Users Guide

ManualsBrandsDell ManualsComputer equipmentBrocade M5424

171

172

173

174

175

176

177

178

179

180

176 Fabric OS Administrator’s Guide

53-1002920-02

Remote authentication

ATTRIBUTE Brocade-Auth-Role 1 string Brocade

ATTRIBUTE Brocade-AVPairs1 2 string Brocade

ATTRIBUTE Brocade-AVPairs2 3 string Brocade

ATTRIBUTE Brocade-AVPairs3 4 string Brocade

ATTRIBUTE Brocade-AVPairs4 5 string Brocade

ATTRIBUTE Brocade-Passwd-ExpiryDate 6 string Brocade

ATTRIBUTE Brocade-Passwd-WarnPeriod 7 string Brocade

This information defines the Brocade vendor ID as 1588, Brocade attribute 1 as

Brocade-Auth-Role, Brocade attribute 6 as Brocade-Passwd-ExpiryDate, and Brocade attribute

7 as Brocade-Passwd-WarnPeriod.

2. Open the file $PREFIX/etc/raddb/dictionary in a text editor and add the line:

$INCLUDE dictionary.brocade

As a result, the file dictionary.brocade is located in the RADIUS configuration directory and

loaded for use by the RADIUS server.

Creating the user

1. Open the $PREFIX/etc/raddb/user file in a text editor.

2. Add the user names and their permissions for users accessing the switch and authenticating

through RADIUS.

The user logs in using the permissions specified with Brocade-Auth-Role. The valid permissions

include root, admin, switchAdmin, zoneAdmin, securityAdmin, basic SwitchAdmin, fabricAdmin,

operator, and user. You must use quotation marks around “password” and “role”.

Example of adding a user name to the RADIUS authentication

For example, to set up an account called JohnDoe with admin permissions with a password

expiry date of May 28, 2008 and a warning period of 30 days:

JohnDoe Auth-Type := Local

User-Password == "johnPassword",

Brocade-Auth-Role = "admin",

Brocade-Passwd-ExpiryDate = "05/28/08",

Brocade-Passwd-WarnPeriod = "30"

Example of using the local system password to authenticate users

The following example uses the local system password file to authenticate users.

When you use network information service (NIS) for authentication, the only way to enable

authentication with the password file is to force the Brocade switch to authenticate using Password

Authentication Protocol (PAP); this requires the

-a pap

option with the

aaaConfig

command.

Enabling clients

Clients are the switches that will use the RADIUS server; each client must be defined. By default, all

IP addresses are blocked.

Auth-Type := System

Brocade-Auth-Role = "admin",

Brocade-AVPairs1 = "HomeLF=70",

Brocade-AVPairs2 = "LFRoleList=admin:2,4-8,70,80,128",

Brocade-AVPairs3 = "ChassisRole=switchadmin",

Brocade-Passwd-ExpiryDate = "11/10/2008",

Brocade-Passwd-WarnPeriod = "30"