Fabric OS Administrator's Guide v7.0.0 (53-1002148-02, June 2011)

ManualsBrandsHP ManualsSoftwareHP StorageWorks ISL quick loop

141

142

143

144

145

146

147

148

149

150

Fabric OS Administrator’s Guide 107

53-1002148-02

The authentication model using RADIUS and LDAP

Example of using the local system password to authenticate users

The next example uses the local system password file to authenticate users.

When you use network information service (NIS) for authentication, the only way to enable

authentication with the password file is to force the Brocade switch to authenticate using

password authentication protocol (PAP); this requires the -a pap option with the aaaConfig

command.

Enabling clients

Clients are the switches that will use the RADIUS server; each client must be defined. By default, all

IP addresses are blocked.

The Brocade enterprise-class platforms send their RADIUS requests using the IP address of the

active CP. When adding clients, add both the active and standby CP IP addresses so that, in the

event of a failover, users can still log in to the switch.

1. Open the $PREFIX/etc/raddb/client.config file in a text editor and add the switches that are to

be configured as RADIUS clients.

For example, to configure the switch at IP address 10.32.170.59 as a client:

client 10.32.170.59

secret = Secret

shortname = Testing Switch

nastype = other

In this example, shortname is an alias used to easily identify the client. Secret is the shared

secret between the client and server. Make sure the shared secret matches that configured on

the switch (see “Adding a RADIUS or LDAP server to the switch configuration” on page 115).

2. Save the file $PREFIX/etc/raddb/client.config then start the RADIUS server as follows:

$PREFIX/sbin/radiusd

Configuring RADIUS server support with Windows 2000

The instructions for setting up RADIUS on a Windows 2000 server are listed here for your

convenience but are not guaranteed to be accurate for your network environment. Always check

with your system administrator before proceeding with setup.

NOTE

All instructions involving Microsoft Windows 2000 can be obtained from www.microsoft.com or your

Microsoft documentation. Confer with your system or network administrator prior to configuration

for any special needs your network environment may have.

swadmin

Auth-Type := System

Brocade-Auth-Role = "admin",

Brocade-AVPairs1 = "HomeLF=70",

Brocade-AVPairs2 = "LFRoleList=admin:2,4-8,70,80,128",

Brocade-AVPairs3 = "ChassisRole=switchadmin",

Brocade-Passwd-ExpiryDate = "11/10/2008",

Brocade-Passwd-WarnPeriod = "30"