How do I enable remote user authorization via RADIUS?

CAUTION 

CAUTION

Service Disruption

Performing the procedure requires a restart of each main server in the NFM-P system, which is service-affecting.

You must perform the procedure only during a scheduled maintenance period.

Steps
Enable NFM-P remote RADIUS authorization
 

Perform Step 3 to Step 10 on each NFM-P main server station.

Note: In a redundant system, you must perform the steps on the standby main server station first.

Go to Step 11.

Log in to the main server station as the nsp user.

Open a console window.

Navigate to the /opt/nsp/nfmp/server/nms/config directory.

Open the SamJaasLogin.config file using a plain-text editor such as vi.

Locate the RADIUSLogin section of the file and set the samvsa parameter to true, as shown in Code Figure 9-2, SamJaasLogin.config file, RADIUS parameters :

Figure 9-2: SamJaasLogin.config file, RADIUS parameters
RADIUSLogin
{
com.timetra.nms.server.jaas.provider.radius.auth.RadiusJaasLoginModule REQUIRED
            debug=false
            samvsa=true
                ;
};

Save and close the file.

Restart the main server.

Note: When you restart the primary main server in a redundant system, a server activity switch occurs, and the standby main server assumes the primary role.

  1. Enter the following:

    bash$ ./nmsserver.bash force_restart ↵

    The main server restarts.

  2. If you are restarting the standby main server in a redundant system, enter the following to display the server status:

    bash$ ./nmsserver.bash appserver_status ↵

    The server status is displayed; the server is fully initialized if the status is the following:

    Application Server process is running.  See nms_status for more detail.

    If the server is not fully initialized, wait five minutes and then repeat this step. Do not perform the next step until the server is fully initialized.

10 

Close the console window.

Configure remote RADIUS server
 
11 

Copy the RADIUS dictionary section in Code Figure 9-3, NFM-P RADIUS dictionary entry to the RADIUS dictionary file on the RADIUS server.

Note: The vendor ID must be 123.

Figure 9-3: NFM-P RADIUS dictionary entry
VENDOR          Nokia                      123
BEGIN-VENDOR                          Nokia
ATTRIBUTE       Sam-security-group-name      3      group_name
END-VENDOR                            Nokia
12 

Change group_name in the entry to the name of a valid NFM-P user group.

13 

As the RADIUS server administrator, add the NFM-P_security_group VSA to the RADIUS user profile, as shown in the following:

Sam-security-group-name="user_group"

where user_group is the name of a valid NFM-P user group

End of steps