06-10-2008 07:26 PM
Hi,
I am trying to get ANM user accounts integrated with AD/LDAP, without much success.
As it all seems fairly straight forward to configure, I wonder if there are any troubleshooting options available on the ANM to see what is with happening with the authentication request going to the LDAP server?
Solved! Go to Solution.
06-20-2008 02:36 AM
I've tried this with TACACS and had similar issues. Ran a tcpdump on the ANM server and found no requests being sent to TACACS.
Can't remember where I found the solution, but it doesn't seem to be in the documentation.
You have to specify the ANM 'Organisation' in the Username. That then becomes userid@anmorganisation, then the ANM will use the specified aaa mechanism for that organisation.
The other sting in the tail seems to be that you have to set up individual users at the ANM in the organisation.
If anyone from Cisco is lurking here, can I request that you document the userid@anmorganisation requirement?
Also - I'd really appreciate the ability to return user role and domain information from TACACS like I do with the HSE so that the aaa becomes dynamic and the network admins don't have to change anm every time a user needs access to it or leaves!
Hope I'm not missing anything!
Thanks
06-16-2008 12:40 PM
Follow the user guide for the Cisco Application Networking Manager with AD/LDAP.
06-16-2008 01:03 PM
Thanks for your post.
I have followed the user guide. My problem is that LDAP authentication does not work, and I am interested to know if there are any troubleshooting options available on the ANM?
06-17-2008 10:53 PM
Hi everyone,
I have the same problems.I Configure a organization with LDAP authentification with users, roles and domain. After Login there is "Invalid User Name/Password" immediately. I don't think that a LDAP request is going to LDAP server.
Thank Rene
06-20-2008 02:36 AM
I've tried this with TACACS and had similar issues. Ran a tcpdump on the ANM server and found no requests being sent to TACACS.
Can't remember where I found the solution, but it doesn't seem to be in the documentation.
You have to specify the ANM 'Organisation' in the Username. That then becomes userid@anmorganisation, then the ANM will use the specified aaa mechanism for that organisation.
The other sting in the tail seems to be that you have to set up individual users at the ANM in the organisation.
If anyone from Cisco is lurking here, can I request that you document the userid@anmorganisation requirement?
Also - I'd really appreciate the ability to return user role and domain information from TACACS like I do with the HSE so that the aaa becomes dynamic and the network admins don't have to change anm every time a user needs access to it or leaves!
Hope I'm not missing anything!
Thanks
06-30-2008 10:20 PM
Hey,
Thanks for the information. It does appear that this detail is lacking, or not overly obvious in the documentation.
We do have a TACACS server, but we would prefer to use AD/LDAP, and while the information you provided is really helpful, it still is not going. I might need to put a protocol analyser on the server to see what traffic is going out of the server.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide