H3C S3100 Series Command Manual page 482

Command Manual (For Soliton) – AAA
H3C S3100 Series Ethernet Switches
View
HWTACACS scheme view
Parameters
with-domain: Specifies to include ISP domain names in the usernames to be sent to
TACACS server.
without-domain: Specifies to exclude ISP domain names from the usernames to be
sent to TACACS server.
Description
Use the user-name-format command to set the format of the usernames to be sent to
TACACS server.
By default, the usernames sent to TACACS server in a HWTACACS scheme carry ISP
domain names.
Note that:
Generally, an access user is named in the userid@isp-name format. Here,
isp-name behind the @ character represents the ISP domain name, by which the
device determines which ISP domain a user belongs to. However, some old
TACACS servers cannot accept the usernames that carry ISP domain names. In
this case, it is necessary to remove domain names from usernames before
sending usernames to TACACS server. For this reason, the user-name-format
command is designed for you to specify whether or not ISP domain names are
carried in the usernames to be sent to TACACS server.
For a HWTACACS scheme, if you have specified to exclude ISP domain names
from usernames, you should not use this scheme in more than one ISP domain.
Otherwise, such errors may occur: the TACACS server regards two different users
having the same name but belonging to different ISP domains as the same user
(because the usernames sent to it are the same).
Related commands: hwtacacs scheme.
Examples
# Specify to exclude ISP domain names from the usernames to be sent to TACACS
server in HWTACACS scheme hwt1.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] hwtacacs scheme hwt1
[Sysname-hwtacacs-hwt1] user-name-format without-domain
Chapter 1 AAA Configuration Commands
1-82