Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

LMS-FreeRadius integration

Hi,

I know that it's possible to create different groups of devices in LMS through ACS, in such a way that a specific user cannot access to devices not assigned to him.

Is it possible to do it with a FreeRadius instead of a ACS?

Many thanks.

2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: LMS-FreeRadius integration

No. ACS and TACACS+ are required to do this. With only a Radius server, you will only be able to provide external centralized authentication. None of the custom roles or device grouping capabilities will be available.

Cisco Employee

Re: LMS-FreeRadius integration

However, this will not work with LMS. In order to restrict what devices an LMS user can manage, you need Cisco Secure ACS.

3 REPLIES
Cisco Employee

Re: LMS-FreeRadius integration

No. ACS and TACACS+ are required to do this. With only a Radius server, you will only be able to provide external centralized authentication. None of the custom roles or device grouping capabilities will be available.

Blue

Re: LMS-FreeRadius integration

Generally, I'd say no, RADIUS is not a direct substitute for TACACS. But in this case, you can try emulating that basic behavior with huntgroups/sqlhuntgroups in FreeRadius:

http://wiki.freeradius.org/SQL_Huntgroup_HOWTO

Cisco Employee

Re: LMS-FreeRadius integration

However, this will not work with LMS. In order to restrict what devices an LMS user can manage, you need Cisco Secure ACS.

493
Views
5
Helpful
3
Replies