HP A7533A - Brocade 4Gb SAN Switch Base Administrator's Manual page 75
Hp storageworks fabric os 6.1.1 administrator guide (5697-0235, december 2009)
Hide thumbs
Also See for A7533A - Brocade 4Gb SAN Switch Base:
- Administrator's manual (576 pages) ,
- Hardware reference manual (256 pages) ,
- User manual (248 pages)
Table of Contents
Advertisement
To add the Brocade attribute to the server:
Create and save the file $PREFIX/etc/raddb/dictionary.brocade with the following information:
1.
#
# Brocade FabricOS 5.0.1 dictionary
#
VENDOR
Brocade
#
# attribute 1 defined to be Brocade-Auth-Role
# string defined in user configuration
#
ATTRIBUTE Brocade-Auth-Role
This defines the Brocade vendor ID as 1588, the Brocade attribute 1 as Brocade-Auth-Role, and it is a
string value.
2.
Open the file $PREFIX/etc/raddb/dictionary in a text editor and add the line:
$INCLUDE dictionary.brocade
As a result, the file dictionary.brocade is located in the RADIUS configuration directory and loaded for
use by the RADIUS server.
To create the user:
•
Open the $PREFIX/etc/raddb/user file in a text editor and add user names and roles for users who will
be accessing the switch and authenticating RADIUS.
The user will log in using the role specified with Brocade-Auth-Role. The valid roles include Root, Admin,
SwitchAdmin, ZoneAdmin, SecurityAdmin, BasicSwitchAdmin, FabricAdmin, Operator and User. You
must use quotation marks around "password" and "role".
For example, to set up an account called JohnDoe with the Admin role:
JohnDoe Auth-Type := Local, User-Password == "johnPassword" Brocade-Auth-Role =
"admin"
The next example uses the local system password file to authenticate users.
JohnDoe Auth-Type := System, Brocade-Auth-Role = "admin"
When you use Network Information Service (NIS) for authentication, the only way to enable
authentication with the password file is to force the switch to authenticate using Password Authentication
Protocol (PAP); this requires the -a pap option with the aaaConfig command.
Clients are the switches that will use the RADIUS server; each client must be defined. By default, all IP
addresses are blocked.
4/256 SAN Director and DC SAN Backbone Director (short name, DC Director) models send their
RADIUS requests using the IP address of the active CP. When adding clients, add both the active and
standby CP IP addresses so that, in the event of a failover, users can still log in to the switch.
To enable clients:
1.
Open the $PREFIX/etc/raddb/client.config file in a text editor and add the switches that are to be
configured as RADIUS clients.
For example, to configure the switch at IP address 10.32.170.59 as a client:
client 10.32.170.59
secret
= Secret
shortname
= Testing Switch
nastype
= other
In this example, shortname is an alias used to easily identify the client and secret is the shared secret
between the client and server. Make sure the shared secret matches that configured on the switch (see
"To add a RADIUS server to the switch
1588
1
string
Brocade
configuration:" on page 81).
Fabric OS 6.1.1 administrator guide
75
Advertisement
Table of Contents
