Deployment Guide
secret = Secret
shortname = Testing Switch
nastype = other
In this example, shortname is an alias used to easily identify the client. Secret is the shared secret
between the client and server. Make sure the shared secret matches that configured on the switch
(refer to Adding an authentication server to the switch configuration on page 170).
2. Save the file $PREFIX/etc/raddb/client.config , and then start the RADIUS server as follows:
$PREFIX/sbin/radiusd
Configuring RADIUS server support with Windows 2000
The instructions for setting up RADIUS on a Windows 2000 server are listed here for your convenience
but are not guaranteed to be accurate for your network environment. Always check with your system
administrator before proceeding with setup.
NOTE
All instructions involving Microsoft Windows 2000 can be obtained from www.microsoft.com or your
Microsoft documentation. Confer with your system or network administrator prior to configuration for any
special needs your network environment may have.
Configuring RADIUS service on Windows 2000 consists of the following steps:
1. Installing Internet Authentication Service (IAS)
For more information and instructions on installing IAS, refer to the Microsoft website.
2. Enabling the Challenge Handshake Authentication Protocol (CHAP)
If CHAP authentication is required, then Windows must be configured to store passwords with
reversible encryption. Reverse password encryption is not the default behavior; it must be enabled.
NOTE
If a user is configured prior to enabling reverse password encryption, then the user’s password is
stored and cannot utilize CHAP. To use CHAP, the password must be re-entered after encryption is
enabled. If the password is not re-entered, then CHAP authentication will not work and the user will
be unable to authenticate from the switch.Alternatives to using CHAP are Password Authentication
Protocol (PAP), or PEAP-MSCHAPv2.
3. Configuring a user
IAS is the Microsoft implementation of a RADIUS server and proxy. IAS uses the Windows native
user database to verify user login credentials; it does not list specific users, but instead lists user
groups . Each user group should be associated with a specific switch role. For example, you should
configure a user group for root, admin, factory, switchAdmin, and user, and then add any users
whose logins you want to associate to the appropriate group.
4. Configuring the server
For more information and instructions on configuring the server, refer to the Microsoft website. You
will need the following information to configure the RADIUS server for a Brocade switch. A client is
the device that uses the RADIUS server; in this case, it is the switch.
a) For the Add RADIUS Client window, provide the following:
Client address (IP or DNS) -- Enter the IP address of the switch.
Client-Vendor -- Select RADIUS Standard .
Shared secret -- Provide a password. Shared secret is a password used between the client
device and server to prevent IP address spoofing by unwanted clients. Keep your shared
Configuring RADIUS server support with Windows 2000
Fabric OS Administrators Guide 157
53-1003130-01