cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1233
Views
0
Helpful
5
Replies

ANM & AD/LDAP integration

CARL HEMMINGSEN
Level 1
Level 1

Hi,

I am trying to get ANM user accounts integrated with AD/LDAP, without much success.

As it all seems fairly straight forward to configure, I wonder if there are any troubleshooting options available on the ANM to see what is with happening with the authentication request going to the LDAP server?

1 Accepted Solution

Accepted Solutions

I've tried this with TACACS and had similar issues. Ran a tcpdump on the ANM server and found no requests being sent to TACACS.

Can't remember where I found the solution, but it doesn't seem to be in the documentation.

You have to specify the ANM 'Organisation' in the Username. That then becomes userid@anmorganisation, then the ANM will use the specified aaa mechanism for that organisation.

The other sting in the tail seems to be that you have to set up individual users at the ANM in the organisation.

If anyone from Cisco is lurking here, can I request that you document the userid@anmorganisation requirement?

Also - I'd really appreciate the ability to return user role and domain information from TACACS like I do with the HSE so that the aaa becomes dynamic and the network admins don't have to change anm every time a user needs access to it or leaves!

Hope I'm not missing anything!

Thanks

View solution in original post

5 Replies 5

b.hsu
Level 5
Level 5

Follow the user guide for the Cisco Application Networking Manager with AD/LDAP.

http://www.cisco.com/en/US/docs/net_mgmt/application_networking_manager/1.2/user/guide/UG_admin.html#wp1052972

Thanks for your post.

I have followed the user guide. My problem is that LDAP authentication does not work, and I am interested to know if there are any troubleshooting options available on the ANM?

Hi everyone,

I have the same problems.I Configure a organization with LDAP authentification with users, roles and domain. After Login there is "Invalid User Name/Password" immediately. I don't think that a LDAP request is going to LDAP server.

Thank Rene

I've tried this with TACACS and had similar issues. Ran a tcpdump on the ANM server and found no requests being sent to TACACS.

Can't remember where I found the solution, but it doesn't seem to be in the documentation.

You have to specify the ANM 'Organisation' in the Username. That then becomes userid@anmorganisation, then the ANM will use the specified aaa mechanism for that organisation.

The other sting in the tail seems to be that you have to set up individual users at the ANM in the organisation.

If anyone from Cisco is lurking here, can I request that you document the userid@anmorganisation requirement?

Also - I'd really appreciate the ability to return user role and domain information from TACACS like I do with the HSE so that the aaa becomes dynamic and the network admins don't have to change anm every time a user needs access to it or leaves!

Hope I'm not missing anything!

Thanks

Hey,

Thanks for the information. It does appear that this detail is lacking, or not overly obvious in the documentation.

We do have a TACACS server, but we would prefer to use AD/LDAP, and while the information you provided is really helpful, it still is not going. I might need to put a protocol analyser on the server to see what traffic is going out of the server.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: