beautypg.com

Viewing the syslog ca certificate, Mapping an active directory group to a switch role – Brocade Network OS Administrator’s Guide v4.1.1 User Manual

Page 300

background image

When no syslog CA certificate is present

switch# no certutil syslogcacert

% Error: syslog CA certificate does not exist.

When a syslog CA certificate exists on the switch

switch# no certutil syslogcacert

Do you want to delete syslog CA certificate? [y/n]:n

Viewing the syslog CA certificate

The following procedure allows you to view the syslog CA certificate that has been imported on the
switch.

1. Connect to the switch and log in using an account with admin role permissions.
2. In privileged EXEC mode, enter the show cert-util syslogcacert command.

Standalone mode

This example displays all syslog CA certificates.

switch# show cert-util syslogcacert

Logical chassis cluster mode

This example displays the syslog CA certificates for rbridge-id 3 only.

switch# show cert-util syslogcacert rbridge-id 3

Configuring Active Directory groups on the client side

An Active Directory (AD) group defines access permissions for the LDAP server similar to Brocade
roles. You can map an Active Directory group to a Brocade role with the ldap-server map-role
command. The command confers all access privileges defined by the Active directory group to the
Brocade role to which it is mapped.

A user on an AD server should be assigned a nonprimary group, and that group name should be
either matched or mapped to one of the existing roles on the switch.

After successful authentication, the user is assigned a role from a nonprimary group (defined on the
AD server) based on the matched or mapped switch role.

A user logging in to the switch that is configured to use LDAP and has a valid LDAP user name and
password will be assigned LDAP user privileges if the user is not assigned with any nonprimary group.

Mapping an Active Directory group to a switch role

In the following example, a Brocade user with the admin role inherits all privileges associated with the
Active Directory (AD) Administrator group.

1. In privileged EXEC mode, use the configure terminal command to enter global configuration

mode.

switch# config terminal

Entering configuration mode terminal

2. Use the ldap-server command to set the group information.

A maximum of 16 AD groups can be mapped to the switch roles.

switch(config)# ldap-server maprole group Administrator role admin

Viewing the syslog CA certificate

300

Network OS Administrator’s Guide

53-1003225-04

See also other documents in the category Brocade Computer Accessories: