Table 15 Authentication Configuration Options - HP SN3000B Administrator's Manual
Brocade fabric os administrator's guide - supporting fabric os v7.0.1 (53-1002446-01, march 2012)
Hide thumbs
Also See for SN3000B:
- Troubleshooting manual (138 pages) ,
- Reference manual (70 pages) ,
- Quickspecs (21 pages)
Table of Contents
Advertisement
5
The authentication model using RADIUS and LDAP
To enable the secure LDAP service, you need to install a certificate from the Microsoft Active
Directory server. By default, the LDAP service does not require certificates.
The configuration applies to all switches and on a Backbone the configuration replicates itself on a
standby CP blade if one is present. It is saved in a configuration upload and applied in a
configuration download.
It is recommended to configure at least two RADIUS or LDAP servers so that if one fails, the other
will assume service. Up to five are supported.
You can set the configuration with either RADIUS or LDAP service and local authentication enabled
so that if the RADIUS or LDAP servers do not respond due to power failure or network problems, the
switch uses local authentication.
Consider the effects of the use of RADIUS or LDAP service on other Fabric OS features. For
example, when RADIUS or LDAP service is enabled, all account passwords must be managed on
the RADIUS or LDAP server. The Fabric OS mechanisms for changing switch passwords remain
functional; however, such changes affect only the involved switches locally. They do not propagate
to the RADIUS or LDAP server, nor do they affect any account on the RADIUS or LDAP server.
RADIUS and LDAP servers also support notifying users of expiring passwords.
When RADIUS or LDAP is set up for a fabric that contains a mix of switches with and without
RADIUS or LDAP support, the way a switch authenticates users depends on whether a RADIUS or
LDAP server is set up for that switch. For a switch with RADIUS or LDAP support and configuration,
authentication bypasses the local password database. For a switch without RADIUS or LDAP
support or configuration, authentication uses the switch's local account names and passwords.
Table 15
TABLE 15
aaaConfig options
--authspec "local"
--authspec "radius"
--authspec "radius;local"
--authspec "radius;local" --backup Authenticates management connections
98
outlines the aaaConfig command options used to set up the authentication mode.
Authentication configuration options
Description
Default setting. Authenticates management
connections against the local database only.
If the password does not match or the user is
not defined, the login fails.
Authenticates management connections
against any RADIUS databases only.
If the RADIUS service is not available or the
credentials do not match, the login fails.
Authenticates management connections
against any RADIUS databases first.
If RADIUS fails for any reason, authenticates
against the local user database.
against any RADIUS databases. If RADIUS fails
because the service is not available, it then
authenticates against the local user database.
The --backup option directs the service to try
the secondary authentication database only if
the primary authentication database is not
available.
Equivalent setting in Fabric
OS v5.1.0 and earlier
radius
switchdb
--
--
Off
On
On
Off
not
not
supported
supported
On
On
Fabric OS Administrator's Guide
53-1002446-01
1
Advertisement
Table of Contents
