Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

CiscoWorks LMS / ActiveDirectory authentication

=======================================

LMS 2.6

CiscoWorks Common Services 3.0.5

Campus Manager 4.0.9

CiscoView 6.1.5

Device Fault Manager 2.0.9

Internetwork Performance Monitor 2.6.0

Integration Utility 1.6.0

Resource Manager Essentials 4.0.5

=======================================

Selected Login Module: MS Active Directory

Server: ldap://server.company.com

Usersroot: ou=Technical Services, ou=Information Technology, dc=company, dc=com

Prefix: cn=

=======================================

Users created in AD with a first name and last name have a "cn=first<space>last" and the actual logon credentials are stored in "sAMAccountName=loginID". This presents a problem when a LDAP querry is passed from CiscoWorks LMS. When attempting to authenticate CiscoWorks LMS users against Microsoft Active Directory / LDAP, login credentials must be "first<space>last" rather than actual loginID. Desired configuration would be to reference SAMAccountName (loginID) rather than CN. I see CCO references to SAMAccountName under Unified Messaging and NAC documentation. But nothing under CiscoWorks documentation. Is this possible?

4 REPLIES
Cisco Employee

Re: CiscoWorks LMS / ActiveDirectory authentication

If I understand you correctly, why not change the prefix from cn= to SAMAccountName= ?

Community Member

Re: CiscoWorks LMS / ActiveDirectory authentication

You understand correctly. Though I tried changing the prefix to sAMAccountName= and it doesn't work.

Cisco Employee

Re: CiscoWorks LMS / ActiveDirectory authentication

Do you have anonymous bind enabled on the AD server? That is required to use SAMAccountName.

Community Member

Re: CiscoWorks LMS / ActiveDirectory authentication

Nope, anonymous bind is not enabled. That's the source of my problem. Unfortunately, policy won't permit me to enable it either. I guess ACS appliance is the longer-term fix. In the meantime, I can change the user requiring this access. Thanks for your assistance.

1193
Views
0
Helpful
4
Replies
CreatePlease to create content