How do I enable remote user authorization via TACACS+?
![]() |
CAUTION Service Disruption |
Performing the procedure requires a restart of each main server in the NFM-P system, which is service-affecting.
You must perform the procedure only during a scheduled maintenance period.
Steps
Enable NFM-P remote TACACS+ authorization | |
1 |
Perform Step 3 to Step 10 on each NFM-P main server station. Note: In a redundant system, you must perform the steps on the standby main server station first. |
2 |
Go to Step 11. |
3 |
Log in to the main server station as the nsp user. |
4 |
Open a console window. |
5 |
Navigate to the /opt/nsp/nfmp/server/nms/config directory. |
6 |
Open the SamJaasLogin.config file using a plain-text editor such as vi. |
7 |
Locate the TACACSLogin section of the file and set the samvsa parameter to true, as shown in Code Figure 9-4, SamJaasLogin.config file, TACACS+ parameters : Figure 9-4: SamJaasLogin.config file, TACACS+ parametersTACACSLogin{ com.timetra.nms.server.jaas.provider.tacacs.auth.TacacsPlusJaasLoginModule REQUIRED debug=false samvsa=true ;}; |
8 |
Save and close the file. |
9 |
Restart the main server. Note: When you restart the primary main server in a redundant system, a server activity switch occurs, and the standby main server assumes the primary role.
|
10 |
Close the console window. |
Configure remote TACACS+ server | |
11 |
As the TACACS+ server administrator, add the user group VSA to the TACACS+ user profile, as shown in the following: service=sam-app{ sam-security-group="user_group" } where user_group is the name of a valid NFM-P user group End of steps |