Troubleshooting guide
2 — 5620 SAM user security
Alcatel-Lucent 5620 Service Aware Manager 2-13
5620 SAM
System Administrator Guide
Figure 2-1 Sample 5620 SAM user and user group authentication
Table 2-4 lists the high-level tasks required to configure this sample.
Table 2-4 Sample 5620 SAM user authentication configuration
Administrator
Configures 5620 SAM
user authentication
for all users
Configures user group
privileges per user
other security configurations
user Joe C
belongs to
user group
with CLI access
Authentication order
1) RADIUS
2) TACACS+
3) Local
Authentication failures
before e-mail = 1
User Joe C
CLI access
1) Logs in at 9 a.m.
2) Authenticated by
RADIUS server 1
3) CLI access
User Jane D
no CLI access
1) Logs in at 9:30 a.m.
2) Authentication fails for RADIUS/TACACS
3) Local authentication successed
4) Logs in again at 9:40 a. m.
5) Authenticated by TACACS and server 1
6) Administrator receives
e-mail notification of 9:30 login failure
7) No CLI access
RADIUS server 1
goes down at
9:15 a.m.
user Jane D
does not belong
to user group
with CLI access
5620 SAM
client A
5620 SAM
client B
Network
LoginLogin
SSLSSL
Joe C
Jane D
Jane D
9:30 a.m.
3
DB
Local
authentication
CLI
5620 SAM
server
1a
RADIUS server 2
goes down at
9:15 a.m.
1b
TACACS and server 1
Jane D at 9:40 a.m.
2a
TACACS and server 2
2c
Joe C
Connection
fails at
9:25 a.m.
Back up at
9:35 a.m.
X
17770
Task Description
Pre-configurations Ensure correct RADIUS or TACACS+ server configuration, according to your company
requirements. PAP authentication is supported for RADIUS and TACACS+. The 5620 SAM server
must be able to communicate with the authentication servers to validate users. All configuration
tasks should be done with admin access. The 5620 SAM server IP address must be configured as
the client of the RADIUS or TACACS+ server. The secret keys must match on the 5620 SAM server
and the RADIUS or TACACS+ server.
(1 of 2)
Release 13.0 R2 | May 2015 | 3HE 09815 AAAB TQZZA Edition 01