Fabric OS Administrator's Guide v7.0.0 (53-1002148-02, June 2011)

ManualsBrandsHP ManualsSoftwareHP StorageWorks ISL quick loop

151

152

153

154

155

156

157

158

159

160

Fabric OS Administrator’s Guide 113

53-1002148-02

The authentication model using RADIUS and LDAP

Creating a user

To create a user in Active Directory, refer to www.microsoft.com or Microsoft documentation. There

are no special attributes to set. You can use a fully qualified name for logging in, for example you

can log in as "user@domain.com".

Creating a group

To create a group in Active Directory, refer to www.microsoft.com or Microsoft documentation. You

will need to verify that the group has the following attributes:

• The name of the group has to match the RBAC role.

• The Group Type must be Security.

• The Group Scope must be Global.

• The primary group in the AD server should not be set to the group corresponding to the switch

role. You can choose any other group.

• If the user you created is not a member of the Users OU then the User Principal Name, in the

format of "user@domain", is required to login.

Assigning the group (role) to the user

To assign the user to a group in Active Directory, refer to www.microsoft.com or Microsoft

documentation. You will need to verify that the user has the following attributes:

• Update the memberOf field with the login permissions (Root, Admin, SwitchAdmin, User, etc.)

that the user must use to log in to the switch.

If you have a user-defined group, then use the ldapCfg -–maprole ldap_role_name switch_role

command to map an LDAP server permissions to one of the default roles available on a switch.

Adding an Admin Domain or Virtual Fabric list

1. From the Windows Start menu, select Programs> Administrative Tools> ADSI.msc

ADSI is a Microsoft Windows Resource Utility. This will need to be installed to proceed with the

rest of the setup. For Windows 2003, this utility comes with Service Pack 1 or you can

download this utility from the Microsoft website.

2. Go to CN=Users.

3. Right click on select Properties. Click the Attribute Editor tab.

4. Double-click the adminDescription attribute.

This opens the String Attribute Editor dialog box.

5. Perform the appropriate action based on whether you are using Administrative Domains or

Virtual Fabrics:

• If you are using Administrative Domains, enter the value of the Admin Domain separated

by an underscore ( _ ) into the Value field.

Example for adding Admin Domains

adlist_0_10_200_endAd