07-16-2012 03:11 PM - edited 07-03-2021 10:24 PM
I have configured CSM 4.1 and LMS 4.1 for authentication whit TACACS+ the server is my ACS 5.3. The integration was ok but when i use my ACS internal user whit a policy for shell profile (privilege 15) and command set (permit any command) they log in the systems but some functions are not available with a warning saying you dont have role permissions.
There is any way to assign a SuperAdmin role for a user authenticated with ACS???
10-16-2012 10:11 AM
Luis (or anyone)
did you get this resolved? I'm having the same issue. I have NCS and LMS and have gotten NCS and ACS to play nicely using these guides (https://supportforums.cisco.com/docs/DOC-17909 & https://supportforums.cisco.com/message/3743434#3743434) but am in the same boat as you with regard to LMS.
with just the ACS account, a user can log into LMS but cannot do any tasks or even access certain menus, but if I add a local user using the same ACS username with the permissions i want them to have they can do what they need. seems kinda silly to have to make the user twice. there MUST be a way to have ACS tell LMS that the user logging in is in this Role group and has X,Y,Z permissions but i cannot find out how. In NCS it was a shell profile as detailed in the links above but can't find anything like that for LMS.
Anyone have any help or ideas or a guide?!?
10-16-2012 10:26 AM
found this doc (https://supportforums.cisco.com/thread/2163369) basically saying that Authorization is LOCAL only and users will default to the Helpdesk group. is this still True? is this going to be added at any time in the future? this kinda sucks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide