I am trying to get ANM user accounts integrated with AD/LDAP, without much success.
As it all seems fairly straight forward to configure, I wonder if there are any troubleshooting options available on the ANM to see what is with happening with the authentication request going to the LDAP server?
I've tried this with TACACS and had similar issues. Ran a tcpdump on the ANM server and found no requests being sent to TACACS.
Can't remember where I found the solution, but it doesn't seem to be in the documentation.
You have to specify the ANM 'Organisation' in the Username. That then becomes [email protected], then the ANM will use the specified aaa mechanism for that organisation.
The other sting in the tail seems to be that you have to set up individual users at the ANM in the organisation.
If anyone from Cisco is lurking here, can I request that you document the [email protected] requirement?
Also - I'd really appreciate the ability to return user role and domain information from TACACS like I do with the HSE so that the aaa becomes dynamic and the network admins don't have to change anm every time a user needs access to it or leaves!
Hope I'm not missing anything!