Showing results for 
Search instead for 
Did you mean: 

Authinticating using groups from AD


I'm finding it hard to create groups in AD and have the diffrent groups in AD assigned to diffrent roles in Cisco LMS 4.1

Is it possible to have diffrent AD groups to assign the diffrent roles in LMS? If it's possible how should I do it so it work as painless as possible?

3 Replies 3

Vinod Arya
Cisco Employee
Cisco Employee

CiscoWorks LMS will use PAM (Pluggable Authentication Module), like TACACS+, Radius, Kerberos, MSAD etc,  only for authentication part. The role/privilege or Authorization would be local.

What authorization priv a user would has to be configured locally on LMS, which you can do from :

Admin > System > User Management > Local User Setup.

For more details, please check :



-Thanks Vinod **Rating Encourages contributors, and its really free. **

I found the following in the document: "The LMS Server determines user roles. Therefore, all users must be in the local database of user IDs and passwords. Users who are authenticated by an alternative service and who are not in the local database are assigned to the same role as the guest user (by default, the Help Desk role)."

So if I have one AD group that I want to assign a Super Admin role, another I want to have Network Administrator role and the third a helpdesk role. That isn't possible from what I can read in the text above. Is there any other way I can manage what I want to do?

All the roles will be defined in LMS itself now. For those whom you want to give just help desk priveldge/role, no need to define them in LMS locally.

Example, say there are three users A,B and C, you want to give a help Desk, Admin and Super Admin role.

AD                      LMS                





-Thanks Vinod **Rating Encourages contributors, and its really free. **