OPERATIONAL DEFECT DATABASE
...
...
After upgrading an N9k to 7.0(3)I2(2c) from 6.1(2)I3(5) on the Nexus 9000 (N9k) a logon using either down-level (DOMAIN\USER) logon or User Principal Name fails. Other version of code may be affected. LINUX01a$ ssh 10.201.175.25 -l "aaa\nadmin" User Access Verification aaa\nadmin@10.201.175.25's password: Permission denied, please try again. From the log messages: 2016 Apr 20 19:48:44 513E.C.12-N9K-9 %DAEMON-3-SYSTEM_MSG: Unable to create temporary user aaa\nadmin. Error 0x404a000a useradd: invalid user name 'aaa\nadmin' (50331648) - sshd[10113] 2016 Apr 20 19:48:44 513E.C.12-N9K-9 %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user aaa\nadmin from 172.18.254.97 - sshd[10113] This logon works prior to the upgrade.
*After upgrading to 7.0(3)I2(2c) using the down-level logon no longer works. *TACACS+ or RADIUS configured. *Seen when attempting a down-level logon or UPN logon.
*Specifying only the user name works as expected. *Note: the "nadmin" account is a Windows Active Directory (AD) domain account and not a local account on the switch. LINUX01$ ssh 10.201.175.25 -l "nadmin" User Access Verification nadmin@10.201.175.25's password: N9K# *N9k also supports direct LDAP authentication: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/security/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_Security_Configuration_Guide_7x/b_Cisco_Nexus_9000_Series_NX-OS_Security_Configuration_Guide_7x_chapter_0110.html Neither of these solutions will be sufficient in every scenario.
*See following document for a description of these logon formats: https://msdn.microsoft.com/en-us/library/windows/desktop/aa380525(v=vs.85).aspx *Other platforms are not affected by this (example Nexus 7000). *Write erase reload does not resolve issue. *Deleting temporary user files from BASH does not resolve issue.
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
