cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
938
Views
0
Helpful
4
Replies

LMS 4.2 AD Integration, User Roles

Hi All, ist it possible to use MS AD to define Roles and Privileges of LMS 4.2 Users? Maybe one User has Full Admin Access, one other only Monitoring Capabilities. Where to define the Access Privileges, LMS or AD? Any Help Welcome.

TIA, Michael

2 Accepted Solutions

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

LMS (pre-4.x) used to allow this via a two step authorization scheme - LMS authentication and authorization based on TACACS user which in turn was (optionally) based on AD. (You could also authenticate directly to AD, though I seldom see this method used.)

Unfortunately, LMS 4 relegated the TACACS integration to Authentication only. Authorization is done via the user's role setup in LMS itself. See the chapter on Security in the admin guide for details.

View solution in original post

You're welcome.

Yes, PI 1.2 is similar. The mechanics of the implementation (which menus to click etc.) are a bit different but the concept of authorization being done on the PI server with authentication remote (or not, as desired) is the same.

This is covered in the PI User Guide, Chapter 15 (Performing Administrative Tasks) - see the various tasks under "Configuring AAA".

View solution in original post

4 Replies 4

Marvin Rhoads
Hall of Fame
Hall of Fame

LMS (pre-4.x) used to allow this via a two step authorization scheme - LMS authentication and authorization based on TACACS user which in turn was (optionally) based on AD. (You could also authenticate directly to AD, though I seldom see this method used.)

Unfortunately, LMS 4 relegated the TACACS integration to Authentication only. Authorization is done via the user's role setup in LMS itself. See the chapter on Security in the admin guide for details.

Great, thank you so much. Do you know  how this is managed in Prime Infrastructure 1.2? Same fashion?

Regards, Michael

You're welcome.

Yes, PI 1.2 is similar. The mechanics of the implementation (which menus to click etc.) are a bit different but the concept of authorization being done on the PI server with authentication remote (or not, as desired) is the same.

This is covered in the PI User Guide, Chapter 15 (Performing Administrative Tasks) - see the various tasks under "Configuring AAA".

Thank you Marvin!

Review Cisco Networking for a $25 gift card