Cisco Community
English
Register
Great changes are coming to Cisco Community in July. LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
4591
Views
0
Helpful
2
Replies
Steven Chua
Beginner
Beginner
‎08-01-2012 08:16 PM
‎08-01-2012 08:16 PM

Cisco Prime Device Access Control via TACACS Authentication

Hi,

I  have deployed a Cisco Prime Lan Management Server and I have configure  for TACACS authentication and authorization for users accessing the  Prime box via Cisco ACSv5.2. As I have two groups of users, I would like  to restrict the access right to the Cisco Prime for these two groups of  users (access rights of Helpdesk for one group and Super Admin for  another group). I am able to authencated successfully via the Cisco  ACSv5.2 however I am always seem to be given the rights of Helpdesk  only.

Please advice.

Many Thanks in Advance.

Rgds

Labels:
0 Helpful
1 ACCEPTED SOLUTION

Accepted Solutions
Vinod Arya
Cisco Employee
Cisco Employee
‎08-01-2012 09:10 PM
‎08-01-2012 09:10 PM

With Prime series or LMS 4.x onwards, any PAM (pluggable Auth. Module) provides only authentication to users. for Authorization on what access one should have the user should be locally configured on the LMS with required Authorization. Those users who are in AAA server will be given bydefault help desk user acess.

For more details on this, see :

http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/user/guide/admin/security.html#wp1167300

In short, add users in LMS whom you want to grand super admin access with same priv's.

-Thanks

-Thanks Vinod **Rating Encourages contributors, and its really free. **

View solution in original post

0 Helpful
2 REPLIES 2
Vinod Arya
Cisco Employee
Cisco Employee
‎08-01-2012 09:10 PM
‎08-01-2012 09:10 PM

With Prime series or LMS 4.x onwards, any PAM (pluggable Auth. Module) provides only authentication to users. for Authorization on what access one should have the user should be locally configured on the LMS with required Authorization. Those users who are in AAA server will be given bydefault help desk user acess.

For more details on this, see :

http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/user/guide/admin/security.html#wp1167300

In short, add users in LMS whom you want to grand super admin access with same priv's.

-Thanks

-Thanks Vinod **Rating Encourages contributors, and its really free. **
0 Helpful
Steven Chua
Beginner
Beginner
In response to Vinod Arya
‎08-02-2012 12:26 AM
‎08-02-2012 12:26 AM

Hi Vinod,

Thanks very much for the information.

0 Helpful
Latest Contents
AppDynamics
Created by mclymer on 06-30-2022 09:46 AM
0
0
0
0
Cisco Champion Radio: S9|E25 SD-WAN and Ubiquitous Cloud Sec...
Created by Amilee San Juan on 06-29-2022 02:35 PM
0
0
0
0
Listen: https://smarturl.it/CCRS9E25 Follow us: twitter.com/ciscochampions With applications and users everywhere, the networks are now, more than ever, being tasked with delivering consistent protection while providing an exceptional user exper... view more
Cisco Champion Radio: S9|E24 Cisco Radio Aware Routing
Created by Amilee San Juan on 06-28-2022 01:30 PM
0
0
0
0
Listen: https://smarturl.it/CCRS9E24 Follow us: https://twitter.com/CiscoChampion  Cisco Radio Aware Routing addresses several of the challenges faced when merging IP routing and radio communications in mobile networks, especially those exhibiti... view more
Cisco Champion Radio: S9|E23 The Cisco Catalyst 9136 Wi-Fi 6...
Created by Amilee San Juan on 06-28-2022 01:21 PM
0
0
0
0
Listen: https://smarturl.it/CCRS9E23 Follow us: https://twitter.com/CiscoChampion The Wi-Fi 6E Catalyst 9136 access point takes advantage of the 6-GHz band to produce a network that is more reliable and secure, with higher throughput, more ... view more
DR and the Type-2 LSA in OSPFv3 versus OSPFv2
Created by Meddane on 06-24-2022 04:35 PM
0
0
0
0
When moving from OSPFv2 to OSPFv3, there are many changes in the format of the LSAs Type, but the most known changes are: IP prefix informations are no longer carried in Type-1 LSA and Type-2 LSA, new LSAs Type 8 and 9 are added to carry these prefixes. L... view more
Ask a Question
Create
+ Discussion
+ Blog
+ Document
+ Video
+ Project Story
Find more resources
Discussions
Blogs
Documents
Events
Videos
Project Gallery
New Community Member Guide
Related support document topics
Recognize Your Peers
Spotlight Award Nomination
Content for Community-Ad