Troubleshooting guide

2 — 5620 SAM user security

Alcatel-Lucent 5620 Service Aware Manager 2-41

5620 SAM

System Administrator Guide

8 Close the console window.

Configure remote RADIUS server

9 Copy the RADIUS dictionary section in Code 2-2 to the RADIUS dictionary file on

the RADIUS server.

Code 2-2: Alcatel-Lucent RADIUS dictionary entry

VENDOR Alcatel-Lucent 123

BEGIN-VENDOR Alcatel-Lucent

ATTRIBUTE Sam-security-group-name 3 group_name

END-VENDOR Alcatel-Lucent

10 Change group_name in the entry to the name of a valid 5620 SAM user group.

11 As the RADIUS server administrator, add the Sam-security-group-name VSA to the

RADIUS user profile, as shown in the following:

Sam-security-group-name="5620_SAM_user_group"

where 5620_SAM_user_group is the name of a valid 5620 SAM user group

Procedure 2-35 To enable remote user authorization via TACACS+

Perform this procedure to enable the 5620 SAM to accept user group assignments from

TACACS+ servers.

Enable TACACS+ remote authorization in 5620 SAM

1 Log in to the main server station as the samadmin user.

2 Open a console window.

3 Navigate to the /opt/5620sam/server/nms/config directory.

4 Open the SamJaasLogin.config file using a plain-text editor such as vi.

5 Locate the TACACSLogin section of the file and set the samvsa parameter to true,

as shown in Code 2-3:

Note — The vendor ID must be 123.

Note — You must perform steps 1 to 8 on each main server in the

5620 SAM system.

Release 13.0 R2 | May 2015 | 3HE 09815 AAAB TQZZA Edition 01