Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco Works and MS Active Directory authentication

Hi

I have configured Common Services to use AD - ldap authentication. And it works but now after logon, I don't have sufficient privileges to change anythings in CiscoWorks (for instance I can't change aaa parameters now). Is another way to logon local or I have to disconect CW server from ldap server ? How CW give provileges to account from AD ?

thanks in advance

Tomek

9 REPLIES
New Member

Re: Cisco Works and MS Active Directory authentication

the authorization is done via the local ciscoworks lms database. So the username used in ldap should be available in the local ciscoworks database with the appropriate user role. If no username found the user will be the helpdesk role and have limited permissions.

New Member

Re: Cisco Works and MS Active Directory authentication

Thanks a lot.

It explains everything.

Now I have accounts in CW "name.surname" but I have logon to AD using "name space surname" as a login name (even though my domain account is with "." ). Maybe you know how can I log to CW with admin provileges now and how can I resolve this problem with the login names ?

best regards

Tomek

New Member

Re: Cisco Works and MS Active Directory authentication

The default Login fallback option is set to admin only, so you should be able to login with admin (it bypasses the AD if this username is not available in AD)

Otherwise you should reset the loginmodule, you should stop the crmdmgtd and run the resetlogin per script (NMSROOT\bin\perl NMSROOT\bin\ResetLoginModule.pl) and restart the daemon manager crmdmgtd

New Member

Re: Cisco Works and MS Active Directory authentication

OK. I hope it's last question :)

Now I,m connected as admin. I've

configured login module options like:

Server: ldap://server.domain.com

Usersroot: ou=Information Technology, dc=domain, dc=com

Prefix: sAMAccountName=

And I can't logon. When I'm changing Prefix to cn= then I can login with name space surname. Anonynmous binding is enabled. Where can be a problem ?

In ldap browser a can see atribute: sAMAccountName=name.surname

thanks a lot

Tomek

New Member

Re: Cisco Works and MS Active Directory authentication

Hi

We have recntly change LMS config to the Microsft Active Directory mode.

You say that the username should be found in LMS local database.

But when i create a new user i must fill the password field. What should i insert ? The policy in our company is to change regulary the password, so i will change the password in LMS too ?

Regards

New Member

Re: Cisco Works and MS Active Directory authentication

The password (local userdatabase) is only used when the AD is not accessable/down e.g. You can however specify a fall-back user in case the AD is not available. Normally admin is being used. So if you want users to be able to login when AD is not available you should specify a password (which is statically or people should change their password on a regular base).

New Member

Re: Cisco Works and MS Active Directory authentication

Ok. What is the right of the AD users ? How to define the role to technician or administrator ?

New Member

Re: Cisco Works and MS Active Directory authentication

the authorization is done via the local ciscoworks lms database. So the username used in AD should be available in the local ciscoworks database with the appropriate user role. If no username found the user will be the helpdesk role and have limited permissions. If you have AAA mode (using CiscoSecure ACS) you can create other role with your own customization

New Member

Re: Cisco Works and MS Active Directory authentication

So i must create the users of the AD in LMS local database in order to select which role i wish to give. The problem is the maintenance of the password up to date. It seems not to be a really friendly mode !

1036
Views
0
Helpful
9
Replies
CreatePlease to create content