6-8f52-3caef28756f5" /> aaaRefresh Response <aaaRefresh cookie="" response="yes" outCookie="1290611867/25034cff-a208-4493-9da2-6f2dcbf991af" outRefreshPeriod="600" outPriv="admin,read-only" outDomains="" outChannel="noencssl" outEvtChannel="noencssl"> </aaaRefresh> aaaLogout Request utilizing cookie from aaaRefresh response <aaaLogout inCookie="1290611867/25034cff-a208-4493-9da2-6f2dcbf991af" /> aaaLogout Response <aaaLogout cookie="" response="yes" outStatus="success"> </aaaLogout> Hope that helps. Regards, John
	Sign in to vote. Flag Please sign in to flag this as inappropriate. Top