Creating Fabric Os User Accounts - HP AE370A - Brocade 4Gb SAN Switch 4/12 Administrator's Manual

Creating Fabric OS user accounts

With RADIUS servers, set up user accounts by their true network wide identity rather than by the account
names created on a Fabric OS switch. Along with each account name, assign appropriate switch access
roles.
RADIUS supports all the defined RBAC roles described in
Users must enter their assigned RADIUS account name and password when logging in to a switch that has
been configured with RADIUS. After the RADIUS server authenticates a user, it responds with the assigned
switch role in a
"user" role is assigned. If no Administrative Domain is assigned then they are assigned to the default
Admin Domain AD0.
The syntax used for assigning VSA-based account switch roles on a RADIUS server is described in
Table 14.
Table 14 Syntax for VSA-based account roles
Item
Type
Length
Vendor ID
Vendor type
Vendor length
Attribute-specific data
Vendor-Specific Attribute
Value Description
26 1 octet
7 or higher 1 octet, calculated by the server
1588 4 octet, Brocade's SMI Private Enterprise Code
1 1 octet, Brocade-Auth-Role; valid attributes for the
Brocade-Auth-Role are:
SwitchAdmin
ZoneAdmin
FabricAdmin
BasicSwitchAdmin
Operator
User
Admin
2 Optional: Specifies the Admin Domain member list. See
"RADIUS configuration and admin domains" on page
Brocade-AVPairs1
3 Brocade-AVPairs2
4 Brocade-AVPairs3
5 Brocade-AVPairs4
2 or higher 1 octet, calculated by server, including vendor-type and
vendor-length
ASCII string multiple octet, maximum 253, indicating the name of assigned
role and other supported attribute values such as Admin
Domain member list.
Table 9
(VSA). If the response does not have a VSA role assignment, the
on page 55.
69.
Fabric OS 5.2.x administrator guide 67