Huawei Quidway S8500 Series Command Manual page 952

Command Manual – Security
Quidway S8500 Series Routing Switches
Parameter
with-domain: Specifies that the domain name is taken along with the username that
will be sent to the TACACS server.
without-domain: Specifies that no domain name is taken along with the username that
will be sent to the TACACS server.
Description
Use the user-name-format command to set the username format acceptable to the
TACACS server.
For a HWTACACS scheme, each username sent to a TACACS server contains a
domain name by default.
Username is usually in the "userid@isp-name" format, with the ISP domain name
following "@". The switch uses domain names to group users to different ISP domains.
While some earlier TACACS servers do not accept the username with domain name. In
this case, you must remove the domain name before sending a username to the server.
Note:
When you specify that no ISP domain name is contained in usernames for a
HWTACACS scheme, this scheme cannot be used in two or more ISP domains at the
same time; otherwise, errors may occur because the TACACS server considers users
in different ISP domains but with the same name as one user.
Related command: hwtacacs scheme.
Example
# Specify that no domain name is taken along with the username that will be sent out
with the HWTACACS scheme huawei.
[Quidway-hwtacacs-huawei] user-name-format without-domain
Chapter 2 AAA and RADIUS/HWTACACS Protocol
Huawei Technologies Proprietary
2-66
Configuration Commands