12-12-2008 12:03 PM
I have a group in Active Directory that is allowed access to our network infrastructure, including Cisco Works. When I login to Cisco Works with an account that is a member of this AD account, I do not get any administrative permissions in Cisco Works. How to I relate the AD group (authenticated via Radius) to an administrative role in Cisco Works?
Edit: If I go into Common Services -> Security -> AAA Mode Setup, I can setup Radius authentication, which works great, but I cannot figure out how to grant server roles to an authenticated user. This is so frustrating.
Solved! Go to Solution.
12-15-2008 09:43 AM
If you login as a user who does not have an account in Radius (e.g. admin), then LMS will fallback to local authentication. The users allowed for fallback (admin is the only user by default) can be configured when you switch the login module.
No, what you are doing is the proper way of doing external authentication.
12-12-2008 01:51 PM
You need to add a local account to LMS to provide the authorization piece. The login modules only provide authentication. If you want to do full centralized authentication and authorization, you need to integrate LMS with Cisco Security ACS, and due TACACS+ between LMS and ACS.
12-15-2008 06:22 AM
ok, I created a user account in local user setup that reflects my domain account. I created a bogus password for this account that does not match my domain password.
When I login to LMS, I can see the following,
Authentication Mode RADIUS
Authorization Mode CiscoWorks Local
I have a couple of questions about this.
1.) Why does the RADIUS sometimes read RADIUS (Fallback Mode) and other times, just RADIUS?
2.) Are there any security risks with me authenticating like this?
12-15-2008 09:43 AM
If you login as a user who does not have an account in Radius (e.g. admin), then LMS will fallback to local authentication. The users allowed for fallback (admin is the only user by default) can be configured when you switch the login module.
No, what you are doing is the proper way of doing external authentication.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: