Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

New Member

ANM & AD/LDAP integration

Hi,

I am trying to get ANM user accounts integrated with AD/LDAP, without much success.

As it all seems fairly straight forward to configure, I wonder if there are any troubleshooting options available on the ANM to see what is with happening with the authentication request going to the LDAP server?

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: ANM & AD/LDAP integration

I've tried this with TACACS and had similar issues. Ran a tcpdump on the ANM server and found no requests being sent to TACACS.

Can't remember where I found the solution, but it doesn't seem to be in the documentation.

You have to specify the ANM 'Organisation' in the Username. That then becomes userid@anmorganisation, then the ANM will use the specified aaa mechanism for that organisation.

The other sting in the tail seems to be that you have to set up individual users at the ANM in the organisation.

If anyone from Cisco is lurking here, can I request that you document the userid@anmorganisation requirement?

Also - I'd really appreciate the ability to return user role and domain information from TACACS like I do with the HSE so that the aaa becomes dynamic and the network admins don't have to change anm every time a user needs access to it or leaves!

Hope I'm not missing anything!

Thanks

5 REPLIES
Silver

Re: ANM & AD/LDAP integration

Follow the user guide for the Cisco Application Networking Manager with AD/LDAP.

http://www.cisco.com/en/US/docs/net_mgmt/application_networking_manager/1.2/user/guide/UG_admin.html#wp1052972

New Member

Re: ANM & AD/LDAP integration

Thanks for your post.

I have followed the user guide. My problem is that LDAP authentication does not work, and I am interested to know if there are any troubleshooting options available on the ANM?

New Member

Re: ANM & AD/LDAP integration

Hi everyone,

I have the same problems.I Configure a organization with LDAP authentification with users, roles and domain. After Login there is "Invalid User Name/Password" immediately. I don't think that a LDAP request is going to LDAP server.

Thank Rene

New Member

Re: ANM & AD/LDAP integration

I've tried this with TACACS and had similar issues. Ran a tcpdump on the ANM server and found no requests being sent to TACACS.

Can't remember where I found the solution, but it doesn't seem to be in the documentation.

You have to specify the ANM 'Organisation' in the Username. That then becomes userid@anmorganisation, then the ANM will use the specified aaa mechanism for that organisation.

The other sting in the tail seems to be that you have to set up individual users at the ANM in the organisation.

If anyone from Cisco is lurking here, can I request that you document the userid@anmorganisation requirement?

Also - I'd really appreciate the ability to return user role and domain information from TACACS like I do with the HSE so that the aaa becomes dynamic and the network admins don't have to change anm every time a user needs access to it or leaves!

Hope I'm not missing anything!

Thanks

New Member

Re: ANM & AD/LDAP integration

Hey,

Thanks for the information. It does appear that this detail is lacking, or not overly obvious in the documentation.

We do have a TACACS server, but we would prefer to use AD/LDAP, and while the information you provided is really helpful, it still is not going. I might need to put a protocol analyser on the server to see what traffic is going out of the server.

411
Views
0
Helpful
5
Replies
CreatePlease to create content