I've modified the login module of Ciscoworks to leverage Tacacs+ authentication through my CiscoSecure server, but I haven't been able to map particular CiscoSecure user roles to Ciscoworks user roles. I can specifically create an account within Ciscoworks with the same name and assign that user a Ciscoworks role, but that prevents me from leveraging the groups used in cisco secure. I'd like to be able to create a new command authorization set and attach it to an existing CiscoSecure group. This process is referred to in multiple documents, but I can't the actual "how to" anywhere.
Re: ACS and CiscoWorks 2000: Assigning User Roles.
This is the ONLY way =
Look at what can be found in the ONLINE HELP of
CiscoWorks LMS when seraching at "login module" =
The CiscoWorks Server provides the mechanism used to authenticate users for CiscoWorks applications. However, many network managers already have a means of authenticating users. To use your current authentication database for CiscoWorks authentication, you can select a login module (NT, UNIX, TACACS+, Radius, and others).
After you select and configure a login module, all authentication transactions are performed by that source. The CiscoWorks Server still determines user roles; therefore, all users must be in the local database of user IDs and passwords. Users who are authenticated by an alternative service and who are not in the local database are assigned to the same role as the guest user (by default, the Help Desk role). To assign a user to a different role, such as the System Admin role, you must configure the user locally. Such users must have the same user ID locally as they have in the alternative authentication source. Users log in with the user ID and password associated with the current login module.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :