Manualshelf

Troubleshooting guide

ManualsBrandsAlcatel ManualsComputer equipmentSecurity Management Server (SMS) Release 9.4
31323334353637383940
2 — 5620 SAM user security tasks
2-14 Alcatel-Lucent 5620 Service Aware Manager
5620 SAM
System Administrator Guide
5620 SAM users who currently authenticate remotely can log in to the 5620 SAM
using their RADIUS or TACACS+ passwords.
5620 SAM user authentication requires an account password that observes the
5620 SAM password constraints described in this chapter.
For example, a user named jane has the following accounts:
a remote RADIUS account called jane and the password accessforjane
a local 5620 SAM account called jane and the password LetJane1In!
When jane is authenticated by RADIUS, she gains access to the 5620 SAM by typing
in jane and accessforjane. If the RADIUS server is down, jane is authenticated
locally by the 5620 SAM after typing jane and LetJane1In!.
2.7 Workflow to configure and manage 5620 SAM user security
1 Assess the requirements for user access to the different 5620 SAM functional areas
and develop a strategy for implementing user security. See section 2.2 for more
information.
2 Reserve a client GUI session for the admin user to ensure that the admin user can
always log in. See Procedure 2-1 for more information.
3 Create scope of command roles or modify the default role to meet your
operational requirements. See Procedure 2-2 for more information.
4 Create scope of command profiles that contain the appropriate scope of command
roles for the types of tasks to be performed. See Procedure 2-3 for more
information.
5 Create spans or modify the default span to meet your operational requirements.
Add 5620 SAM managed objects to the spans. See Procedure 2-4 for more
information.
6 Create span of control profiles that contain the required spans. See Procedure 2-5
for more information.
Note — When the samvsa parameter in the 5620 SAM JAAS
configuration file is set to true, the 5620 SAM requires a user group
from the remote server for authorization and the following conditions
apply:
If a 5620 SAM user account is associated with a local user group
and configured to use remote authentication, the local user group
is replaced by the remote user group.
The user group sent by the remote server must exist in the
5620 SAM, otherwise, authentication fails.
The samvsa flag is set to false by default. See “Remote authentication
and authorization” in this chapter and Procedure 2-34 for more
information about configuring the 5620 SAM VSA.
Release 12.0 R6 | November 2014 | 3HE 08861 AAAF TQZZA Edition 01