Tacacs+ Service - HP StoreFabric SN6500B Administrator's Manual
Fabric os administrator's guide, 7.1.0 (53-1002745-02, march 2013)
Hide thumbs
Also See for StoreFabric SN6500B:
- Update manual (9 pages) ,
- Administrator's manual (108 pages) ,
- Quickspecs (24 pages)
Table of Contents
Advertisement
objectClass: uidObject
cn: Sachin
sn: Mishra
description: First user
brcdAdVfData: HomeLF=30;LFRoleList=admin:1-128;ChassisRole=admin
userPassword: pass
uid: mishras@mybrocade.com
The following command adds the user to the LDAP directory.
> ldapadd -D cn=Sachin,dc=mybrocade,dc=com -x -w secret -f test4.ldif
TACACS+ service
FabricOS can authenticate users with a remote server using the Terminal Access Controller
Access-Control System Plus (TACACS+) protocol. TACACS+ is a protocol used in AAA server
environments consisting of a centralized authentication server and multiple Network Access
Servers (NAS) or clients. Once configured to use TACACS+, a Brocade switch becomes a Network
Access Server (NAS).
The following authentication protocols are supported by the TACACS+ server for user
authentication:
•
•
TACACS+ is not a FIPS-supported protocol, so you cannot configure TACACS+ in FIPS mode. To
enable FIPS, any TACACS+ configuration must be removed.
The TACACS+ server can be a Microsoft Windows server or a LINUX server. For LINUX servers, use
TACACS+ 4.0.4 or later from Cisco. For Microsoft Windows servers, use any TACACS+ freeware that
uses TACACS+ protocol v1.78 or later.
TACACS+ configuration overview
Configuration is required on both the TACACS+ server and the Brocade switch. On the TACACS+
server, you should assign a role for each user and, if Admin Domains or Virtual Fabrics are in use,
provide lists of Admin Domains or Virtual Fabrics to which the user should have access. For details,
refer to
On the Brocade switch, use the aaaConfig command to configure the switch to use TACACS+ for
authentication. The aaaConfig command also allows you to specify up to five TACACS+ servers.
When a list of servers is configured, failover from one server to another server happens only if a
TACACS+ server fails to respond. It does not happen when user authentication fails.
Failover to another TACACS+ server is achieved by means of a timeout. You can configure a timeout
value for each TACACS+ server, so that the next server can be used in case the first server is
unreachable. The default timeout value is 5 seconds.
Retry is also allowed for each server. The default value is 5. If authentication is rejected or times
out, FabricOS will try again. The retry value can also be customized for each user.
Refer to
configuring the Brocade switch for authenticating users with a TACACS+ server.
Fabric OS Administrator's Guide
53-1002745-02
Password Authentication Protocol (PAP)
Challenge Handshake Authentication Protocol (CHAP)
"The tac_plus.cfg file"
"Remote authentication configuration on the switch"
on page 172.
Remote authentication
on page 174 for details about
5
171
- Quick Links:
- Performing Basic Configuration Tasks
Hide quick links:
Advertisement
Table of Contents
