104 Fabric OS Administrator’s Guide
53-1002446-01
The authentication model using RADIUS and LDAP
5
# attributes
#
ATTRIBUTE Brocade-Auth-Role 1 string Brocade
ATTRIBUTE Brocade-AVPairs1 2 string Brocade
ATTRIBUTE Brocade-AVPairs2 3 string Brocade
ATTRIBUTE Brocade-AVPairs3 4 string Brocade
ATTRIBUTE Brocade-AVPairs4 5 string Brocade
ATTRIBUTE Brocade-Passwd-ExpiryDate 6 string Brocade
ATTRIBUTE Brocade-Passwd-WarnPeriod 7 string Brocade
This defines the Brocade vendor ID as 1588, the Brocade attribute 1 as Brocade-Auth-Role
and 6 as Brocade-Passwd-ExpiryDate, both are string values. The Brocade attribute 7 as
Brocade-Passwd-WarnPeriod, and it is an integer value.
2. Open the file $PREFIX/etc/raddb/dictionary in a text editor and add the line:
$INCLUDE dictionary.brocade
As a result, the file dictionary.brocade is located in the RADIUS configuration directory and
loaded for use by the RADIUS server.
Creating the user
1. Open the $PREFIX/etc/raddb/user file in a text editor.
2. Add the user names and their permissions for users accessing the switch and authenticating
through RADIUS.
The user will log in using the permissions specified with Brocade-Auth-Role. The valid
permissions include Root, Admin, SwitchAdmin, ZoneAdmin, SecurityAdmin,
BasicSwitchAdmin, FabricAdmin, Operator and User. You must use quotation marks around
“password” and “role”.
Example of adding a user name to the RADIUS authentication
For example, to set up an account called JohnDoe with Admin permissions with a password
expiry date of May 28, 2008 and a warning period of 30 days:
JohnDoe Auth-Type := Local
User-Password == "johnPassword",
Brocade-Auth-Role = "admin",
Brocade-Auth-Role = “admin”,
Brocade-Passwd-ExpiryDate = “05/28/08”,
Brocade-Passwd-WarnPeriod = 30
Example of using the local system password to authenticate users
The next example uses the local system password file to authenticate users.
When you use network information service (NIS) for authentication, the only way to enable
authentication with the password file is to force the Brocade switch to authenticate using
password authentication protocol (PAP); this requires the -a pap option with the aaaConfig
command.
swadmin
Auth-Type := System
Brocade-Auth-Role = "admin",
Brocade-AVPairs1 = "HomeLF=70",
Brocade-AVPairs2 = "LFRoleList=admin:2,4-8,70,80,128",
Brocade-AVPairs3 = "ChassisRole=switchadmin",
Brocade-Passwd-ExpiryDate = "11/10/2008",
Brocade-Passwd-WarnPeriod = "30"
To Next Page
Loading...
Need help?
General