Reference Guide

ManualsBrandsDell ManualsAccess PlatformsBrocade G620

161

162

163

164

165

166

167

168

169

170

NOTE

The combination of “peap-mschapv2” and IPv6 when used together, rejects RADIUS authentication. PEAP with IPv4

succeeds. Combination of PEAP-MSCHAPv2 and IPv6 is not supported and hence blocked during configuration.

Configuring RADIUS server support with Linux

The following procedures work for FreeRADIUS on Solaris and Red Hat Linux. FreeRADIUS is a freeware RADIUS server that you can

find at the following website:

http://www.freeradius.org

Follow the installation instructions at the website. FreeRADIUS runs on Linux (all versions), FreeBSD, NetBSD, and Solaris. If you make a

change to any of the files used in this configuration, you must stop the server and restart it for the changes to take effect.

FreeRADIUS installation places the configuration files in $PREFIX/etc/raddb . By default, the PREFIX is /usr/local .

Configuring RADIUS service on Linux consists of the following tasks:

∙ Adding the Brocade attributes to the server

∙ Creating the user

∙ Enabling clients

Adding the Brocade attributes to the server

1. Create and save the file $PREFIX/etc/raddb/dictionary.brocade with the following information:

# dictionary.brocade

VENDOR Brocade 1588

# attributes

ATTRIBUTE Brocade-Auth-Role 1 string Brocade

ATTRIBUTE Brocade-AVPairs1 2 string Brocade

ATTRIBUTE Brocade-AVPairs2 3 string Brocade

ATTRIBUTE Brocade-AVPairs3 4 string Brocade

ATTRIBUTE Brocade-AVPairs4 5 string Brocade

ATTRIBUTE Brocade-Passwd-ExpiryDate 6 string Brocade

ATTRIBUTE Brocade-Passwd-WarnPeriod 7 string Brocade

This information defines the Brocade vendor ID as 1588, Brocade attribute 1 as Brocade-Auth-Role, Brocade attribute 6 as

Brocade-Passwd-ExpiryDate, and Brocade attribute 7 as Brocade-Passwd-WarnPeriod.

2. Open the file $PREFIX/etc/raddb/dictionary in a text editor and add the line:

$INCLUDE dictionary.brocade

As a result, the file dictionary.brocade is located in the RADIUS configuration directory and loaded for use by the RADIUS

server.

Creating the user

1. Open the $PREFIX/etc/raddb/user file in a text editor.

2. Add the user names and their permissions for users accessing the switch and authenticating through RADIUS.

The user logs in using the permissions specified with Brocade-Auth-Role. The valid permissions include root, admin,

switchAdmin, zoneAdmin, securityAdmin, basic SwitchAdmin, fabricAdmin, operator, and user. You must use quotation marks

around "password" and "role".

Managing User Accounts

Brocade Fabric OS Administration Guide, 8.0.1

53-1004111-02 167