Fabric OS Administrator's Guide v7.0.0 (53-1002148-02, June 2011)

ManualsBrandsHP ManualsSoftwareHP StorageWorks ISL quick loop

141

142

143

144

145

146

147

148

149

150

Fabric OS Administrator’s Guide 101

53-1002148-02

The authentication model using RADIUS and LDAP

Setting the switch authentication mode

1. Connect to the switch and log in using an account with admin permissions.

2. Enter the aaaConfig

--authspec command.

Fabric OS user accounts

RADIUS and LDAP servers allow you to set up user accounts by their true network-wide identity

rather than by the account names created on a Fabric OS switch. With each account name, assign

the appropriate switch access permissions. For LDAP servers, you can use the ldapCfg

-–maprole

<ldap_role name> <switch_role> command to map an LDAP server permissions.

RADIUS and LDAP support all the defined RBAC roles described in Table 11 on page 84.

--authspec “radius;local” --backup Authenticates management connections

against any RADIUS databases. If RADIUS fails

because the service is not available, it then

authenticates against the local user database.

The

--backup option directs the service to try

the secondary authentication database only if

the primary authentication database is not

available.

On On

--authspec “ldap” Authenticates management connections

against any LDAP databases only. If LDAP

service is not available or the credentials do

not match, the login fails.

n/a n/a

--authspec “ldap; local” Authenticates management connections

against any LDAP databases first. If LDAP fails

for any reason, it then authenticates against

the local user database.

n/a On

--authspec “ldap; local” --backup Authenticates management connections

against any LDAP databases first. If LDAP fails

for any reason, it then authenticates against

the local user database. The

--backup option

states to try the secondary authentication

database only if the primary authentication

database is not available.

n/a On

--authspec -nologout Prevents users from being logged out when

you change authentication. Default behavior is

to log users out when you change

authentication.

n/a n/a

1. Fabric OS v5.1.0 and earlier aaaConfig --switchdb <on | off> setting.

TABLE 15 Authentication configuration options (Continued)

aaaConfig options Description Equivalent setting in Fabric

OS v5.1.0 and earlier

--radius --switchdb