Authinticating using groups from AD

Nils Magnus Eliassen · ‎07-16-2012

Hi

I'm finding it hard to create groups in AD and have the diffrent groups in AD assigned to diffrent roles in Cisco LMS 4.1

Is it possible to have diffrent AD groups to assign the diffrent roles in LMS? If it's possible how should I do it so it work as painless as possible?

Vinod Arya · ‎07-16-2012

CiscoWorks LMS will use PAM (Pluggable Authentication Module), like TACACS+, Radius, Kerberos, MSAD etc, only for authentication part. The role/privilege or Authorization would be local.

What authorization priv a user would has to be configured locally on LMS, which you can do from :

Admin > System > User Management > Local User Setup.

For more details, please check :

http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.1/user/guide/admin/security.html#wp1167300

-Thanks

Vinod

-Thanks Vinod **Rating Encourages contributors, and its really free. **

Nils Magnus Eliassen · ‎07-17-2012

I found the following in the document: "The LMS Server determines user roles. Therefore, all users must be in the local database of user IDs and passwords. Users who are authenticated by an alternative service and who are not in the local database are assigned to the same role as the guest user (by default, the Help Desk role)."

So if I have one AD group that I want to assign a Super Admin role, another I want to have Network Administrator role and the third a helpdesk role. That isn't possible from what I can read in the text above. Is there any other way I can manage what I want to do?

Vinod Arya · ‎07-26-2012

All the roles will be defined in LMS itself now. For those whom you want to give just help desk priveldge/role, no need to define them in LMS locally.

Example, say there are three users A,B and C, you want to give a help Desk, Admin and Super Admin role.

AD LMS

A

B

C

-Thanks

-Thanks Vinod **Rating Encourages contributors, and its really free. **