Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Authinticating using groups from AD

Hi

I'm finding it hard to create groups in AD and have the diffrent groups in AD assigned to diffrent roles in Cisco LMS 4.1

Is it possible to have diffrent AD groups to assign the diffrent roles in LMS? If it's possible how should I do it so it work as painless as possible?

Everyone's tags (4)
3 REPLIES
Cisco Employee

Authinticating using groups from AD

CiscoWorks LMS will use PAM (Pluggable Authentication Module), like TACACS+, Radius, Kerberos, MSAD etc,  only for authentication part. The role/privilege or Authorization would be local.

What authorization priv a user would has to be configured locally on LMS, which you can do from :

Admin > System > User Management > Local User Setup.

For more details, please check :

http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.1/user/guide/admin/security.html#wp1167300

-Thanks

Vinod

-Thanks Vinod **Rating Encourages contributors, and its really free. **

Authinticating using groups from AD

I found the following in the document: "The LMS Server determines user roles. Therefore, all users must be in the local database of user IDs and passwords. Users who are authenticated by an alternative service and who are not in the local database are assigned to the same role as the guest user (by default, the Help Desk role)."

So if I have one AD group that I want to assign a Super Admin role, another I want to have Network Administrator role and the third a helpdesk role. That isn't possible from what I can read in the text above. Is there any other way I can manage what I want to do?

Cisco Employee

Authinticating using groups from AD

All the roles will be defined in LMS itself now. For those whom you want to give just help desk priveldge/role, no need to define them in LMS locally.

Example, say there are three users A,B and C, you want to give a help Desk, Admin and Super Admin role.

AD                      LMS                

A                 

B          

C          

-Thanks

-Thanks Vinod **Rating Encourages contributors, and its really free. **
467
Views
0
Helpful
3
Replies
CreatePlease to create content