Ldap Configuration And Microsoft's Active Directory - HP A7533A - Brocade 4Gb SAN Switch Base Administrator's Manual
Hp storageworks fabric os 6.x administrator guide (5697-0015, may 2009)
Hide thumbs
Also See for A7533A - Brocade 4Gb SAN Switch Base:
- Administrator's manual (576 pages) ,
- Hardware reference manual (256 pages) ,
- User manual (248 pages)
Table of Contents
Advertisement
In the Add Remote Access Policy window, enter an easily identifiable Policy friendly name that will
6.
enable you to see the switch login for which the policy is being created; then click Next.
7.
After the Add Remote Access Policy window refreshes, click Add.
8.
In the Select Attribute window, select Windows Groups and click Add.
In the Groups window, click Add.
9.
10.
In the Select Groups window, select the user-defined group for which you are creating a policy and
click Add. After adding all appropriate groups, click OK. In the Groups window, click OK.
1 1.
In the Add Remote Access Policy window, confirm that the Conditions section displays the group(s) that
you selected and click Next.
After the Add Remote Access Policy window refreshes, select the Grant remote access
12.
permission radio button and click Next.
13.
After the Add Remote Access Policy window refreshes again, click Edit Profile.
14.
In the Edit Dial-in Profile window, click the Authentication tab and check only the Encrypted
Authentication (CHAP) and Unencrypted Authentication (PAP, SPAP) checkboxes; then
click the Advanced tab and click Add.
In the Add Attributes window, select Vendor-Specific and click Add.
15.
16.
In the Multivalued Attribute Information window, click Add.
17.
In the Vendor-Specific Attribute Information window, click the Enter Vendor Code radio button and
enter the value 1588. Click the Yes. It conforms radio button, and then click Configure
Attribute....
In the Configure VSA (RFC compliant) window, enter the following values and click OK.
18.
Vendor-assigned attribute number—Enter the value 1.
Attribute format—Enter String.
Attribute value—Enter the login role (Root, Admin, SwitchAdmin, User, etc.) the user group must use
to log in to the switch.
19.
In the Multivalued Attribute Information window, click OK.
20.In the Edit Dial-in Profile window, remove all additional parameters (except the one you just added,
"Vendor-Specific") and click OK.
In the Add Remote Access Policy window, click Finish.
21.
After returning to the Internet Authentication Service window, repeat
additional policies for all login types for which you want to use the RADIUS server. After this is done, you
can configure the switch.
LDAP configuration and Microsoft's Active Directory
LDAP provides user authentication and authorization using Microsoft's Active Directory service in
conjunction with LDAP on the switch. The following are restrictions when using LDAP:
•
In Fabric OS 6.x there will be no password change through Active Directory.
•
There is no automatic migration of newly created users from local switch database to Active Directory.
This is a manual process explained later.
•
LDAP authentication is used on the local switch only and not for the entire fabric.
Roles for users can be added through the Microsoft Management Console. Groups created in Active
Directory must correspond directly to the RBAC user roles on the switch. Role assignments can be achieved
by including the user in the respective group. A user can be assigned to multiple groups like Switch Admin
and Security Admin. For more information on RBAC roles, see
on page 56.
NOTE:
www.microsoft.com. Confer with your network administrator prior to configuration for any special
needs your network environment may have.
All instructions involving Microsoft's Active Directory can be obtained from
step 5
through
step 21
"Using Role-Based Access Control
Fabric OS 6.x administrator guide
to add
(RBAC)"
75
Advertisement
Table of Contents
Troubleshooting
