Manualshelf

Troubleshooting guide

ManualsBrandsAlcatel ManualsComputer equipment2.2-R02
31323334353637383940
2 — 5620 SAM user security
Alcatel-Lucent 5620 Service Aware Manager 2-9
5620 SAM
System Administrator Guide
2.5 Remote 5620 SAM user access
In addition to local account management, 5620 SAM user authentication and
authorization can be accomplished via remote servers. 5620 SAM supports the
following remote user access protocols:
LDAP or LDAPS
RADIUS
TACACS+
You can configure 5620 SAM access for users that log on through a third-party
server in a corporate network. For example, a person who does not have a 5620 SAM
user account can log in to the 5620 SAM using their corporate credentials. The
5620 SAM forwards the credentials to a remote authentication server, and grants or
denies access to the user based on the remote server response.
If a remote authentication server is configured to authorize users, the remote server
also sends the name of a user group in a successful authentication response. If the
5620 SAM has a user group with the same name, the user is assigned to the group
and granted access based on the group properties. Otherwise, the user is assigned to
a default external user group.
When a remote session terminates, the associated 5620 SAM user account remains,
and the user application preferences such as filters apply to subsequent sessions.
Successful remote authentication for an OSS user requires that the remote server and
the 5620 SAM use the same password format. The OSS users can log in using a
clear-text or MD5-hashed password, if the remote server supports MD5 password
hashing. See “Secure communication” in the 5620 SAM XML OSS Interface
Developer Guide for more information.
You use the 5620 SAM Remote Authentication Manager to configure the protocols
and define the authentication order for users. For example, if you specify an order of
RADIUS, LDAP, local, the 5620 SAM tries to authenticate each remote user via
RADIUS; if the RADIUS servers are unavailable, the 5620 SAM tries LDAP, and
upon failure tries to match the user credentials to a local 5620 SAM account.
Procedure 2-36 describes how to configure the general remote access properties,
such as the authentication types, the authentication order, and the remote servers.
Note — Alcatel-Lucent recommends using LDAP Secure, or
LDAPS, in a live deployment. LDAPS user authentication is
supported only in a 5620 SAM system that is secured using SSL, and
requires additional configuration, as described in Procedure 2-33.
See the 5620 SAM | 5650 CPAM Installation and Upgrade Guide for
information about enabling SSL in a 5620 SAM system.
Release 13.0 R2 | May 2015 | 3HE 09815 AAAB TQZZA Edition 01