09-13-2013 09:24 AM
I have configured authentication on Cisco ACS 5.2 and 4.1. You need to input the NetMRI user roles in the shell profile of each user, or if they are part of a group, configure the user roles in the group. Then configure the users in NetMRI, configure the NetMRI to authenticate to TACACS (or Radius) and test out the authentication.
05-13-2014 09:54 AM
I wasn't aware that user roles could work with ACS AAA. We've used ACS just for authentication but the roles must be defined locally. How does one indicate that JoeUser has five roles in device groups A & B, and six roles in device group C?
05-13-2014 10:00 AM
You can't really do that right now. In order to do that the product will need to support user groups. You would assign those groups to specific roles for specific device groups, and then the product would read the user group from the external AAA server when you authenticate. This also would mean that a user would not need to be defined within the product in order to use it - they would only have to be in the AAA server with the right group.
This is not supported today, so if you are interested in that let your account team know so they can file an RFE.
09-08-2015 10:23 PM
You can now!
As of NetMRI 7.0, you can dynamically map NetMRI user roles to authentication service groups. Thus integrating both authorization as well as authentication.