Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1554
Views
0
Helpful
4
Replies

ACS and CiscoWorks 2000: Assigning User Roles.

corey_hatch
Level 1
Level 1

‎11-20-2003 10:34 AM - edited ‎03-10-2019 07:34 AM

I've modified the login module of Ciscoworks to leverage Tacacs+ authentication through my CiscoSecure server, but I haven't been able to map particular CiscoSecure user roles to Ciscoworks user roles. I can specifically create an account within Ciscoworks with the same name and assign that user a Ciscoworks role, but that prevents me from leveraging the groups used in cisco secure. I'd like to be able to create a new command authorization set and attach it to an existing CiscoSecure group. This process is referred to in multiple documents, but I can't the actual "how to" anywhere.

Labels:
0 Helpful
4 Replies 4

mlheureux
Level 1
Level 1

‎02-03-2004 01:33 PM

We notice the same problem here too!

We have network admin access managed by ACS. I tried to enable the TACACS+ module of Ciscowork but I only have help desk privilege.

Is that a limitation of Ciscowork or a config I am missing?

The workaround is the same as you. I need to create all network admin in Ciscowork locally.

Have you find another way?

CH

0 Helpful

corey_hatch
Level 1
Level 1
In response to mlheureux

‎02-03-2004 03:08 PM

No other approach found. We are implementing it with the locally mapped piece.

0 Helpful

MARC MONTANARI
Level 1
Level 1
In response to corey_hatch

‎02-05-2004 02:56 AM

This is the ONLY way =

Look at what can be found in the ONLINE HELP of

CiscoWorks LMS when seraching at "login module" =

The CiscoWorks Server provides the mechanism used to authenticate users for CiscoWorks applications. However, many network managers already have a means of authenticating users. To use your current authentication database for CiscoWorks authentication, you can select a login module (NT, UNIX, TACACS+, Radius, and others).

After you select and configure a login module, all authentication transactions are performed by that source. The CiscoWorks Server still determines user roles; therefore, all users must be in the local database of user IDs and passwords. Users who are authenticated by an alternative service and who are not in the local database are assigned to the same role as the guest user (by default, the Help Desk role). To assign a user to a different role, such as the System Admin role, you must configure the user locally. Such users must have the same user ID locally as they have in the alternative authentication source. Users log in with the user ID and password associated with the current login module.

0 Helpful

corey_hatch
Level 1
Level 1
In response to MARC MONTANARI

‎02-05-2004 07:04 AM

Is there anyway to adjust the default role such that it maps to a different type of Ciscoworks role (e.g. System Admin)?

0 Helpful
Customers Also Viewed These Support Documents