Troubleshooting guide

2 — 5620 SAM user security tasks

Alcatel-Lucent 5620 Service Aware Manager 2-41

5620 SAM

System Administrator Guide

Perform one of the following:

a If RADIUS authentication is enabled:

i Copy the example of the RADIUS dictionary below to the RADIUS

dictionary file. Enter changes to the file based on your RADIUS

configuration.

ii Configure the RADIUS user profile and add a previously defined

5620 SAM user group name to the Sam-security-group-name VSA.

Code 2-3 shows an example of the RADIUS user group VSA:

Code 2-3: RADIUS user group VSA example

Sam-security-group-name="user_group_name_locally_defined_in_5620SAM"

The VSA configuration file contains information such as usernames,

passwords, and the 5620 SAM user group name. The user authentication

process returns the user group name in the Sam-security-group-name

VSA of the access-accept message.

Code 2-4 shows an example of the RADIUS dictionary text:

Code 2-4: RADIUS dictionary text: example

###########################################################

# Alcatel-Lucent 5620 SAM Server dictionary. #

# $ld: dictionary.alcatel.sam,v 1.1 2006/08/18 10:00:22$ #

############################################################

VENDOR Alcatel-Lucent 123

BEGIN-VENDOR Alcatel-Lucent

ATTRIBUTE Sam-security-group-name 3 string

END-VENDOR Alcatel-Lucent

b If TACACS+ authentication is enabled, define the 5620 SAM user group VSA in

the user profile on the TACACS+ server. Code 2-5 shows an example of the

TACACS+ user group VSA:

Code 2-5: TACACS+ user group VSA example

service=sam-app{

sam-security-group="user_group_name_locally_defined_in_5620SAM"

}

Note 1 — The user group must be a valid user group in the 5620 SAM.

Note 2 — The vendor ID must be 123.

Note — The user group must be a valid 5620 SAM user group.

Release 12.0 R6 | November 2014 | 3HE 08861 AAAF TQZZA Edition 01