LMS Authentication with ACS 5.1

Answered Question
Apr 19th, 2010

Hi, I am using LMS authentication via ACS. I am able to login to LMS successfully with ACS user name and password but I can not execute most of the task it says you are not authorised. do i need to anything in LMS except enabling login module to tacacs...

Let me know if I missed something.

Thanks

Ninja

I have this problem too.
0 votes
Correct Answer by Joe Clarke about 6 years 9 months ago

Integration with ACS 5.1 is not yet supported.  You can do authentication only with ACS 5.0, and 5.1 should work, but you will not be able to use full AAA integration.  Disable AAA mode, and set the login module to be TACACS+.  Point that to your 5.1 server, and you should be able to login, and run tasks in LMS.  However, you will still need to create local accounts in LMS for all of your users to do the authorization piece.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Joe Clarke Mon, 04/19/2010 - 00:35

Integration with ACS 5.1 is not yet supported.  You can do authentication only with ACS 5.0, and 5.1 should work, but you will not be able to use full AAA integration.  Disable AAA mode, and set the login module to be TACACS+.  Point that to your 5.1 server, and you should be able to login, and run tasks in LMS.  However, you will still need to create local accounts in LMS for all of your users to do the authorization piece.

jain.nitin Mon, 04/19/2010 - 02:43

thanks it worked. but need to ask one thing password should match with acs password for an user ?? caz i know mine password but dont know other users passwords which are on ACS so just wanted to check..LMS will check only username or password as well before giving authorization to a user.

Joe Clarke Mon, 04/19/2010 - 08:24

If you are using an external authentication module, you do not need to specify a password for your users in LMS.  LMS will use the external login module for authentication.  All you need to specify in LMS are the roles the user will require.

ROMAN TOMASEK Fri, 04/08/2011 - 05:07

Hello Joe,

I have one question about authorization. Is possible to use an AV pair or shell in ACS 5 (Radius or Tacacs) for assigning role (defined in LMS4.0) to the users? Like following: shell:admin=SuperAdmin default-domain. I think that the creation a lot of same users in LMS like in ACS when different roles are assigned to these users. is horrible for my customers. Thank you.

Roman

Joe Clarke Fri, 04/08/2011 - 09:05

Unfortunately, this is not possible.  All authroization in LMS 4.0 must be done locally.  There is no way to inject authorization data from an AAA server into LMS 4.0.

Actions

This Discussion