Users Guide

ManualsBrandsDell ManualsComputer equipmentBrocade M5424

181

182

183

184

185

186

187

188

189

190

190 Fabric OS Administrator’s Guide

53-1002920-02

Remote authentication

Retry, the number of attempts to authenticate with a TACAS+ server, is also allowed. The default

value is 5 attempts. If authentication is rejected or times out, Fabric OS will try again. The retry

value can also be customized for each user.

Refer to “Remote authentication configuration on the switch” on page 192 for details about

configuring the Brocade switch for authenticating users with a TACACS+ server.

Configuring the TACACS+ server on Linux

Fabric OS software supports TACACS+ authentication on a Linux server running the Open Source

TACACS+ LINUX package v4.0.4 from Cisco. To install and configure this software, perform the

following steps.

1. Download the TACACS+ software from http://www.cisco.com and install it.

2. Configure the TACACS+ server by editing the tac_plus.cfg file.

Refer to “The tac_plus.cfg file” for details.

3. Run the tac_plus daemon to start and enable the TACACS+ service on the server.

> tac_plus -d 16 /usr/local/etc/mavis/sample/tac_plus.cfg

The tac_plus.cfg file

The TACACS+ server is configured in the tac_plus.cfg file. Open the file by using the editor of your

choice and customize the file as needed.

You must add users into this file and provide some attributes specific to the Brocade

implementation. Table 25 lists and defines attributes specific to Brocade.

Adding a user and assigning a role

When adding a user to the tac_plus.cfg file, you should at least provide the brcd-role attribute. The

value assigned to this attribute should match a role defined for the switch. When a login is

authenticated, the role specified by the brcd-role attribute represents the permissions granted to

the account. If no role is specified, or if the specified role does not exist on the switch, the account

is granted user role permissions only.

Refer to “Role-Based Access Control” on page 152 for details about roles.

The following fragment from a tac_plus.cfg file adds a user named fosuser1 and assigns the

securityAdmin role to the account.

user = fosuser1 {

chap = cleartext "my$chap$pswrd"

pap = cleartext "pap-password"

service = exec {

TABLE 25 Brocade custom TACACS+ attributes

Attribute Purpose

brcd-role Role assigned to the user account

brcd-AV-Pair1 The Admin Domain or Virtual Fabric member list, and chassis role

brcd-AV-Pair2 The Admin Domain or Virtual Fabric member list, and chassis role

brcd-passwd-expiryDate The date on which the password expires

brcd-passwd-warnPeriod The time before expiration for the user to receive a warning message