Configuring The Radius Server; Linux - HP A7533A - Brocade 4Gb SAN Switch Base Administrator's Manual
Hp storageworks fabric os 6.x administrator guide (5697-0015, may 2009)
Hide thumbs
Also See for A7533A - Brocade 4Gb SAN Switch Base:
- Administrator's manual (576 pages) ,
- Hardware reference manual (256 pages) ,
- User manual (248 pages)
Table of Contents
Advertisement
Configuring the RADIUS server
You must know the switch IP address, in either IPv4 or IPv6 notation, or name to connect to switches. Use
the ipAddrShow command to display a switch IP address.
For Directors (chassis-based systems), the switch IP addresses are aliases of the physical Ethernet interfaces
on the CP blades. When specifying client IP addresses for the logical switches in such systems, make sure
the CP blade IP addresses are used. For accessing both the active and standby CP blade, and for the
purpose of HA failover, both of the CP blade IP addresses should be included in the RADIUS server
configuration.
User accounts should be set up by their true network-wide identity, rather than by the account names
created on a Fabric OS switch. Along with each account name, the administrator should assign
appropriate switch access roles. To manage a fabric, these roles can be User, Admin, and SecurityAdmin.
When they log in to a switch configured with RADIUS, users enter their assigned RADIUS account names
and passwords at the prompt. After the RADIUS server authenticates a user, it responds with the assigned
switch role in a Brocade Vendor-Specific Attribute (VSA), as defined in the RFC. An Authentication-Accept
response without such VSA role assignment automatically assigns the user role.
The following sections describe how to configure a RADIUS server to support clients under different
operating systems.
Linux
The following procedures work for FreeRADIUS on Solaris and Red Hat Linux. FreeRADIUS is a freeware
RADIUS server that you can find at the following website:
www.freeradius.org
Follow the installation instructions at the web site. FreeRADIUS runs on Linux (all versions), FreeBSD,
NetBSD, and Solaris. If you make a change to any of the files used in this configuration, you must stop the
server and restart it for the changes to take effect.
FreeRADIUS installation places the configuration files in $PREFIX/etc/raddb. By default, the PREFIX is
/usr/local.
Configuring RADIUS service on Linux consists of the following tasks:
•
Adding the Brocade attribute to the server
•
Creating the user
•
Enabling clients
To add the Brocade attribute to the server:
1.
Create and save the file $PREFIX/etc/raddb/dictionary.brocade with the following information:
#
# Brocade FabricOS 5.0.1 dictionary
#
VENDOR
#
# attribute 1 defined to be Brocade-Auth-Role
# string defined in user configuration
#
ATTRIBUTE Brocade-Auth-Role
This defines the Brocade vendor ID as 1588, the Brocade attribute 1 as Brocade-Auth-Role, and it is a
string value.
2.
Open the file $PREFIX/etc/raddb/dictionary in a text editor and add the line:
$INCLUDE dictionary.brocade
As a result, the file dictionary.brocade is located in the RADIUS configuration directory and loaded for
use by the RADIUS server.
72
Managing user accounts
Brocade
1588
1
string
Brocade
Advertisement
Table of Contents
Troubleshooting
