×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Access to Cisco Call manager ---- Secure and AAA

Unanswered Question
Nov 19th, 2010
User Badges:

Hi Everyone

We would like that any one who accesses the cisco call manager , it should ask for credentials like it is used for Network devices ( Routers /Switches)


so that one keeps track of any changes being made on it


Can we add Cisco Call Manager Server  to Cisco ACS  Server

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Jaime Valencia Fri, 11/19/2010 - 07:51
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    2011

CUCM already asks you for a user/pwd for admin pages and ccmuser. If you don't have those you can't log in

CUCM does not integrate to any other authentication mechanisms for login.


HTH


java


If this helps, please rate


www.cisco.com/go/pdihelpdesk

William Bell Fri, 11/19/2010 - 08:03
User Badges:
  • Purple, 4500 points or more

Java is correct (+5 J-man) but I would like to clarify that you can have CUCM authenticate users against an external LDAP repository. You would lose centralized accounting on the ACS server, but it is likely that the ACS is also using LDAP for credential authentication. Which may get you a little closer.


So, Authentication can be done locally on the CUCM or via a backend LDAP repository.  Authorization and Accounting are done on the CUCM. The CUCM provides very granular authorization controls.  The accounting is provided by the auditing features embedded in later versions of CUCM.


http://www.netcraftsmen.net/resources/blogs/audit-logs-on-cucm.html



HTH.


Regards,
Bill

muazam ali Thu, 03/16/2017 - 04:08
User Badges:

Hi Jaime,

If CUCM can not use AAA, then is there any option to check which user has changed any changes to configuration. 

Sean Vaidya Thu, 03/16/2017 - 07:09
User Badges:
  • Bronze, 100 points or more

Jaime,

You can use ldap authentication for cucm administration now, is that not correct? It doesn't allow all features that are related to system administration, but the day-to-day admin stuff can definitely be allowed for ldap users. 

Jaime Valencia Thu, 03/16/2017 - 07:12
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    2011

You have been able to add LDAP users to the CUCM admin group for quite a long time, that only enables access to the system, what a user can do, is based on roles and groups.

Actions

This Discussion