we want to integrate LMS and ACS, as not all the devices are added in ACS, we want to use DCR local credentials, so we don't want to configure devices as AAA clients in ACS, but if we don't do this, devices are not managed by LMS modules, so is there any configuration that allow us to authenticate and authorized via ACS (TACACS+) but using DCR credentials?
Yes, LMS ALWAYS uses the credentials in DCR. Whether or not the device will authenticate those credentials against ACS or its own internal database is up to the config on the devices.
No, LMS NEVER uses the credentials directly from ACS.
Add all of the devices under Network Configuration. What we did for our lab was to create an NDG called NMS Devices. In that NDG, we created one "device" with IP address ranges to match all of our network devices:
This way, when LMS asks ACS if a device is authorized for management, ACS replies, "yes".
As for the devices themselves, we still have local authentication configured. For example:
enable password PASSWORD
line vty 0 15
The devices have no concept that there is any ACS server.