The Centralized Network Element User Management (CNUM) feature enables network elements to authenticate and authorize users against the CNUM repository (LDAP) in NetAct. When using CNUM, users with sufficient access rights can log in to a network element with their own user account instead of using the local network element-specific user accounts. CNUM is also known as Centralized User Authentication and Authorization (CUAA) and Remote User Identification Management (RUIM).
CNUM is based on user accounts that are created in the NetAct system using the User Management application and stored in the LDAP repository in NetAct. Access to network elements and allowed operations are controlled by permissions that are granted using the Permission Management application.
For more information, refer to About Centralized Network Element User Management.
Before LTE iOMS can be used with NetAct for CNUM, some configuration changes need to be applied. For the list of preconditions, refer to Network element specific requirements for LTE iOMS under
Administering Users and Permissions.
CNUM-supported network elements LTE iOMS
LTO6.0
eNodeB
LTE iOMS
LTO7.0
LTO15A
Table 22: Network element mapping
eNodeB LNT3.1 LNT4.0 LN4.0 LN5.0 LN6.0 LNFZ5.0 LNT3.0 LNT3.1 LNT4.0 LNT5.0 LN4.0 LN5.0 LN6.0 LN7.0 LNFZ5.0 LNF7.0 LNZ5.0 LNT3.0 LNT3.1 LNT4.0 LNT5.0 TL15A LN4.0 LN5.0 LN6.0 LN7.0 FL15A LNFZ5.0 LNF7.0 LNZ5.0
To use CNUM, the following conditions must be met:
•
The network element must support CNUM feature. For a list of the CNUM-supported network elements, refer to Network element mapping.Integrating Flexi Multiradio BTS LTE to NetAct Other management functions for Flexi Multiradio BTS LTE
Note: Ensure that LTE iOMS software version R_GOMS6_1.xxxxx, or newer, is installed.
•
The CNUM license (Centralized NE User Management for LTE, Feature Code 0000004670) must be installed in NetAct.For more information, refer to the following sections:
•
To activate CNUM on Network Elements, see Activating Centralized Network Element UserManagement.
•
To deactivate CNUM on Network Elements, see Deactivating Centralized Network Element UserManagement.
•
To change the password of the accounts for CNUM on Network Elements, see Changingpassword of the network element accounts.
•
For information on LTE iOMS commands, see LTE Radio Access Operating Documentation in the NSN online library. Open LTE Radio Access Operating Documentation and navigate toChecking functional correctness of OMS. Note that this document has several versions
depending on the software release. As an example, you may refer to LTE Radio Access
Documentation (DN0983101).
Below are the supported LTE iOMS roles and permissions:
Adaptation
Permission Name Operation Description Support
Action Log Error Monitor This permission enables read access to Ready ActionLogError. EMI, not used in OMS.
Manage This permission enables manage Ready
access to ActionLogError. EMI, not used in OMS.
Action Log Monitor This permission enables read access to Supported
Operation ActionLogOperation. EMI, not used in
OMS.
Manage This permission enables manage Supported access to ActionLogOperation. WebUI
server-side service.
Action Log Security
Monitor
Manage
This permission enables read access to ActionLogSecurity. EMI, not used in OMS server-side service.
This permission enables manage access to ActionLogSecurity. EMI, not used in OMS server-side service.
Ready
Permission Name Operation Description Adaptation Support
Action Log Setting Monitor
Manage
This permission enables read access to ActionLogSetting. EMI, not used in OMS server-side service.
This permission enables manage access to ActionLogSetting. EMI, not used in OMS server-side service.
Ready
Ready
CM Plan Monitor This permission enables read access to Ready
Management CMPlanManagement. NWI3, not used
in OMS server-side service.
Manage This permission enables manage Ready
access to CMPlanManagement. NWI3 and WebUI server-side service, not used in OMS.
Diagnostics Management
Monitor
Manage
This permission enables read access to Diagnostics. EMI, not used in OMS server-side service.
This permission enables manage access to Diagnostics. EMI, not used in OMS server-side service.
Ready
Ready
Fault Management Monitor This permission enables read access to Supported Fault Management.
fsui
Manage
Monitor
This permission enables manage access to Fault Management.
This permission is typically assigned to an operator that monitors the network element, but does not take any management actions. This also includes access to log files (managed using ACL).
Supported
Supported
Log This permission is for files generated by Supported syslog.
Manage This permission is typically used for management actions such as attempting recovery, managing IP addresses, hardware, and licenses.
This does not include access to
Integrating Flexi Multiradio BTS LTE to NetAct Other management functions for Flexi Multiradio BTS LTE
Permission Name Operation
wheel
seclog
Description
data stored in databases, backup functionality, or passwords stored in LDAP. This role is targeted for daily management functions, such as reacting to alarms.
Root privileges are required for operations that cannot be performed using this group. Exceptions are log files (_nokfsuilog, _nokfsuiseclog), and backup (_nokfsuibackup).
This permission allows a user to use the su command to switch to the root account; it is used only for LDAP users. The normal wheel group (/etc/group) is used for accounts stored in /etc/ passwd.
This permission is for files generated by syslog.
Syslog only uses numeric IDs when creating the file so as not to depend on LDAP. Users should be assigned to this group when they need to read security log files. The syslog daemon creates files with this group owner and grants read access to this group. It is stored in /etc/passwd since it is required when starting syslog.
Adaptation Support
Supported
fsuicli generalloginshell This permission allows a CNUM user to Supported connect to OMS via SSH.
ownhomedir This permission allows a CNUM user Supported to log in to the home directory (/home/
<username>) via SSH.
hassharedreadonlyhomeThis permission allows a user to log in Supported to a read-only shared home directory (/
Permission Name Operation Description Adaptation Support fsuiexternalldap fsuifault fsuilic fsuiom fsuiperformance login man view man Manage man view
This permission is required for clients to access the LDAP server using the external LDAPS interface.
This permission is required for Fault Management.
This permission is required for Fault Monitoring.
This permission is assigned to users that need to manage the licensing of a FlexiServer-based network element.
This permission allows access to collect statistics and modify the performance management configuration and alarm system configuration, for example, alarm correlation.
This permission is required for Performance Management.
This permission is required for Performance Monitoring. Supported Supported Supported Supported Supported Supported Supported
Mmi Login Monitor This permission enables read access to Supported MMILogin. OMS Common OMS Configuration Management Manage Monitor Manage Monitor
This permission enables manage access to MMILogin.
This OMSCommonmonitor permission enables the user to launch the Active Sessions and Fault Management application.
This OMSCommonmanage permission enables the user to launch the Active Sessions and Fault Management application.
This permission enables read access to OMS parameters using Parameter Viewer.
Supported
Supported
Supported
Integrating Flexi Multiradio BTS LTE to NetAct Other management functions for Flexi Multiradio BTS LTE
Permission Name Operation
Manage
Description
This permission enables the user to launch the Parameter Editor and allows the user to change values for certain parameters.
Adaptation Support
Supported
Performance Monitor This permission enables read access to Supported
Management Performance Management operations.
Manage This permission enables manage Supported access to Performance Management
operations.
pmg Manage
Monitor
Configure
This permission allows for read/write access to all data in LDAP.
This permission allows read access to the HA and hardware fragment in LDAP.
This permission allows read/write access to LDAP fragments that are typically used when changing configuration data in LDAP.
Supported
Supported
Supported
RNW CM Monitor This permission enables read access to Ready
Management RNW CM Management operations.
Manage This permission enables manage Ready
access to RNW CM Management operations.
S3part Server Monitor This permission enables read access to Ready
Access S3part Server Access operations.
Manage This permission enables manage Ready
access to S3part Server Access operations.
State Handling Monitor This permission enables read access to Ready State Handling operations.
Manage This permission enables manage Ready
access to State Handling operations.
SW Version Monitor This permission enables read access to Supported SW Version operations.
Permission Name Operation
Manage
Description
This SWVersionmanage security permission enables the user to launch the SW Version Viewer application and perform operations such as View Current SW Sets and View Current Delivery.
Adaptation Support
Supported
User Authority Monitor This permission enables read access to Ready
Manager User Authority Manager operations.
Manage This permission enables manage Ready
access to User Authority Manager operations.
Active Sessions Monitor
Manage
This permission enables read access to Active Sessions operations in the Application Launcher, such as View Active Sessions.
This permission enables manage access to Active Sessions operations in the Application Launcher, such as Terminate Active Sessions.
Supported
Supported
Table 23: Supported LTE iOMS roles and permissions
Note:
•
Supported - The role and its corresponding permissions are supported in adaptation and LTE iOMS.•
Ready - The role and its corresponding permissions are provided in the adaptation only. This list of roles and permissions is applicable only to LTEGOMS root context.Integrating Flexi Multiradio BTS LTE to NetAct Disabling integration
7 Disabling integration
You must undo the network element integration in the following cases:
•
When there are big changes in the Flexi Multiradio BTS LTE after an upgrade•
When a rollback to a previous release (Flexi Multiradio BTS LTE or NetAct) is required•
When it is necessary to undo the current integration•
When Flexi Multiradio BTS LTE must be removed from NetAct•
When Flexi Multiradio BTS LTE is moved to another NetAct or NMS; for this case, steps 3-11 are not requiredThis procedure disables integration of NetAct and LTE iOMS. If LTE iOMS is integrated to another NetAct, then it will unregister from the previous NetAct but leave topology, alarms, and measurements behind.
Before disabling Flexi Multiradio BTS LTE, ensure that a backup of the configuration is available. For more information, see Deleting eNB from NetAct.