Deployment Guide

ManualsBrandsDell ManualsserversDell Brocade 6520

131

132

133

134

135

136

137

138

139

140

Managing User Accounts

● User accounts overview ............................................................................................... 133

● Local database user accounts...................................................................................... 137

● Local user account database distribution......................................................................140

● Password policies......................................................................................................... 140

● The boot PROM password............................................................................................144

● Remote authentication.................................................................................................. 148

User accounts overview

In addition to the default permissions assigned to the roles of root, factory, admin, and user, Fabric OS

supports up to 252 additional user accounts on the chassis. These accounts expand your ability to track

account access and audit administrative activities.

Each user account is associated with the following:

• Admin Domain list -- Specifies the Administrative Domains to which a user account is allowed to log

in.

• Home Admin Domain -- Specifies the Admin Domain that the user is logged in to by default. The

home Admin Domain must be a member of the user’s Admin Domain list.

• Permissions -- Associate roles with each user account to determine the functional access levels

within the bounds of the user’s current Admin Domain.

• Virtual Fabric list -- Specifies the Virtual Fabric a user account is allowed to log in to.

• Home Virtual Fabric -- Specifies the Virtual Fabric that the user is logged in to, if available. The home

Virtual Fabric must be a member of the user’s Virtual Fabric list. If the fabric ID is not available, the

next-lower valid fabric ID is used.

• LF Permission List -- Determines functional access levels within the bounds of the user’s Virtual

Fabrics.

• Chassis role -- Similar to switch-level roles, but applies to a different subset of commands.

NOTE

Admin Domains are mutually exclusive from Virtual Fabrics permissions when you set up user

accounts. You will need to set up different user accounts for each feature.You cannot have Admin

Domain mode and Virtual Fabrics mode enabled at the same time.

For more information about Admin Domains, refer to Managing Administrative Domains on page 455.

For more information about Virtual Fabrics, refer to Managing Virtual Fabrics on page 267.

Fabric OS provides four options for authenticating users: remote RADIUS service, remote LDAP

service, remote TACACS+ service, and the local-switch user database. All options allow users to be

managed centrally by means of the following methods:

• Remote RADIUS service : Users are managed in a remote RADIUS server. All switches in the fabric

can be configured to authenticate against the centralized remote database.

• Remote LDAP service : Users are managed in a remote LDAP server. All switches in the fabric can

be configured to authenticate against the centralized remote database. The remote LDAP server can

run Microsoft Active Directory or OpenLDAP.

Fabric OS Administrators Guide

133

53-1003130-01