SMS supports five types of user authentication: Local, RADIUS, Active Directory (AD), TACACS+, and CAC. However, only one authentication method per SMS server is allowed at a time. While only one authentication method is supported, SMS does allow the administrator to designate users who must always be authenticated locally, regardless of the primary authentication source. 

Authentication Source

In the Admin > Authentication and Authorization > Authentication > Authentication Source area, you can view the currently enabled authentication method.

Note 1: Using both RADIUS and Active Directory authentication on a single SMS instance is not supported.

Note 2: A typical best-practice recommendation is to have at least one SuperUser account that authenticates locally to ensure access for system troubleshooting.

Note 3: Designating RADIUS or Active Directory (AD) as an authentication source first requires a RADIUS or AD server to be configured and properly enabled for authentication in your network environment.

Note 4: The RADIUS and AD options will remain grayed out until properly configured in the Authentication Configuration screen.
 

How To: Edit the SMS Server Authentication Source

1. Login to the SMS from a client.
2. Select Admin>Authentication and Authorization>Authentication>Authentication Source from the Admin navigation menu.
3. Click Edit in the Authentication Source area. The Authentication Source dialog box opens.
4. Choose one of the four available selections:
   • Use Local Authentication
   • Use RADIUS Authentication
   • Use Active Directory Authentication
   • Use TACACS+ Authentication
   • Use CAC Authentication
5. In the lower portion of the dialog, select user accounts that are only authenticated locally, even if a remote authentication server is selected as an authentication source.
6. Click OK.