Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
856
Views
0
Helpful
4
Replies

LMS 4.2 AD Integration, User Roles

Go to solution
MICHAEL SCHROEDER
Level 3
Level 3

‎01-28-2013 05:35 AM

Hi All, ist it possible to use MS AD to define Roles and Privileges of LMS 4.2 Users? Maybe one User has Full Admin Access, one other only Monitoring Capabilities. Where to define the Access Privileges, LMS or AD? Any Help Welcome.

TIA, Michael

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-28-2013 06:29 AM

LMS (pre-4.x) used to allow this via a two step authorization scheme - LMS authentication and authorization based on TACACS user which in turn was (optionally) based on AD. (You could also authenticate directly to AD, though I seldom see this method used.)

Unfortunately, LMS 4 relegated the TACACS integration to Authentication only. Authorization is done via the user's role setup in LMS itself. See the chapter on Security in the admin guide for details.

View solution in original post

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to MICHAEL SCHROEDER

‎01-28-2013 09:28 AM

You're welcome.

Yes, PI 1.2 is similar. The mechanics of the implementation (which menus to click etc.) are a bit different but the concept of authorization being done on the PI server with authentication remote (or not, as desired) is the same.

This is covered in the PI User Guide, Chapter 15 (Performing Administrative Tasks) - see the various tasks under "Configuring AAA".

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-28-2013 06:29 AM

LMS (pre-4.x) used to allow this via a two step authorization scheme - LMS authentication and authorization based on TACACS user which in turn was (optionally) based on AD. (You could also authenticate directly to AD, though I seldom see this method used.)

Unfortunately, LMS 4 relegated the TACACS integration to Authentication only. Authorization is done via the user's role setup in LMS itself. See the chapter on Security in the admin guide for details.

0 Helpful

Go to solution
MICHAEL SCHROEDER
Level 3
Level 3

‎01-28-2013 09:02 AM

Great, thank you so much. Do you know  how this is managed in Prime Infrastructure 1.2? Same fashion?

Regards, Michael

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to MICHAEL SCHROEDER

‎01-28-2013 09:28 AM

You're welcome.

Yes, PI 1.2 is similar. The mechanics of the implementation (which menus to click etc.) are a bit different but the concept of authorization being done on the PI server with authentication remote (or not, as desired) is the same.

This is covered in the PI User Guide, Chapter 15 (Performing Administrative Tasks) - see the various tasks under "Configuring AAA".

0 Helpful

Go to solution
MICHAEL SCHROEDER
Level 3
Level 3
In response to Marvin Rhoads

‎01-28-2013 10:40 AM

Thank you Marvin!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents