Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

PKI Logon?

I am looking for information on how to implement PKI logon to LMS. I am currently using RADIUS Authentication with local user accounts for Authorization. Is it possible to use PKI logon with local user fallback?

Active Directory authentication could work for me as well. Is it possible to point the Active Directory module to a group rather than an OU? So instead of the Userroot being "cn=users, dc=servername, dc=company, dc=com", can it be "cn=GROUP, dc=servername, dc=company, dc=com"?


Re: PKI Logon?

Doing AD is a snap, map to external database, pick domain,select group, assign permissions for local ACS group, and you're done.

New Member

Re: PKI Logon?

awesome, pointing LMS to an Active Directory group worked great! However, my users are smart card logon enforced, which means they don't use a password, but rather they use a pin number.

Is there any way around this? Or am I just going to have to create a service account for the users that need access to LMS?

Edit: I was really hoping that by using the MS Active Directory module, that the authentication/logon page for LMS would just try to authenticate the logged on user, instead of requesting a username and password, unless of course the logged on user was not in the AD group.

CreatePlease to create content