CiscoWorks LMS / ActiveDirectory authentication

Unanswered Question
Aug 20th, 2007
User Badges:

=======================================

LMS 2.6

CiscoWorks Common Services 3.0.5

Campus Manager 4.0.9

CiscoView 6.1.5

Device Fault Manager 2.0.9

Internetwork Performance Monitor 2.6.0

Integration Utility 1.6.0

Resource Manager Essentials 4.0.5

=======================================

Selected Login Module: MS Active Directory

Server: ldap://server.company.com

Usersroot: ou=Technical Services, ou=Information Technology, dc=company, dc=com

Prefix: cn=

=======================================


Users created in AD with a first name and last name have a "cn=first<space>last" and the actual logon credentials are stored in "sAMAccountName=loginID". This presents a problem when a LDAP querry is passed from CiscoWorks LMS. When attempting to authenticate CiscoWorks LMS users against Microsoft Active Directory / LDAP, login credentials must be "first<space>last" rather than actual loginID. Desired configuration would be to reference SAMAccountName (loginID) rather than CN. I see CCO references to SAMAccountName under Unified Messaging and NAC documentation. But nothing under CiscoWorks documentation. Is this possible?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joe Clarke Mon, 08/20/2007 - 11:34
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

If I understand you correctly, why not change the prefix from cn= to SAMAccountName= ?

thomsmith Mon, 08/20/2007 - 11:41
User Badges:

You understand correctly. Though I tried changing the prefix to sAMAccountName= and it doesn't work.

Joe Clarke Mon, 08/20/2007 - 11:43
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Do you have anonymous bind enabled on the AD server? That is required to use SAMAccountName.

thomsmith Mon, 08/20/2007 - 13:39
User Badges:

Nope, anonymous bind is not enabled. That's the source of my problem. Unfortunately, policy won't permit me to enable it either. I guess ACS appliance is the longer-term fix. In the meantime, I can change the user requiring this access. Thanks for your assistance.

Actions

This Discussion