Table 18 Syntax For Vsa-Based Account Roles - HP StoreFabric SN6500B Administrator's Manual
Fabric os administrator's guide, 7.1.0 (53-1002745-02, march 2013)
Hide thumbs
Also See for StoreFabric SN6500B:
- Update manual (9 pages) ,
- Administrator's manual (108 pages) ,
- Quickspecs (24 pages)
Table of Contents
Advertisement
RADIUS, LDAP, and TACACS+ support all the defined RBAC roles described in
page 134.
Users must enter their assigned RADIUS, LDAP, or TACACS+ account name and password when
logging in to a switch that has been configured with remote authentication. After the remote
authentication (RADIUS, LDAP, or TACACS+) server authenticates a user, it responds with the
assigned switch role in a Brocade Vendor-Specific Attribute (VSA). If the response does not have a
VSA permissions assignment, the user role is assigned. If no Administrative Domain is assigned,
then the user is assigned to the default Admin Domain AD0.
You can set a user password expiration date and add a warning for RADIUS login and TACACS+
login. The password expiry date must be specified in UTC and in MM/DD/YYYY format. The
password warning specifies the number of days prior to the password expiration that a warning of
password expiration notifies the user. You either specify both attributes or none. If you specify a
single attribute or there is a syntax error in the attributes, the password expiration warning will not
be issued. If your RADIUS server maintains its own password expiration attributes, you must set the
exact date twice to use this feature, once on your RADIUS server and once in the VSA attribute. If
the dates do not match, then the RADIUS server authentication fails.
Table 18
server.
TABLE 18
Item
Type
Length
Vendor ID
Vendor type
Vendor length
Attribute-specific data
Fabric OS Administrator's Guide
53-1002745-02
describes the syntax used for assigning VSA-based account switch roles on a RADIUS
Syntax for VSA-based account roles
Value
26
1 octet
7 or higher
1 octet, calculated by the server
1588
1
Admin
BasicSwitchAdmin
FabricAdmin
Operator
SecurityAdmin
SwitchAdmin
User
ZoneAdmin
2
Optional: Specifies the Admin Domain or Virtual Fabric member list. For
more information on Admin Domains or Virtual Fabrics, see
configuration with Admin Domains or Virtual Fabrics"
Brocade-AVPairs1
3
Brocade-AVPairs2
4
Brocade-AVPairs3
5
Brocade-AVPairs4
6
Brocade Password ExpiryDate
7
Brocade Password ExpiryWarning
2 or higher
1 octet, calculated by server, including vendor-type and vendor-length
ASCII string
Multiple octet, maximum 253, indicating the name of the assigned role and
other supported attribute values such as Admin Domain member list.
Description
4 octet, Brocade SMI Private Enterprise Code
1 octet, Brocade-Auth-Role; valid attributes for the Brocade-Auth-Role are:
Remote authentication
Table 12
on
"RADIUS
on page 155.
5
153
- Quick Links:
- Performing Basic Configuration Tasks
Hide quick links:
Advertisement
Table of Contents
