How do I enable remote user authorization via RADIUS?
|
CAUTION Service Disruption |
Performing the procedure requires a restart of each main server in the NFM-P system, which is service-affecting.
You must perform the procedure only during a scheduled maintenance period.
Steps
Enable NFM-P remote RADIUS authorization | |
1 |
Perform Step 3 to Step 10 on each NFM-P main server station. Note: In a redundant system, you must perform the steps on the standby main server station first. |
2 |
Go to Step 11. |
3 |
Log in to the main server station as the nsp user. |
4 |
Open a console window. |
5 |
Navigate to the /opt/nsp/nfmp/server/nms/config directory. |
6 |
Open the SamJaasLogin.config file using a plain-text editor such as vi. |
7 |
Locate the RADIUSLogin section of the file and set the samvsa parameter to true, as shown in Code Figure 9-2, SamJaasLogin.config file, RADIUS parameters : Figure 9-2: SamJaasLogin.config file, RADIUS parametersRADIUSLogin{com.timetra.nms.server.jaas.provider.radius.auth.RadiusJaasLoginModule REQUIRED debug=false samvsa=true ;};
|
8 |
Save and close the file. |
9 |
Restart the main server. Note: When you restart the primary main server in a redundant system, a server activity switch occurs, and the standby main server assumes the primary role.
|
10 |
Close the console window. |
Configure remote RADIUS server | |
11 |
Copy the RADIUS dictionary section in Code Figure 9-3, NFM-P RADIUS dictionary entry to the RADIUS dictionary file on the RADIUS server. Note: The vendor ID must be 123. Figure 9-3: NFM-P RADIUS dictionary entryVENDOR Nokia 123BEGIN-VENDOR NokiaATTRIBUTE Sam-security-group-name 3 group_nameEND-VENDOR Nokia |
12 |
Change group_name in the entry to the name of a valid NFM-P user group. |
13 |
As the RADIUS server administrator, add the NFM-P_security_group VSA to the RADIUS user profile, as shown in the following: Sam-security-group-name="user_group" where user_group is the name of a valid NFM-P user group End of steps |