Contents
1 Introduction
This document describes how to create a local Operation and Maintenance (O&M) user account.
1.1 Prerequisites
This section describes the prerequisites, which must be fulfilled before using the procedure.
1.1.1 Conditions
The following conditions must apply:
- The user has sufficient access rights to perform the task, for example, the user has System Security Administrator role.
- The user is familiar with the security policy of the organization.
- An Ericsson Command-Line Interface (ECLI) session in Exec mode is in progress.
- The password policy is known.
- The account policy is known.
- The username (logon ID) for the new local user account is known. In this document, the username is joedoe.
2 Procedure
To create a local O&M user account:
- Navigate to the UserAccountM Managed
Object (MO), for example:
>dn ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,UserManagement=1,LocalAuthenticationMethod=1,UserAccountM=1
- Verify that no user account for username joedoe exists, for example:
(UserAccountM=1)>show UserAccount=joedoe
ERROR: Specific element not found
ECLI command for MO creation is identical to the ECLI command for changing the ECLI position to an existing MO. Therefore it is important to verify the uniqueness of the username before creation.
- Enter Config mode:
(UserAccountM=1)>configure
- Create the UserAccount MO,
for example:
(config-UserAccountM=1)>UserAccount=joedoe
- Note:
- joedoe is the username used at
logon.
Do not use any personal and sensitive data as username.
- Set the account policy for the account by giving a reference
to the appropriate AccountPolicy MO,
for example:
(config-UserAccount=joedoe)>accountPolicy="ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,UserManagement=1,LocalAuthenticationMethod=1,AccountPolicy=1"
- Set the password policy for the account by giving a reference
to the appropriate PasswordPolicy MO,
for example:
(config-UserAccount=joedoe)>passwordPolicy="ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,UserManagement=1,LocalAuthenticationMethod=1,PasswordPolicy=1"
- Set the full name of the user assigned to the account,
for example:
(config-UserAccount=joedoe)>userName=”John M. Doe”
- Note:
- This attribute contains a descriptive name of the user, not
the logon ID.
Do not use any personal and sensitive data, other than user real name in this attribute.
- Commit the settings:
(config-UserAccount=joedoe)>commit
- Is Role Based Access Control used to control user access
privileges?
Yes: Assign roles to the user, refer to Set User Roles for User Account. Proceed with the next step.
No: Proceed with the next step.
- Assign a password for the user, refer to Reset Password for User Account.
- Unlock the user account, refer to Unlock Administrative Lock for User Account.
- Verify the settings, for example:
(UserAccount=joedoe)>show -v
The following is an example output:
UserAccount=joedoe accountPolicy="ManagedElement=NODE06ST,⇒ SystemFunctions=1,SecM=1,UserManagement=1,⇒ LocalAuthenticationMethod=1,AccountPolicy=1" accountState=UNLOCKED <read-only> accountUsageState=UNUSED <read-only> administrativeState=UNLOCKED lastLoginTime="" <read-only> lockedTime="" <read-only> passwordChangedTime="20151110161432Z" <read-only> passwordFailureTimes=[] <empty> <read-only> passwordPolicy="ManagedElement=NODE06ST,⇒ SystemFunctions=1,SecM=1,UserManagement=1,⇒ LocalAuthenticationMethod=1,PasswordPolicy=1" passwordState=EXPIRED_MUSTCHANGE <read-only> roles ”SystemAdministrator” ”EricssonSupport” userAccountId="joedoe" userLabel=[] <empty> userName=”John M. Doe”