Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsSwitch4100
61626364656667686970
Fabric OS Administrator’s Guide 3-11
Publication Number: 53-0000518-09
Setting Up RADIUS AAA Service
3
User accounts should be set up by their true network-wide identity, rather than by the account names
created on a Fabric OS switch. Along with each account name, the administrator should assign
appropriate switch access roles. To manage a nonsecure fabric, these roles can be user or admin. To
manage a secure fabric, these roles can be user, admin, or nonfcsadmin.
When they log in to a switch configured with RADIUS, users enter their assigned RADIUS account
names and passwords at the prompt. After RADIUS server authenticates a user, it responds with the
assigned switch role in a Brocade Vendor-Specific Attribute (VSA), as defined in the RFC. An
Authentication-Accept response without such VSA role assignment automatically assigns the user role.
The following sections describe how to configure a RADIUS server to support Brocade clients under
different operating systems.
Linux
The following procedures work for FreeRADIUS on Solaris and Red Hat Linux. FreeRADIUS is a
freeware RADIUS server that you can find at:
www.freeradius.org
Follow the installation instructions at the Web site. FreeRADIUS runs on Linux (all versions),
FreeBSD, NetBSD, and Solaris. If you make a change to any of the files used in this configuration, you
must stop the server and restart it for the changes to take effect.
FreeRADIUS installation places the configuration files in $PREFIX/etc/raddb. By default, the PREFIX
is /usr/local.
Configuring RADIUS service on Linux consists of the following tasks:
Adding the Brocade attribute to the server
Creating the user
Enabling clients
To add the Brocade attribute to the server
1. Create and save the file $PREFIX/etc/raddb/dictionary.brocade with the following information:
This defines the Brocade vendor ID as 1588, the Brocade attribute 1 as Brocade-Auth-Role, and it
is a string value.
2. Open the file $PREFIX/etc/raddb/dictionary in a text editor and add the line:
As a result, the file dictionary.brocade is located in the RADIUS configuration directory., and
loaded for use by the RADIUS server.
#
# Brocade FabricOS v5.0.1 dictionary
#
VENDOR Brocade 1588
#
# attribute 1 defined to be Brocade-Auth-Role
# string defined in user configuration
#
ATTRIBUTE Brocade-Auth-Role 1 string Brocade
$INCLUDE dictionary.brocade