The SMS supports five types of user authentication; Local, RADIUS, Active Directory (AD), TACACS+ and CAC. However, only one authentication method per SMS server is allowed at any one time. While only one authentication method is supported, SMS does allow the administrator the ability to designate users that must always be authenticated locally regardless the primary authentication source.
In the Admin>Authentication and Authorization>Authentication>Authentication Source area you can view the currently enabled authentication method.
Note 1: Using both RADIUS and Active Directory authentication on a single SMS instance is not supported.
Note 2: A typical best-practice recommendation is to have at least one SuperUser account that authenticates locally to ensure access for system troubleshooting.
Note 3: Designating RADIUS or Active Directory (AD) as an authentication source first requires that a RADIUS or AD server be configured and properly enabled for authentication in your network environment.
Note 4: The RADIUS and AD options will remain grayed out until properly configured in the Authentication Configuration screen.
Note 5: RADIUS authentication is supported on N-Platform and NX-platform devices running TOS v3.7.0 or later. If the device does not support RADIUS authentication, the RADIUS options are disabled. TACACS+ authentication is supported only on N-Platform and NX-platform devices running TOS v3.8.0 or later. If the device does not support TACACS+ authentication, this option is disabled.
How To: Edit the SMS Server Authentication Source
- Login to the SMS from a client.
- Select Admin>Authentication and Authorization>Authentication>Authentication Source from the Admin navigation menu.
- Click Edit in the Authentication Source area. The Authentication Source dialog box opens.
- Choose one of the four available selections:
- Use Local Authentication
- Use RADIUS Authentication
- Use Active Directory Authentication
- Use TACACS+ Authentication
- Use CAC Authentication
- In the lower portion of the dialog, select user accounts that are only authenticated locally, even if a remote authentication server is selected as authentication source.
- Click OK.