Linux Freeradius Server; Radius Configuration And Admin Domains; Dictionary.brocade File Entries - HP A7533A - Brocade 4Gb SAN Switch Base Administrator's Manual
Hp storageworks fabric os 6.x administrator guide (5697-0015, may 2009)
Hide thumbs
Also See for A7533A - Brocade 4Gb SAN Switch Base:
- Administrator's manual (576 pages) ,
- Hardware reference manual (256 pages) ,
- User manual (248 pages)
Table of Contents
Advertisement
Linux FreeRadius server
For the configuration on a Linux FreeRadius server, define the following in a vendor dictionary file called
dictionary.brocade. Include the values outlined in
Table 14
dictionary.brocade file entries
Include
VENDOR
ATTRIBUTE
After you have completed the dictionary file, define the role for the user in a configuration file. For
example, to grant the user jsmith the Admin role, you would add the following statement to the
configuration file:
jsmithAuth-Type:= Local, User-Password == "jspassword"
Brocade-Auth-Role = "admin"
RADIUS configuration and Admin Domains
When configuring users with Admin Domains, you must also include the Admin Domain member list. This
section describes the way that you configure attribute types for this configuration.
The values for the new attribute types use the syntax key=val[;key=val], where key is a text description of
attributes, value is the attribute value for the given key, the equal sign (=) is the separator between key and
value, and the semi-colon (;) is an optional separator for multiple key-value pairs.
Multiple key-value pairs can appear for one Vendor-Type code. Key-value pairs with the same key name
may be concatenated across multiple Vendor-Type codes. You can use any combination of the Vendor-Type
codes to specify key-value pairs. Note that a switch always parses these attributes from Vendor-Type code
2 to Vendor-Type code 4.
Only two kinds of keys are accepted; all other keys are ignored. The following keys are accepted:
•
HomeAD is the designated home Admin Domain for the account. The valid value is between 0 to 255,
inclusive. The first valid HomeAD key-value pair is accepted by the switch, and any additional
HomeAD key-value pairs are ignored.
•
ADList is a comma-separated list of Administrative Domain numbers to which this account is a member.
Valid numbers range from 0 to 255, inclusive. A dash between two numbers specifies a range. Multiple
ADList key-value pairs within the same or across the different Vendor-Type codes are concatenated.
Multiple occurrences of the same AD number are ignored.
RADIUS authentication requires that the account have a valid role through the attribute type
Brocade-Auth-Role. The additional attribute values ADList and HomeAD are optional. If they are
unspecified, the account can log in with AD0 as its member list and home Admin Domain. If there is an
error in ADList or HomeAD specification, the account cannot log in until the AD list is corrected; an error
message is displayed.
For example, on a Linux FreeRadius Server, the user (user-za) with the following settings takes the
"ZoneAdmin" role, with AD member list: 1, 2, 4, 5, 6, 7, 8, 9, 12; the Home Admin Domain will be 1.
user-za Auth-Type := Local, User-Password == "password"
Brocade-Auth-Role = "ZoneAdmin",
Brocade-AVPairs1 = "ADList=1,2,6,
Brocade-AVPairs2 = "ADList=4-8;ADList=7,9,12"
In the next example, on a Linux FreeRadius Server, the user takes the "Operator" role, with ADList 1, 2, 4,
5, 6, 7, 8, 9, 12, 20 and homeAD 2.
user-opr
Brocade-Auth-Role = "operator",
Brocade-AVPairs1 = "ADList=1,2;HomeAD=2",
Brocade-AVPairs2 = "ADList=-4-8,20;ADList=7,9,12"
Key
Brocade
Brocade-Auth-Role
AdminDomain
Auth-Type := Local, User-Password == "password"
Table
14.
Value
1588
1 string Brocade
Fabric OS 6.x administrator guide
71
Advertisement
Table of Contents
Troubleshooting
