Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1599
Views
0
Helpful
2
Replies

Cisco Prime Device Access Control via TACACS Authentication

Steven Chua
Level 1
Level 1

‎08-01-2012 02:18 PM - edited ‎03-10-2019 07:22 PM

Hi,

I have deployed a Cisco Prime Lan Management Server and I have configure for TACACS authentication and authorization for users accessing the Prime box via Cisco ACSv5.2. As I have two groups of users, I would like to restrict the access right to the Cisco Prime for these two groups of users (access rights of Helpdesk for one group and Super Admin for another group). I am able to authencated successfully via the Cisco ACSv5.2 however I am always seem to be given the rights of Helpdesk only.

Please advice.

Many Thanks in Advance.

Rgds

Labels:
0 Helpful
2 Replies 2

Tarik Admani
VIP Alumni
VIP Alumni

‎08-01-2012 10:07 PM

Steven,

If this is the replacement for CiscoWorks (which i am sure is) you can only authenticate local users in the Prime database with ACS, meaning that you will have to set the same username depending on which database you will use (ACS local db or AD).

So if you have a user named ADuser in Active directory, create a local user account on Prime and map them to the role or group you want them have access to. Configure the tacacs module and then build your ACS so it authenticates the user via AD or local database. Once you login use the AD password and see if the user is mapped in the proper role.

Hope that helps.

Tarik Admani
*Please rate helpful posts*

0 Helpful

rgomes
Level 1
Level 1
In response to Tarik Admani

‎12-24-2013 06:00 AM

Hi tarik

I want to integrate the Prime Infrastructure 1.3 with ACS 5.x.

The ACS 5.x authenticates using Active Directory. All devices on the network are configured

to use the ACS 5.x so every user can access or denied to the devices based on their access rights.

I want to have the same way for access to the Prime Infrastructure.

You said that for this besides configure the authorizations on the shell profile on the ACS for

the various different roles we need to create the users locally on the PI?

Thats is really needed?

How we match the autorization groups on the AD and the roles defined on the PI and on the ACS?

I have read several DOCs but not sure if its really possible to give authorizations to the users

from AD based on their asigned AD group.

Thanks in advance

0 Helpful
Customers Also Viewed These Support Documents