09-14-2007 08:09 AM
I am getting ready to move LMS 2.6 to single sign on using our Active Directory environment. I was just curious as to what the best practices are as well as the easiest way to do this.
Thanks
09-14-2007 09:11 AM
Are you using SSS (Single Sever Solution) or multiple servers ? SSO with in the context of LMS refers only to multiple server deployments with a master and one or more slave LMS servers.
Which platform (Winderz or Solaris) ?
You do realize that you will also need to maintain local "stub" accounts for each user that defines thier role, no permissions can be assigned in AD for Ciscoworks.
09-14-2007 09:40 AM
The leading practice for SSO is to use it in conjunction with ACS. That is, have two or more replicating ACS servers that use AD as their backing authentication source. Then, integrate your SSO LMS servers with your ACS cluster.
This way, your users and roles are centralized and replicated. You will not have to configure any local users in your LMS servers.
09-14-2007 09:52 AM
Is there a good document on this? We currently use ACS for all our Access Points so this should not be an issue.
Thanks
09-14-2007 10:22 AM
I discussed this at Networkers a few years ago, but I'm not sure it published on any customer-facing documents. That said, there's nothing tricky about this configuration. It's just the sum of ACS integration and Single Sign On.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: