Enable NFM-P remote TACACS+ authorization

Perform Step 3 to Step 10 on each NFM-P main server station.

Note: In a redundant system, you must perform the steps on the standby main server station first.

Go to Step 11.

Log in to the main server station as the nsp user.

Open a console window.

Navigate to the /opt/nsp/nfmp/server/nms/config directory.

Open the SamJaasLogin.config file using a plain-text editor such as vi.

Locate the TACACSLogin section of the file and set the samvsa parameter to true, as shown in Code Figure 9-4, SamJaasLogin.config file, TACACS+ parameters :

Figure 9-4: SamJaasLogin.config file, TACACS+ parameters

TACACSLogin{            com.timetra.nms.server.jaas.provider.tacacs.auth.TacacsPlusJaasLoginModule REQUIRED            debug=false            samvsa=true                ;};

Save and close the file.

Restart the main server.

Note: When you restart the primary main server in a redundant system, a server activity switch occurs, and the standby main server assumes the primary role.

1. Enter the following:

   bash$ ./nmsserver.bash force_restart ↵

   The main server restarts.

2. If you are restarting the standby main server in a redundant system, enter the following to display the server status:

   bash$ ./nmsserver.bash appserver_status ↵

   The server status is displayed; the server is fully initialized if the status is the following:

   Application Server process is running.  See nms_status for more detail.

   If the server is not fully initialized, wait five minutes and then repeat this step. Do not perform the next step until the server is fully initialized.

Close the console window.

Configure remote TACACS+ server

As the TACACS+ server administrator, add the user group VSA to the TACACS+ user profile, as shown in the following:

service=sam-app{

 sam-security-group="user_group"

}

where user_group is the name of a valid NFM-P user group

End of steps