Cisco Cisco Prime Optical 10.6 Technical References
3
Cisco Prime Optical 10.6 Basic External Authentication
Setting the Environment
The Prime Optical Server acts as a TACACS+ client and sends an authentication (START) packet to the
TACACS+ server. The START packet describes the type of authentication to be performed, and it also
contains the username and authentication data. In answering the START packet, the server responds with
a REPLY packet indicating whether the authentication is finished, or must continue. If the REPLY packet
indicates that authentication must continue, then it also indicates what new information is requested.
TACACS+ server. The START packet describes the type of authentication to be performed, and it also
contains the username and authentication data. In answering the START packet, the server responds with
a REPLY packet indicating whether the authentication is finished, or must continue. If the REPLY packet
indicates that authentication must continue, then it also indicates what new information is requested.
Setting the Environment
Before enabling basic external authentication in Prime Optical, you must launch the Prime Optical client
and create all the necessary users as local users. You must also create these users in the access server.
and create all the necessary users as local users. You must also create these users in the access server.
Note
It is possible to create additional users after enabling basic external authentication, but the Password
Aging and Password Expiration Early Notification fields in Administration > Control
Panel > Security Properties are disabled. Similarly, the Auto Disable Account field and Require
Password Change on Next Login check box in Administration > Users > Create New User are
disabled.
Aging and Password Expiration Early Notification fields in Administration > Control
Panel > Security Properties are disabled. Similarly, the Auto Disable Account field and Require
Password Change on Next Login check box in Administration > Users > Create New User are
disabled.
Configuring Basic External Authentication
The following sections provide information on configuring basic external authentication:
•
•
Configuring Basic External Authentication for RADIUS
Configuring basic authentication for RADIUS requires editing the deployerConfigContext.xml file.
Before You Begin
Create local users as described in
.
Perform this task to configure basic external authentication for RADIUS:
Step 1
If the Prime Optical server is running, enter the opticalctl stop command to stop the server.
Step 2
In the /opt/CiscoTransportManagerServer/tomcat/webapps/SSO/WEB-INF/deployerConfigContext.xml
file, go to the “authenticationHandlers” property list section, and uncomment the following statement by
removing the enclosing <!-- and --> symbols:
file, go to the “authenticationHandlers” property list section, and uncomment the following statement by
removing the enclosing <!-- and --> symbols:
<ref bean="radiusAuthenticationHandler"/>
Step 3
In the /opt/CiscoTransportManagerServer/tomcat/webapps/SSO/WEB-INF/authenticationHandlers.xml
file, go to the bean definition section, and uncomment the “radiusAuthenticationHandler” bean
definition.
file, go to the bean definition section, and uncomment the “radiusAuthenticationHandler” bean
definition.
<bean id="radiusAuthenticationHandler"
class="org.jasig.cas.adaptors.radius.authentication.handler.support.Radius
AuthenticationHandler">
<property name="servers">
<list>
<bean class="org.jasig.cas.adaptors.radius.JRadiusServerImpl">