04 02 OS90314EN51GLA01 Defining NetAct Users Exercise

OSS OSS 5.1 5.1 CD1 CD1 Admini Admi nistr str ation 1 OS9031EN51GLA00

Defini fi ning ng NetAct tA ct Users Exercis Exercis e Document

© Nokia Siemens Networks Issue 1.2

1 (33)

Defining NetAct Users

The information in this document is subject to change without notice and describes only the product defined in the introduction of this documentation. This documentation is intended for the use of Nokia Siemens Networks customers only for the purposes of the agreement under which the document is submitted, and no part of it may be used, reproduced, modified or transmitted in any form or means without the prior written permission of Nokia Siemens Networks. The documentation has been prepared to be used by professional and properly trained personnel, and the customer assumes full responsibility when using it. Nokia Siemens Networks welcomes customer comments as part of the process of continuous development and improvement of the documentation. The information or statements given in this documentation concerning the suitability, capacity, or performance of the mentioned hardware or software products are given “as is” and all liability arising in connection with such hardware or software products shall be defined conclusively and finally in a separate agreement between Nokia Siemens Networks and the customer. However, Nokia Siemens Networks Networks has made all reasonable efforts to ensure that the instructions contained in the document are adequate and free of material errors and omissions. Nokia Siemens Networks will, if deemed necessary by Nokia Siemens Networks, explain issues which may not be covered by the document. Nokia Siemens Networks will correct errors in this documentation as soon as possible. IN NO EVENT WILL NOKIA SIEMENS NETWORKS BE LIABLE FOR ERRORS IN THIS DOCUMENTATION OR FOR ANY DAMAGES, INCLUDING BUT NOT LIMITED TO SPECIAL, DIRECT, INDIRECT, INCIDENTAL OR CONSEQUENTIAL OR ANY LOSSES, SUCH AS BUT NOT LIMITED TO LOSS OF PROFIT, REVENUE, BUSINESS INTERRUPTION, BUSINESS OPPORTUNITY OR DATA,THAT MAY ARISE FROM THE USE OF THIS DOCUMENT OR THE INFORMATION IN IT. This documentation and the product it describes are considered protected by copyrights and other intellectual property rights according to the applicable laws. The wave logo is a trademark of Nokia Siemens Networks Oy. Nokia is a registered trademark of Nokia Corporation. Siemens is a registered trademark of Siemens AG. AG. Other product names mentioned in this document may be trademarks of their respective owners, and they are mentioned for identification purposes only. Copyright © Nokia Siemens Networks 2012. All rights reserved.

2 (33)



The information in this document is subject to change without notice and describes only the product defined in the introduction of this documentation. This documentation is intended for the use of Nokia Siemens Networks customers only for the purposes of the agreement under which the document is submitted, and no part of it may be used, reproduced, modified or transmitted in any form or means without the prior written permission of Nokia Siemens Networks. The documentation has been prepared to be used by professional and properly trained personnel, and the customer assumes full responsibility when using it. Nokia Siemens Networks welcomes customer comments as part of the process of continuous development and improvement of the documentation. The information or statements given in this documentation concerning the suitability, capacity, or performance of the mentioned hardware or software products are given “as is” and all liability arising in connection with such hardware or software products shall be defined conclusively and finally in a separate agreement between Nokia Siemens Networks and the customer. However, Nokia Siemens Networks Networks has made all reasonable efforts to ensure that the instructions contained in the document are adequate and free of material errors and omissions. Nokia Siemens Networks will, if deemed necessary by Nokia Siemens Networks, explain issues which may not be covered by the document. Nokia Siemens Networks will correct errors in this documentation as soon as possible. IN NO EVENT WILL NOKIA SIEMENS NETWORKS BE LIABLE FOR ERRORS IN THIS DOCUMENTATION OR FOR ANY DAMAGES, INCLUDING BUT NOT LIMITED TO SPECIAL, DIRECT, INDIRECT, INCIDENTAL OR CONSEQUENTIAL OR ANY LOSSES, SUCH AS BUT NOT LIMITED TO LOSS OF PROFIT, REVENUE, BUSINESS INTERRUPTION, BUSINESS OPPORTUNITY OR DATA,THAT MAY ARISE FROM THE USE OF THIS DOCUMENT OR THE INFORMATION IN IT. This documentation and the product it describes are considered protected by copyrights and other intellectual property rights according to the applicable laws. The wave logo is a trademark of Nokia Siemens Networks Oy. Nokia is a registered trademark of Nokia Corporation. Siemens is a registered trademark of Siemens AG. AG. Other product names mentioned in this document may be trademarks of their respective owners, and they are mentioned for identification purposes only. Copyright © Nokia Siemens Networks 2012. All rights reserved.

2 (33)


Contents

Contents 1

List Li st User Management Tool s ............... ...................... ............... ............... ............... ............... ............... ............5 ....5

2

Creatin g a New Netact User ............... ...................... ............... ............... .............. ............... ............... ..............6 .......6

2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 2.9 2.10 2.11 2.12 2.13 2.14 2.15 2.16

Overview .......................................................... ............................ .............................. ........................................6 ............................. ...........6 Creating a new group...............................................................................7 Attaching a role to a group ..................................................... ......................... ..............................................8 ..................8 Adding a scope to the group-role group-rol e combination .........................................9 ........................... ..............9 Running an POSIX reconciliation...........................................................10 Creating a user.......................................................................................11 Viewing the completed requests ....................................................... .......................... ..................................13 .....13 Changing the password..........................................................................14 Changing the user's primary group ........................................................ ............................ ............................15 15 Running a GUIS reconciliation ....................................................... ......................... .............................. ........16 Adding a user to a GUIS group ......................................................... ........................... .............................. .....18 Granting profiles and views to a group...................................................20 Adding a user to a secondary group ...................................................... .......................... ............................22 22 Making MML sessions available for a new user.....................................23 Creating a service user .......................................................... ............................. .............................................24 ................24 Connecting a maintenance region service user to a POSIX group ....................................................... ......................... .............................. ...............................................25 ............................. ..................25

3

Checking User Data Data in L DAP and and i n Ac tiv e Direct Direct ory ....... ........... ........ ....... ....... ....26 26

4

Deletin g user and acc oun ts .............. ...................... ................ ............... ............... ............... ............... ............27 ....27

5

Runnin g repor ts w ith NetAc t Ac cou nt Manager ........ ............ ....... ....... ........ ....... ....... .....28 .28

6

Managin g or phan acco unt s..................... s............................ ............... ............... ............... ............... ..............3 .......31 1

6.1

Searching for orphan accounts ...................................................... ......................... .....................................31 ........31

7

Basic Troub leshoo tin g: Fail to Create Create a New User ....... ........... ....... ....... ........ ........ .....32 .32


3 (33)


Summary of changes IIssue 1.2 metadata

4 (33)

2011-Dec-16 Frank-Christian Schröder

corrected title and


Defining NetAct User

1

List User Management Tools In this exercise you will need to list all Netact applications used in user management and mention the usage of every application. 1. Application name: 

2.

Function:

Application name: 

Function:

3. Application name: 

Function:

4. Application name: 

Function:

5. …. 6. ….


5 (33)


2

Creating a New Netact User

2.1

Overview In this exercise you create a new user and a new group that has access only to the BSS elements. The TLUI will be visible on the NetAct Start. The following list tells you the necessary steps to accomplish this and the tools used in each step. Creating a new us er

1.

Create a group. (Permission Manager)

2.

Attach a role to the group. (Permission Manager)

3.

Add a scope to the group-role combination. (Permission Manager)

4.

Run POSIX reconciliation. (Account Manager)

5.

Create a user and a user account. (Account Manager)

6.

Change the password (it must be identical in all clusters). (Account Manager)

7.

Assign the POSIX primary group to the user. (Account Manager)

8.

Run a GUIS reconciliation (Account Manager)

9.

Assign the required GUIS groups to the user. (Account Manager)

10.

Grant profiles and views to the group. (User Group Profiles)

11.

If needed, add the user account to the groups other than the primary group. (Permission Manager)

12.

Create a service user. (Service User Management)

13.

Connect the MR service user to the group. (Service User Management)

See next pages for details steps.

6 (33)



2.2

Creatin g a new group A new group is created in the LDAP.

Figure 1.

Creating a new group

Groups are created by administrators. When creating a NetAct group, you must define the group name. The group is then inserted into the data repository. The role 'Common NetAct' allows the users to launch the NetAct Account Manager application (for example, to change their own password). Creating a new group

1.

Open the Permission Manager if not opened already.

2.

From the Operations menu, select New Group…

3.

In the New Group dialog, enter the name of the group. The name must be exactly six characters long.

4.

Click Create.


7 (33)


2.3

Attachin g a role to a group This information is updated in the LDAP. At tac hing a group t o a ro le

1.


2.

Click the Groups tab.

3.

Select the group that you have created.

4.

In the Roles, Permission s and Scopes view, click At tac h/Det ach Roles .

5.

In the Available roles list box, select the role Network Ad mi ni st rat or . For more information on which permissions are granted to each role, see the NED.

8 (33)

6.

To move the selected role to the Selected roles list box, click the right-arrow icon.

7.

Click Save.



2.4

Adding a scop e to the group-rol e comb ination This information is updated in the LDAP. Addi ng a sc ope to the group-role combin ation

1.


2.

Select the group that you have created.

3.

From the Roles, Permissions and Scopes view, select the role Network Administrator .

4.

Click Edit Scope… button.

5.

Select the Maintenance Region you want to manage and click the right-arrow icon, so that the Maintenance Region is visible in the right side of the window.

6.

Click Save.


9 (33)


2.5

Runni ng an POSIX recon cil iation The POSIX reconciliation fetches account and group information from the LDAP to ITIM. Running a POSIX reconciliation

1.

Go to the NetAct Start at https:///netact. From the Administration folder select NetAct Accoun t Manager . You are prompted for your user name and password.

2.

Log in as itim manager . The Ac co un t Manager user interface opens.

3.

Click Provisioning .

4.

Click POSIX.

5.

Click Reconciliation .

6.

Check the check box next to any of the scheduled reconciliation tasks and click Run .

7.

Click Run . The Reconciliation Units List page opens. On this page, you can add more reconciliation units, modify or run the existing ones, or delete them.

8.

?

Check the progress and status of your request by clicking Home and either View Pending Requests or View Completed Requests in the task bar.

Question: What is the purpose of reconciliation? An sw er:

?

Question: In what kind of situation you should run reconciliation? An sw er:

10 (33)



2.6

Creating a user When creating a user, the NetAct Account Manager creates three accounts for the user: POSIX, GUIS and ITIM service. The POSIX and ITIM service accounts are created in the Netscape Directory Server, and the GUIS account is created in the Windows Active Directory. Creating a user

1.

Open the NetAct Accou nt Manager if not opened already.

2.

In the Main Menu Navigation bar, click My Organisation .

3.

Click Ad d .

4.

Select Person from the Type of Person t o Add drop-down menu and click Submit .

5.

Fill in the desired personal and corporate information.

6.

The required fields are marked with a red asterisk. On the My Organization main screen, the users are organized based on the Full Name field. If you fill in any information in the User ID field, it will be used to create the user name for the user. Otherwise, the user name is created based on the user's first and last name.

Figure 2.

Creating a user


11 (33)


7.

Click Submit . The Schedule date to add new person page opens.

8.

To schedule the creation immediately, click Submit or select an effective time and date, and then click Submit . The new user information is now stored in the Netscape Directory Server.

Figure 3: User accounts

?

12 (33)

Question: What is the purpose of different accounts? An sw er:



2.7

Viewing the completed requests Click Home and either View Pending Requests or View Completed Requests in the task bar. The information is fetched from the LDAP repository.

Figure 4: View Completed Request

?

Question: What information do you get from View Completed Requests for

your account creation?

An sw er:


13 (33)


2.8

Changing the password When creating the user the Account Manager does not give a password to the new user. Therefore this step is needed. Change the user's password in the LDAP and Active Directory with the following procedure.

Figure 5.

Changing the password

Changing t he password

1.

Click the name of the user whose password you want to change.

2.

Click Manage passwords .

3.

Type the new password.

Note

Do not tick the Create password box. 4. Click Submit .

14 (33)



2.9

Changing the user's primary group This information is updated in the LDAP. Before changing the user’s primary group check the Primary group and Groups settings in the Account Manager for the user that you have created. What are the group settings right after the user creation? Changing t he user's primary group

1.

In the Ac co unt Man ager , click My Organisation .

2.

Click the name of the user whose account you want to modify. A list of options appears.

3.

Select Manage Account s . The Account Management page opens.

4.

Click the name of the POSIX account (that is, the service account created for the POSIX service). The Modify Account page opens.

5.

Next to the Primary Group field, click Search .

6.

Insert an asterisk (*) to the search field and click Search .

7.

Select the group that you have created and click Ad d an d Done .

8.

Click Submit . The Modify Service page opens.

9.

Select Schedule Immediately if it is not already selected, and click Submit .

10.


To verify that the necessary configurations have been done, you should now see the following two links in the new user’s home directory: l r wxr wxr wx 1 r oot r oot 35 Mar 13 14: 57 conf - > / et c/ opt / noki a/ oss/ conf / gr oup/ sysop l r wxr wxr wx 1 r oot r oot 36 Mar 13 14: 57 vi ew - > / et c/ opt / noki a/ oss/ cust om/ vi ew/ sysop


15 (33)


2.10

Running a GUIS recon cil iation The purpose of the GUIS reconciliation is to synchronize the NetAct Account Manager with the Windows Active Directory information. Running a GUIS reconciliation

1.

Click Provisioning .

2.

Click GUIS.

3.

Click Reconciliation .

4.

Check the check box next to any of the scheduled reconciliation tasks and click Run .

5.


Figure 6.

16 (33)

Running a GUIS reconciliation



Figure 7.

The GUIS Menu


17 (33)


2.11

Addin g a user to a GUIS group This procedure updates the group information in the Windows Active Directory. We want the new user to be able to use the Top Level User Interface (TLUI) and other Motif-X applications. These applications are started from the GUIS. Therefore, we have to add the user to the GUIS group that has a permission to use the TLUI. To find out which groups have this permission, see the document Managing Users, in NED. Add a new user to the Monitoring Engineer GUIS group in the Account Manager.

?

Question: Before that login to the NetAct Start as a user that you have just

created. Try to open the Top Level User Interface. What happens?

An sw er:

Addi ng a user to a GUIS gr oup

1.

Open the NetAct Ac co un t Man ager from NetAct Start page if not opened already.

2.

Select My Organisation .

3.

Select the user you have created.

4.

Click Manage Account .

5.

Click the User ID of the GUIS service.

6.

From the Group information, click Search and select Monitoring Engineer . Click Ad d and Done.

7.

Click Submit .


18 (33)



Figure 8.

Adding a user to a GUIS group


19 (33)


2.12

Grantin g profiles and views to a group These changes are stored in the Oracle database. Granting prof iles and views to a group

1.

Open the User Group Profiles application from the NetAct Start page.

2.

Select the desired group from the list.

3.

From the Ac ti on menu, select View/Profil e Management .

Figure 9.

20 (33)

Granting profiles and views to a group



Figure 10.

View/Profile Management of a Group

4.

Select guiman in the Ap pl ic ati on s window and other in the Profiles window. This way you allow the users in the other profile to be able to use the Top Level User Interface.

5.

Repeat the same modifications for guiloc application.

6.

To set views for a group, select the default view (Default.vie) from the Av ailabl e list box and click the right-arrow icon. The default view is now visible in the Selected list box.

7.

Click Modify .

8.

Exit the User Group Profiles application.


21 (33)


2.13

Adding a user to a secondary gro up The information on the user and the group is updated in the LDAP. When users are added to groups, they automatically receive all the permissions of those groups.

22 (33)

1.

Open the Permission Manager.

2.

Click the Groups tab.

3.

Select a group that is not the primary group of the user that you have created.

4.

Click the Group users view, if it is not already active.

5.

In the Available users list box, select the user you have created.

6.

To move the selected user to the Selected Users list box, click the right-arrow icon.

7.

Click Save.

8.

In the Account Manager check what are the user’s Groups for the POSIX account. If only the primary group is listed, you need to run the POSIX reconciliation to refresh the information in the Account Manager.



2.14

Making MML sessions available for a new user

Making MML sessions available for a new user

1.

Log into a Connectivity Server as the omc user.

2.

Go to the directory $ETCROOT/ copspf / conf

3.

Take a backup of the cnxdcnmx.cf file by copying the file to the $NMSCUSTOMDI R directory: [omc]$ cp -p cnxdcnmx.cf $NMSCUSTOMDIR/cnxdcnmx.cf.backup

4.

Open the cnxdcnmx. cf file by entering the edi t c f command.

5.

Add the new user group to the BSC node.

6.

Save the changes and close the file.

7.

Re-read the configuration file by entering $OMCROOT/bin/cnxreconfigmx.perl.





This script performs two functions. Firstly, it starts the cnxcheckdcnmx.pl script and ensures that the syntax of the cnxdcnmx.cf file is correct. If errors are found, re-reading is cancelled. Secondly, it searches for the c4xcsxmx Connection Server process and displays a notice listing the process found and its process identifier (PID) An example is listed below.

Checki ng Connecti on Server ’ s DCN conf i gur ati on f i l e Fi l e OK Pr ocess c4xcsxmx was f ound. Pi d i s <12345> Reconf i gur at i on wi t h cur r ent conf i gur at i on f i l e ( Y/ N) ?

8.

Type y and press ENTER. The process re-reads the configuration file and the new settings take effect


23 (33)


2.15

Creatin g a service user The service user information is stored in the Oracle database. Creating a service user

1.

Under the Administration task of the NetAct Start page, select Service User Management .

2.

Login as an omc user.

3.

Select File  New .

4.

Fill in the fields and click OK .

Figure 11.

24 (33)

Creating a service user



2.16

Connecting a maintenance region service user to a POSIX group

Connecting a maintenance region service user to a group

1.

In the Service User Management , select File  Disconnect/Connect .

2.

Select the group you have created in the Groups list. Then choose the maintenance region to which this group will have access.

3.

Select the Service User you have just created from the available MR Servic e Users .

4.

Click Connect .

5.

Click Close.

6.

Click Update to update the information in the network.

Figure 12.

Connecting a maintenance region service user to a group


25 (33)


3

Checking User Data in LDAP and in Active Directory Open Jxplorer from NetAct Start Ad mi ni st rat io n category. Check your newly created accounts with JXplorer.

1. What information is stored in LDAP directory for POSIX account? An sw er:

2. What information is stored in LDAP directory for ITIM Service account? An sw er:

3. What information is stored in Active Directory for GUIS account? An sw er:

26 (33)



4

Deleting user and accounts Deleting the user and checkin g results

Delete the user you have created in these exercises. Instructions can be found in NED. Perform the search with keywords Deleting users . 1. Was deletion successful? See Completed Request in Account Manager. An sw er:

2. Check the user account information in LDAP. Were your user accounts (POSIX, ITIM Service) removed from LDAP? An sw er:

3. What is the difference in "Deleting user accounts" and "Deleting users"? An sw er:


27 (33)


5

Running reports with NetAct Account Manager TASK: Run an Operation Report for your user account activities using

NetAct Account Manager reporting functionality.

Figure 13: Account Manager Reports

Instructions can be found in Help of NetAct Account Manager.

28 (33)



Figure 14: Reports Help

Perform the search with keywords report types . Scroll down in the help page and search help how to run an Operation Report. Run an Operation Report using Ac co unt A dd as an operation. 1. Was your report creation successful? An sw er:

2.

What kind of information you can see in your report?

An sw er:


29 (33)


An example of running report:

Figure 15: example of running report

An example report::

Figure 16: example of a report

30 (33)



6

Managing orphan accounts

6.1

Searching for orphan accounts In this exercise, we will practise the searching for orphan accounts with NetAct Account Manager. We will also analyse which orphan accounts could be deleted and which not. Note

Don’t delete any orphan account without asking from the trainer. There are several orphan Oracle accounts which are necessary for NetAct. They should’t be deleted! See instructions in NED. Use key words orphan account . 1. How can you check if there are orphan accounts in NetAct? An sw er:

2. What kind of orphan accounts you can see in NetAct? An sw er:

3. Which orphan accounts should not be deleted and why? An sw er:


31 (33)


7

Basic Troubleshooting: Fail to Create a New User Please keep in mind that you access the system wit h very high privi leges. So please be very careful wh en performing any action on the system. Always think about the implications o f the actio n you are going to perform next. If you are not sur e, please ask your trainer. Thank you.

Overview

In this exercise, you create a new user account using NetAct Account Manager. Verify whether you’re able to create all new user accounts successfully. If not, you should be able to describe the problem, find the root of cause by analysing the log files and find the clues in NED, and solve the problem. You should be able to create a new user account successfully.

Please wait until your trainer asks you to proceed with the exercise. And also tell your trainer if you have found the solution. 1. Start the NetAct™ Account Manager and log in as user itim manager. 2. Create a new user with the User ID user. 3. Check if the creation was successful. 4. If not, start the troubleshooting.

32 (33)


04 02 OS90314EN51GLA01 Defining NetAct Users Exercise

Recommend Documents