AD users for specific device access


#1

I’ve got Active Directory Authentication working fine however I couldn’t create a local account so I can assign only specific devices for certain users to access. When I add those users to the RO AD group they can log in so I change them to local access and assign the specific devices.

However when they log in they can still see all devices and all device groups. Is there a solution to this ?Can someone out there help me out to achieve this ? I cant eve create a local account even though I have Admin access in the admin AD group.

By the way this is the configuration line for the viewers and Admin AD authentication

$config[‘auth_ad_groups’][‘LibreNMS_Viewers’][‘level’] = 5;
$config[‘auth_ad_groups’][‘LibreNMS_Admins’][‘level’] = 10;


#2

Hi,

Authentication Level 5 is Global Read and 10 is Global Read/Write, so both the mapped AD groups in your config supply a global level of access. Access levels are disucssed here: https://docs.librenms.org/Extensions/Authentication/ and it looks like you’re after level 1.

Try creating an AD Group LibreNMS_NormalUser and addding:
$config[‘auth_ad_groups’][‘LibreNMS_NormalUser’][‘level’] = 1;


#3

Thank you so much @squizzle Change it to level 1 and it works :slight_smile:

Much appreciated