Manualshelf

HP StorageWorks Fabric OS 6.1.1 administrator guide (5697-0235, December 2009)

ManualsBrandsHP ManualsStorageHP StorageWorks 4/32B SAN Switch
71727374757677787980
Fabric OS 6.1.1 administrator guide 75
To add the Brocade attribute to the server:
1. Create and save the file $PREFIX/etc/raddb/dictionary.brocade with the following information:
#
# Brocade FabricOS 5.0.1 dictionary
#
VENDOR Brocade 1588
#
# attribute 1 defined to be Brocade-Auth-Role
# string defined in user configuration
#
ATTRIBUTE Brocade-Auth-Role 1 string Brocade
This defines the Brocade vendor ID as 1588, the Brocade attribute 1 as Brocade-Auth-Role, and it is a
string value.
2. Open the file $PREFIX/etc/raddb/dictionary in a text editor and add the line:
$INCLUDE dictionary.brocade
As a result, the file dictionary.brocade is located in the RADIUS configuration directory and loaded for
use by the RADIUS server.
To create the user:
Open the $PREFIX/etc/raddb/user file in a text editor and add user names and roles for users who will
be accessing the switch and authenticating RADIUS.
The user will log in using the role specified with Brocade-Auth-Role. The valid roles include Root, Admin,
SwitchAdmin, ZoneAdmin, SecurityAdmin, BasicSwitchAdmin, FabricAdmin, Operator and User. You
must use quotation marks around “password” and “role.
For example, to set up an account called JohnDoe with the Admin role:
JohnDoe Auth-Type := Local, User-Password == "johnPassword" Brocade-Auth-Role =
"admin"
The next example uses the local system password file to authenticate users.
JohnDoe Auth-Type := System, Brocade-Auth-Role = "admin"
When you use Network Information Service (NIS) for authentication, the only way to enable
authentication with the password file is to force the switch to authenticate using Password Authentication
Protocol (PAP); this requires the -a pap option with the aaaConfig command.
Clients are the switches that will use the RADIUS server; each client must be defined. By default, all IP
addresses are blocked.
4/256 SAN Director and DC SAN Backbone Director (short name, DC Director) models send their
RADIUS requests using the IP address of the active CP. When adding clients, add both the active and
standby CP IP addresses so that, in the event of a failover, users can still log in to the switch.
To enable clients:
1. Open the $PREFIX/etc/raddb/client.config file in a text editor and add the switches that are to be
configured as RADIUS clients.
For example, to configure the switch at IP address 10.32.170.59 as a client:
client 10.32.170.59
secret = Secret
shortname = Testing Switch
nastype = other
In this example, shortname is an alias used to easily identify the client and secret is the shared secret
between the client and server. Make sure the shared secret matches that configured on the switch (see
To add a RADIUS server to the switch configuration:” on page 81).