Deployment Guide

ManualsBrandsDell ManualsserversDell Brocade 5100

161

162

163

164

165

166

167

168

169

170

The following example sets the home Virtual Fabric for the userVF account to 30 and allows the

account admin role access to Virtual Fabrics 1, 3, and 4 and securityAdmin access to Virtual Fabrics 5

and 6.

user = userVF {

pap = clear "password"

service = shell {

set brcd-role = zoneAdmin

set brcd-AV-Pair1 = "homeLF=30;LFRoleList=admin:1,3,4;securityAdmin:5,6"

set brcd-AV-Pair2 = "chassisRole=admin"

}

Configuring the password expiration date

FabricOS allows you to configure a password expiration date for each user account and to configure a

warning period for notifying the user that the account password is about to expire. To configure these

values, set the following attributes:

• brcd-passwd-expiryDate sets the password expiration date in mm/dd/yyyy format.

• brcd-passwd-warnPeriod sets the warning period as a number of days.

The following example sets the password expiration date for the fosuser5 account. It also specifies that

a warning be sent to the user 30 days before the password is due to expire.

user = fosuser5 {

pap = clear "password"

chap = clear "password"

password = clear "password"

service = shell {

set brcd-role = securityAdmin

set brcd-passwd-expiryDate = 03/21/2014;

set brcd-passwd-warnPeriod = 30;

}

Configuring a Windows TACACS+ server

Fabric OS is compatible with any TACACS+ freeware for Microsoft Windows that uses TACACS+

protocol version v1.78. Refer to the vendor documentation for configuration details.

Remote authentication configuration on the switch

At least one RADIUS, LDAP, or TACACS+ server must be configured before you can enable a remote

authentication service. You can configure the remote authentication service even if it is disabled on the

switch. You can configure up to five RADIUS, LDAP, or TACACS+ servers. You must be logged in as

admin or switchAdmin to configure the RADIUS service.

NOTE

On dual-CP Backbones (Brocade DCX, DCX-4S, DCX 8510-4, and DCX 8510-8 devices), the switch

sends its RADIUS, LDAP, or TACACS+ request using the IP address of the active CP. When adding

clients, add both the active and standby CP IP addresses so that users can still log in to the switch in

the event of a failover.

RADIUS, LDAP, or TACACS+ configuration is chassis-based configuration data. On platforms

containing multiple switch instances, the configuration applies to all instances. The configuration is

persistent across reboots and firmware downloads. On a chassis-based system, the command must

replicate the configuration to the standby CP.

Configuring the password expiration date

Fabric OS Administrators Guide 169

53-1003130-01