Cisco Cisco Prime Optical 10.6 Riferimenti tecnici
5
Cisco Prime Optical 10.6 Basic External Authentication
Configuring RADIUS Failover
Step 2
In the /opt/CiscoTransportManagerServer/tomcat/webapps/SSO/WEB-INF/deployerConfigContext.xml
file, go to the “authenticationHandlers” property list section, and uncomment the
“jaasTacacsAuthenticationHandler” bean class definition by removing the enclosing <!-- and -->
symbols:
file, go to the “authenticationHandlers” property list section, and uncomment the
“jaasTacacsAuthenticationHandler” bean class definition by removing the enclosing <!-- and -->
symbols:
<bean id="jaasTacacsAuthenticationHandler"
class="org.jasig.cas.authentication.handler.support.JaasAuthenticationHandler" />
Step 3
Save and close the file.
Step 4
Enter the following command to generate an encrypted secret key:
cd /opt/CiscoTransportManagerServer/tomcat/webapps/SSO/WEB-INF/
sh encrypt.sh <secret key>
Step 5
In the /opt/CiscoTransportManagerServer/tomcat/webapps/SSO/WEB-INF/jaas.config.tacacs file, go to
the “JaasSecretKey” property and save the encrypted secret key. If necessary, enter a server or update
the port property.
the “JaasSecretKey” property and save the encrypted secret key. If necessary, enter a server or update
the port property.
For example:
CAS {
com.cisco.xmp.jaas.tacacs.TacacsLoginModule required
debug=true
JaasSecretKey="/0ETVZtttpE="
server="tacacs-server.example.com"
port="49";
};
Step 6
In the /opt/CiscoTransportManagerServer/tomcat/conf/catalina.properties file, go to the
“java.security.auth.login.config” property and uncomment the “java.security.auth.login.config” property
by removing the preceding # symbol.
“java.security.auth.login.config” property and uncomment the “java.security.auth.login.config” property
by removing the preceding # symbol.
Step 7
Go to the /opt/CiscoTransportManagerServer/cfg/CTMServer.cfg file and set the “ext-auth” property to
true.
true.
<property name="ext-auth" value="true" />
Step 8
Enter the opticalctl start command to restart the Prime Optical server.
Configuring RADIUS Failover
You can configure Prime Optical to direct all RADIUS traffic to a standby RADIUS server if the primary
RADIUS server becomes unavailable. All RADIUS traffic is directed to the standby server.
RADIUS server becomes unavailable. All RADIUS traffic is directed to the standby server.
Before You Begin
Complete the steps in
Perform this task to configure RADIUS failover:
Step 1
If the Prime Optical server is running, enter the opticalctl stop command to stop the server.
Step 2
In the /opt/CiscoTransportManagerServer/tomcat/webapps/SSO/WEB-INF/authenticationHandlers.xml
file, go to the “servers” property section and add another bean definition that designates a standby server.
file, go to the “servers” property section and add another bean definition that designates a standby server.
For example:
<property name="servers">