Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsSwitch4100
61626364656667686970
3-12 Fabric OS Administrator’s Guide
Publication Number: 53-0000518-09
Setting Up RADIUS AAA Service
3
To create the user
Open the $PREFIX/etc/raddb/user file in a text editor and add user names and roles for users who will
be accessing the switch and authenticating RADIUS. The user will log in using the role specified with
Brocade-Auth-Role. The valid roles include root, factory, admin, switchAdmin, and user. You must use
quotation marks around “password” and “role”.
For example, to set up an account called JohnDoe with the admin role:
The next example uses the local system password file to authenticate users. (This does not work when
using NIS for authentication. The only way to enable authentication with the password file is to force
the Brocade switch to authenticate using PAP; this requires the -a pap option with the aaaConfig
command.)
To enable clients
Clients are the switches that will be using the RADIUS server; each client must be defined. By default,
all IP addresses are blocked.
On dual-CP switches (SilkWorm 12000, 24000, and 48000), the switch sends its RADIUS request using
the IP address of the active CP. When adding clients, add both the active and standby CP IP addresses so
that users can still log in in the event of a failover.
1. Open the $PREFIX/etc/raddb/client.config file in a text editor and add the switches that are to be
configured as RADIUS clients. For example, to configure the switch at IP address 10.32.170.59 as
a client:
In this example, shortname is an alias used to easily identify the client. Secret is the shared secret
between the client and server. Make sure that the shared secret matches that configured on the
switch (see “To add a RADIUS server to the switch configuration” on page 3-16).
2. Save the file $PREFIX/etc/raddb/client.config; then start the RADIUS server as follows:
Windows 2000
Configuring RADIUS service on Windows 2000 consists of the following tasks:
Installing Internet Authentication Service (IAS)
For more information and instructions on installing IAS, refer to the Microsoft Web site.
JohnDoe Auth-Type := Local, User-Password == “johnPassword” Brocade-Auth-Role =
“admin”
JohnDoe Auth-Type := System, Brocade-Auth-Role = “admin”
client 10.32.170.59
secret = Secret
shortname = Testing Switch
nastype = other
$PREFIX/sbin/radiusd