HP StorageWorks Fabric OS 6.x administrator guide (5697-7344, March 2008)
Fabric OS 6.x administrator guide 67
To set the switch authentication mode:
1. Connect to the switch and log in using an admin account.
2. Enter this command:
switch:admin> aaaConfig --authspec [“radius” | “ldap” | “radius;local” |
“ldap;local” --backup]
Creating Fabric OS user accounts
RADIUS and LDAP servers allow you to set up user accounts by their true network-wide identity rather than
by the account names created on a Fabric OS switch. With each account name, assign the appropriate
switch access roles.
RADIUS and LDAP support all the defined RBAC roles described in Table 8 on page 54.
Users must enter their assigned RADIUS or LDAP account name and password when logging in to a switch
that has been configured with RADIUS or LDAP. After the RADIUS or LDAP server authenticates a user, it
responds with the assigned switch role in a Brocade Vendor-Specific Attribute (VSA). If the response does
not have a VSA role assignment, the User role is assigned. If no Administrative Domain is assigned, then
the user is assigned to the default Admin Domain AD0.
The syntax used for assigning VSA-based account switch roles on a RADIUS server is described in
Table 13.
--authspec “ldap” Authenticates management connections
against any LDAP database(s) only. If
LDAP service is not available or the
credentials do not match, the login fails.
n/a n/a
--authspec “ldap; local” Authenticates management connections
against any LDAP database first. If
LDAP fails for any reason, authenticates
against the local user database.
n/a On
1. Fabric OS 5.1.0 and earlier aaaConfig --switchdb <on | off> setting.
Table 12 Authentication configuration options (continued)
aaaConfig options Description Equivalent setting in Fabric
OS 5.1.0 and earlier
--radius --switchdb
1
Table 13 Syntax for VSA-based account roles
Item Value Description
Type 26 1 octet
Length 7 or higher 1 octet, calculated by the server
Vendor ID 1588 4 octet, Brocade's SMI Private Enterprise Code