Troubleshooting guide

ManualsBrandsAlcatel ManualsComputer equipmentSecurity Management Server (SMS) Release 9.4

2 — 5620 SAM user security tasks

Alcatel-Lucent 5620 Service Aware Manager 2-11

5620 SAM

System Administrator Guide

Consider the following:

• The 5620 SAM server acts as a network access server. A network access server

is considered a client of a RADIUS or TACACS+ server.

• The sequence of activity between the 5620 SAM server, which is the

authentication client, and the RADIUS or TACACS+ server, which is the

authentication server, is the following:

• client requests authentication

• server replies to authentication request

• client requests logout and authentication stops

• When the remote authentication servers are down and local authentication is

used, the user must log in using 5620 SAM credentials, as described

in “Combined local and remote authentication”.

1. Configure the

remote

authentication order

for all users

Choose Administration→Security→5620 SAM RADIUS/TACACS+ User Authentication from the

5620 SAM main menu.

Set the authentication order parameters to:

• radius

• tacplus

• local

Also specify the RADIUS and TACACS+ servers using the corresponding tabs on the same form.

2. Create scope of

command profiles

Choose Administration→Security→5620 SAM User Security from the 5620 SAM main menu.

Create a CLI scope of command profile and assign the default CLI management role to the profile.

Create at least one scope of command profile that does not allow CLI access by assigning the

default scope of command role, which has no access permissions to CLI management.

3. Create and

configure user groups

Choose Administration→Security→5620 SAM User Security from the 5620 SAM main menu.

Create a CLI user group and at least one user group that does not allow CLI access. Assign the

scope of command profile with CLI management access to the CLI user group. Assign the scope of

command profile without CLI management access to the user group without CLI access.

Authorization is done using user groups, so each user must belong to a user group with a local

account on the 5620 SAM server.

4. Create and

configure user

accounts

You can create local users on the 5620 SAM by performing the following steps, or define remote

users using RADIUS and TACACS+. The local users are available when RADIUS or TACACS+

authentication is not available.

Choose Administration→Security→5620 SAM User Security from the 5620 SAM main menu.

Create users.

Assign the appropriate user group to each user: one with CLI access and one without CLI access.

5.Configure

notification

Choose Administration→Security→5620 SAM User Security from the 5620 SAM main menu.

Configure the authentication failure action parameters, including the parameters that allow the

e-mail account of the administrator to be notified after login failure.

Task Description

(2 of 2)

Release 12.0 R6 | November 2014 | 3HE 08861 AAAF TQZZA Edition 01