beautypg.com

Configuring server side radius support, Configuring a radius server with linux – Brocade Network OS Administrator’s Guide v4.1.1 User Manual

Page 281

background image

Configuring server side RADIUS support

With RADIUS servers, you should set up user accounts by their true network-wide identity, rather than
by the account names created on a Brocade switch. Along with each account name, you must assign
appropriate switch access roles. A user account can exist on a RADIUS server with the same name as
a user on the switch at the same time.

When logging in to a switch configured with RADIUS, users enter their assigned RADIUS account
names and passwords when prompted. Once the RADIUS server authenticates a user, it responds with
the assigned switch role and information associated with the user account information using a Brocade
Vendor-Specific Attribute (VSA). An Authentication-Accept response without the role assignment
automatically grants the "user" role.

NOTE
RADIUS requires that you configure both the client and the server.

Configuring a RADIUS server with Linux

FreeRADIUS is an open source RADIUS server that runs on Linux (all versions), FreeBSD, NetBSD,
and Solaris. Download the package from

www.freeradius.org

and follow the installation instructions at

the FreeRADIUS website.

You will need the following information to configure Brocade-specific attributes. Refer to the RADIUS
product documentation for information on configuring and starting up a RADIUS server.

Adding the Brocade attribute to the RADIUS server configuration

For the configuration on a Linux FreeRadius server, define the values outlined in the following table in a
vendor dictionary file named dictionary.brocade.

dictionary.brocade file entries

TABLE 48

Include

Key

Value

VENDOR

Brocade

1588

ATTRIBUTE

Brocade-Auth-Role

1 string Brocade

1. Create and save the file $PREFIX/etc/raddb/dictionary.brocade with the following information:

#

# dictionary.brocade

#

VENDOR Brocade 1588

#

# attributes

#

ATTRIBUTE Brocade-Auth-Role 1 string Brocade.

2. Open the master dictionary file $PREFIX/etc/raddb/dictionary in a text editor and add the line:

$INCLUDE dictionary.brocade

The file dictionary.brocade is located in the RADIUS master configuration directory and loaded for
use by the RADIUS server.

Configuring server side RADIUS support

Network OS Administrator’s Guide

281

53-1003225-04

See also other documents in the category Brocade Computer Accessories: