HP StorageWorks Fabric OS 6.x administrator guide (5697-7344, March 2008)

68 Managing user accounts

Managing Fabric OS users on the RADIUS server

All existing Fabric OS mechanisms for managing local switch user accounts and passwords remain

functional when the switch is configured to use the remote authentication dial-in user service (RADIUS).

Changes made to the local switch database do not propagate to the RADIUS server, nor do the changes

affect any account on the RADIUS server.

Windows 2000 IAS

For example, to configure a Windows 2000 internet authentication service (IAS) server to use VSA to pass

the Admin role to the switch in the dial-in profile, the configuration specifies the Vendor code (1588),

Vendor-assigned attribute number (1), and attribute value (admin), as shown in the following:

Vendor type 1 1 octet, Brocade-Auth-Role; valid attributes for the Brocade-Auth-Role

are:

SwitchAdmin

ZoneAdmin

FabricAdmin

BasicSwitchAdmin

Operator

User

Admin

2 Optional: Specifies the Admin Domain member list. For more

information, see ”RADIUS configuration and Admin Domains” on

page 69.

Brocade-AVPairs1

3 Brocade-AVPairs2

4 Brocade-AVPairs3

5 Brocade-AVPairs4

Vendor length 2 or higher 1 octet, calculated by server, including vendor-type and vendor-length

Attribute-specific

data

ASCII

string

Multiple octet, maximum 253, indicating the name of the assigned

role and other supported attribute values such as Admin Domain

member list.

Table 13 Syntax for VSA-based account roles (continued)

Item Value Description