Manualshelf

Troubleshooting guide

ManualsBrandsAlcatel ManualsComputer equipment2.2-R02
71727374757677787980
3 — NE user and device security
Alcatel-Lucent 5620 Service Aware Manager 3-3
5620 SAM
System Administrator Guide
You can create device user accounts as a backup to RADIUS, TACACS+, or LDAP
authentication. In the event that a RADIUS, TACACS+, or LDAP function fails, the
device user account provides device access.
TACACS+ and LDAP provide functions that are similar to RADIUS.
See the appropriate RADIUS, TACACS+, or LDAP documentation for information
about authentication server installation, configuration, and management.
For TACACS+ users, you can specify the following in a user template that is read by
the global TACACS+ policy:
the type of permitted device access, for example, console, FTP, or both
a home directory
a login script to execute
Combined local and remote authentication
An organization may have an established TACACS+ or RADIUS authentication
configuration. You can add 5620 SAM client GUI user accounts to an existing
TACACS+ or RADIUS user base for local authentication by a 5620 SAM server.
Consider the following:
You can create a 5620 SAM user account that matches a TACACS+, RADIUS,
or LDAP user account. For example, if the RADIUS user account is Jane, you can
create a 5620 SAM user Jane.
A 5620 SAM user name can be 1 to 80 characters, which is flexible enough to
match most remote authentication user accounts.
A 5620 SAM user that is authenticated remotely can log in to the 5620 SAM
using the RADIUS, TACACS+, or LDAP password.
For local 5620 SAM user authentication, the account password must meet the
5620 SAM password requirements.
For example, for a user called Jane:
The RADIUS user name is Jane, and the password is accessforjane.
The 5620 SAM user name is Jane and password is !LetJane1In.
When Jane is authenticated by RADIUS, she can log in to the 5620 SAM client by
typing in Jane and accessforjane. If the RADIUS server was down, and she could not
be authenticated remotely, to be authenticated locally Jane must log in to the
5620 SAM client by typing jane and !LetJane1In.
Note — The 5620 SAM checks for reachability to a TACACS+
server using UDP port 49 to prevent long timeout issues. However, all
subsequent communication with the server uses TCP port 49.
Release 13.0 R2 | May 2015 | 3HE 09815 AAAB TQZZA Edition 01