Cisco Cisco Transport Manager 9.1 Technical References
12
Cisco Transport Manager Release 9.1 Basic External Authentication
OL-19366-01
Caveats for Local Authentication When External Authentication Is Enabled
•
Authorization Port—(Applicable only to SiteMinder 4.x) Specify the policy server port for
authorization (for example, 44441).
authorization (for example, 44441).
•
Accounting Port—(Applicable only to SiteMinder 4.x) Specify the policy server port for accounting
(for example, 44443).
(for example, 44443).
•
Agent Name—(Applicable only to SiteMinder 4.x) Enter the name that the policy server uses to
identify the custom CTM agent.
identify the custom CTM agent.
•
Shared Secret—(Applicable only to SiteMinder 4.x) Enter the parameter that the CTM policy server
uses to create a unique ID.
uses to create a unique ID.
•
Polling Time—(Applicable only to SiteMinder 4.x and 5.x) Enter the polling frequency (in hours)
for the policy server to update the parameters. The default value is 0, meaning that polling is
disabled.
for the policy server to update the parameters. The default value is 0, meaning that polling is
disabled.
•
Authentication Tool—Specify the third-party tool used for authentication. Valid values are
SiteMinder 4.x, SiteMinder5.x, and PAM RADIUS.
SiteMinder 4.x, SiteMinder5.x, and PAM RADIUS.
Note
The Active column lists the current configuration settings on the CTM server. The Activated
After Restart column lists the new configuration settings that take effect after the CTM server
reboots.
After Restart column lists the new configuration settings that take effect after the CTM server
reboots.
Changes to the Enable SysAdmin and Allow Local Fallback settings are applied immediately.
Changes to the other settings take effect after the CTM server reboots.
Changes to the other settings take effect after the CTM server reboots.
Step 4
Click Save.
Step 5
The SiteMinder policy server administrator must complete the following additional substeps:
a.
The configuration server side is the same as a web agent. Add the following string as a protected
resource:
resource:
/CtmServerPrivate/index.html
b.
Set GET as an action.
c.
Choose Basic as the policy server configuration credential.
d.
Use the SiteMinder Test tool to trust the CTM parameters.
Step 6
To enable external authentication, you must restart the CTM server. Enter the following command:
ctms-stop ; ctms-start
Caveats for Local Authentication When External Authentication
Is Enabled
Is Enabled
When external authentication is enabled, the local authentication system is subject to the following
caveats:
caveats:
•
Because user credentials (passwords) are not checked against passwords in the local database, the
following CTM authentication features might not work in all cases:
following CTM authentication features might not work in all cases:
–
User lockout