Creating A Group - HP SN3000B Administrator's Manual
Brocade fabric os administrator's guide - supporting fabric os v7.0.1 (53-1002446-01, march 2012)
Hide thumbs
Also See for SN3000B:
- Troubleshooting manual (138 pages) ,
- Reference manual (70 pages) ,
- Quickspecs (21 pages)
Table of Contents
Advertisement
5
The authentication model using RADIUS and LDAP
3. Create a group name that uses the switch's role name so that the Active Directory group's
4. Associate the user to the group by adding the user to the group.
5. Add the user's Administrative Domains or Virtual Fabrics to the CN_list by either editing the
Creating a user
To create a user in Active Directory, refer to www.microsoft.com or Microsoft documentation. There
are no special attributes to set. You can use a fully qualified name for logging in, for example you
can log in as "user@domain.com".
Creating a group
To create a group in Active Directory, refer to www.microsoft.com or Microsoft documentation. You
will need to verify that the group has the following attributes:
•
•
•
•
•
Assigning the group (role) to the user
To assign the user to a group in Active Directory, refer to www.microsoft.com or Microsoft
documentation. You will need to verify that the user has the following attributes:
•
110
For instructions on how to create a user, refer to www.microsoft.com or Microsoft
documentation to create a user in your Active Directory.
name is the same as the switch's role name.
or
Use the ldapCfg -–maprole ldap_role_name switch_role command to map an LDAP server role
to one of the default roles available on the switch.
For instructions on how to create a user refer to www.microsoft.com or Microsoft
documentation to create a user in your Active Directory.
adminDescription value or adding the brcdAdVfData attribute to the existing Active Directory
schema.
This action maps the Admin Domains or Virtual Fabrics to the user name. Multiple Admin
Domains can be added as a string value separated by the underscore character ( _ ). Virtual
Fabrics are added as a string value separate by a colon ( , ) and entered as a range.
The name of the group has to match the RBAC role.
The Group Type must be Security.
The Group Scope must be Global.
The primary group in the AD server should not be set to the group corresponding to the switch
role. You can choose any other group.
If the user you created is not a member of the Users OU then the User Principal Name, in the
format of "user@domain", is required to login.
Update the memberOf field with the login permissions (Root, Admin, SwitchAdmin, User, etc.)
that the user must use to log in to the switch.
or
If you have a user-defined group, then use the ldapCfg -–maprole ldap_role_name switch_role
command to map an LDAP server permissions to one of the default roles available on a switch.
Fabric OS Administrator's Guide
53-1002446-01
Advertisement
Table of Contents
