HP A7533A - Brocade 4Gb SAN Switch Base Administrator's Manual page 74

Each user group should be associated with a specific switch login role. For example, you should
configure a user group for root, admin, factory, switchadmin, and user, and then add any users whose
logins you want to associate to the appropriate group.
• Configuring the server
To enable CHAP:
From the Windows Start menu, select Programs > Administrative Tools > Local Security
1.
Policy to open the Local Security Settings window.
2. In the Local Security Settings window, expand the Account Policies folder and select the Password
Policy folder.
From the list of policies in the Password Policy folder, right-click Store password using reversible
3.
encryption for all users in the domain, and select Security from the pop-up menu.
4. An additional Local Security Settings window appears. Click the Enabled radio button and then click
OK.
To configure users:
From the Windows Start menu, select Programs > Administrative Tools > Computer
1.
Management to open the Computer Management window.
2. In the Computer Management window, expand the Local Users and Groups folder and select the
Groups folder.
Right-click the Groups folder and select New Group from the pop-up menu.
3.
In the New Group window, provide a Name and Description for the group and click Add.
4.
5. In the Select Users or Groups window, select the user (who should already have been configured) you
want to add to the group and click Add.
Repeat this for every user you want to add. When you have completed adding all users, click OK.
6.
7. In the New Group window, verify the users you added in
click Create to create this group.
The new groups are created for each login type (admin, switchAdmin, user).
To configure the RADIUS server:
From the Windows Start menu, select Programs > Administrative Tools > Internet
1.
Authentication Service to open the Internet Authentication Service window.
2. In the Internet Authentication Service window, right-click the Clients folder and select New
Client from the pop-up menu.
A client is the device that uses the RADIUS server; in this case, it is the switch.
3. In the Add Client window, provide the following:
Friendly name—The friendly name should be an alias that is easily recognizable as the switch to
which you are connecting.
Protocol—Select RADIUS as the protocol.
4. In the Add RADIUS Client window, provide the following:
Client address (IP or DNS)—Enter the IP address of the switch.
Client-Vendor—Select RADIUS Standard.
Shared secret—Provide a password. Shared secret is a password used between the client device
and server to prevent IP address spoofing by unwanted clients. Keep your shared secret password in a
safe place. You will need to enter this password in the switch configuration.
After clicking Finish, repeat
used.
5. In the Internet Authentication Service window, right-click the Remote Access Policies folder; then select
New Remote Access Policy from the pop-up window.
A remote access policy must be created for each login role (Root, Admin, Factory, SwitchAdmin, and
User) for which you want to use RADIUS. Apply this policy to the user groups that you already created.
74 Managing user accounts
step 2 through step 4 for all switches on which RADIUS authentication will be
step 4 appear in the Members field; then