Troubleshooting guide
2 — 5620 SAM user security
Alcatel-Lucent 5620 Service Aware Manager 2-11
5620 SAM
System Administrator Guide
After a communication failure between a GUI client and a 5620 SAM main server
when one-time password use is in effect, the GUI client is unable to obtain
authentication using the cached credentials from the previous login attempt. When
this occurs, the client prompts the user to log in to the remote authentication server
again, but does not automatically close the GUI, in order to preserve the current view
until the user is authenticated.
Combined local and remote authentication
A 5620 SAM operator can integrate an existing LDAP, RADIUS, or TACACS+ user
account with a 5620 SAM user account by creating a 5620 SAM user account that
has the same name as the remote account. A 5620 SAM user who authenticates
remotely can then log in to the 5620 SAM using their remote credentials, if the
password observes the 5620 SAM password constraints described in this chapter.
A 5620 SAM user name can be 1 to 80 characters long, which is sufficient for most
combined authentication scenarios.
For example, a user named jane has the following accounts:
• a remote RADIUS account called jane and the password accessforjane
• a local 5620 SAM account called jane and the password LetJane1In!
When jane is authenticated by RADIUS, she gains access to the 5620 SAM by typing
in jane and accessforjane. If the RADIUS server is down, jane is authenticated
locally by the 5620 SAM after typing jane and LetJane1In!.
Note — If a RADIUS or TACACS+ server is configured to perform
user authorization, the 5620 SAM requires a user group from the
remote server, and the following conditions apply:
• The user group sent by the remote server must exist in the
5620 SAM.
• If a 5620 SAM user account is associated with a local user group
and configured to use remote authentication, the local user group
is replaced by the specified remote user group.
Release 13.0 R2 | May 2015 | 3HE 09815 AAAB TQZZA Edition 01