Fabric OS Administrator's Guide v7.0.0 (53-1002148-02, June 2011)
Fabric OS Administrator’s Guide 111
53-1002148-02
The authentication model using RADIUS and LDAP
5
FIGURE 17 Example of the dictiona.dcm file
c. When selecting items from the Add Return List Attribute, select Brocade-Auth-Role and
type the string Admin. The string will equal the role on the switch.
d. Add the Brocade profile.
e. In RSA Authentication Manager, edit the user records that will be authenticating using RSA
SecurID.
LDAP configuration and Microsoft Active Directory
LDAP provides user authentication and authorization using the Microsoft Active Directory service in
conjunction with LDAP on the switch. There are two modes of operation in LDAP authentication,
FIPS mode and non-FIPS mode. This section discusses LDAP authentication in non-FIPS mode. For
more information on LDAP in FIPS mode, refer to Chapter 7, “Configuring Security Policies”. The
following are restrictions when using LDAP in non-FIPS mode:
• There is no password change through Active Directory.
• There is no automatic migration of newly created users from the local switch database to
Active Directory. This is a manual process explained later.
• Only IPv4 is supported for LDAP on Windows 2000 and LDAP on Windows Server 2003. For
LDAP on Windows Server 2008, both IPv4 and IPv6 are supported.
• LDAP authentication is used on the local switch only and not for the entire fabric.
#######################################################################
# dictiona.dcm
#######################################################################
# Generic Radius
@radius.dct
#
# Specific Implementations (vendor specific)
#
@3comsw.dct
@aat.dct
@acc.dct
@accessbd.dct
@agere.dct
@agns.dct
@airespace.dct
@alcatel.dct
@altiga.dct
@annex.dct
@aptis.dct
@ascend.dct
@ascndvsa.dct
@axc.dct
@bandwagn.dct
@brocade.dct <-------