Technical data

146 ServerIron ADX Administration Guide

53-1002434-01

Integrating RBM with RADIUS and TACACS+

Configuring the AAA server to authenticate RBM on a ServerIron ADX

The AAA server must be configured to authenticate RBM on the ServerIron ADX for RADIUS or

TACACS as shown in the following example for a typical CentOS LINUX operating system.

Configuring a RADIUS server to authenticate RBM

In the file “/usr/local/etc/raddb/users” a configuration such as the following must be added for

the RADIUS server to authenticate RBM. In particular, the settings for “SIContextRole” and

“SIRoleTemplate =” must reflect the settings in the specified RBM role template that has been

configured on the ServerIron ADX.

aaaserver1 Cleartext-Password : = "pass"

foundry-privilege-Level = 1,

SIContextRole = "c1+operator;c2+viewer;*c3+manager",

SIRoleTemplate = “brcd”

In this RADIUS server configuration, “*” specifies default pair. Where “*” is not present, the first

pair will be the default pair to be considered.

Configuring a TACACS+ server to authenticate RBM

In the file “/usr/local/etc/tacacs.conf” a configuration such as the following must be added for the

TACACS+ server to authenticate RBM. In particular, the settings for “brocade-context-role =” and

“brocade-role-temp1” must reflect the settings in the specified RBM role template.

user=brcd1 {

default server = permit

#member = admin

#Global password

global = cleartext “pass”

service = exec {

foundry-privlvl = 1

brocade-context-role = rad+viewer

brocade-role-templ = brcd