Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Access to Cisco Call manager ---- Secure and AAA

Hi Everyone

We would like that any one who accesses the cisco call manager , it should ask for credentials like it is used for Network devices ( Routers /Switches)

so that one keeps track of any changes being made on it

Can we add Cisco Call Manager Server  to Cisco ACS  Server

6 REPLIES
Cisco Employee

Re: Access to Cisco Call manager ---- Secure and AAA

CUCM already asks you for a user/pwd for admin pages and ccmuser. If you don't have those you can't log in

CUCM does not integrate to any other authentication mechanisms for login.

HTH

java

If this helps, please rate

www.cisco.com/go/pdihelpdesk

HTH

java

if this helps, please rate

www.cisco.com/go/pdi

Re: Access to Cisco Call manager ---- Secure and AAA

Java is correct (+5 J-man) but I would like to clarify that you can have CUCM authenticate users against an external LDAP repository. You would lose centralized accounting on the ACS server, but it is likely that the ACS is also using LDAP for credential authentication. Which may get you a little closer.

So, Authentication can be done locally on the CUCM or via a backend LDAP repository.  Authorization and Accounting are done on the CUCM. The CUCM provides very granular authorization controls.  The accounting is provided by the auditing features embedded in later versions of CUCM.

http://www.netcraftsmen.net/resources/blogs/audit-logs-on-cucm.html

HTH.

Regards,
Bill

HTH -Bill (b) http://ucguerrilla.com (t) @ucguerrilla

Please remember to rate helpful responses and identify

Community Member

Hi Jaime,

Hi Jaime,

If CUCM can not use AAA, then is there any option to check which user has changed any changes to configuration. 

Cisco Employee

Yes, this has been asked

Yes, this has been asked plenty of times before

http://docwiki.cisco.com/wiki/CUCM_FAQ#Can_I_review_who_is_making_changes_in_CUCM.3F.3F

HTH

java

if this helps, please rate

www.cisco.com/go/pdi
Bronze

Jaime,

Jaime,

You can use ldap authentication for cucm administration now, is that not correct? It doesn't allow all features that are related to system administration, but the day-to-day admin stuff can definitely be allowed for ldap users. 

Cisco Employee

You have been able to add

You have been able to add LDAP users to the CUCM admin group for quite a long time, that only enables access to the system, what a user can do, is based on roles and groups.

HTH

java

if this helps, please rate

www.cisco.com/go/pdi
1362
Views
10
Helpful
6
Replies
CreatePlease to create content