3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide
HWTACACS Configuration Commands 313
user-name-format Syntax
user-name-format { with-domain | without-domain }
View
HWTACACS view
Parameter
with-domain: Specifies to send the username with domain name to the TACACS
server..
without-domain: Specifies to send the username without domain name to the
TACACS server.
Description
Use the user-name-format command to configure the username format sent to
the TACACS server.
By default, HWTACACS scheme acknowledges that the username sent to it
includes ISP domain name.
The supplicants are generally named in userid@isp-name format. The part
following the @ sign is the ISP domain name, according to which the security
gateway assigns a user to the corresponding ISP domain. However, some earlier
TACACS servers reject the user name including ISP domain name. In this case, the
user name is sent to the TACACS server after its domain name is removed.
Accordingly, the security gateway provides this command to decide whether the
username is sent to the TACACS server, carrying ISP domain name or not.
n
If a HWTACACS scheme is configured to reject usernames including ISP domain
names, the TACACS scheme shall not be simultaneously used in more than one ISP
domains. Otherwise, the TACACS server will regard two users in different ISP
domains as the same user by mistake, if they have the same username (excluding
their respective domain names.)
Related command: hwtacacs scheme.
Example
# Specify to send the username without domain name to the HWTACACS scheme
"3com".
[SecBlade_FW-hwtacacs-3com] user-name-format without-domain