Clearing sessions on the client side, Creating a user account on an ldap/ad server, Verifying the user account on the switch – Brocade Network OS Administrator’s Guide v4.1.1 User Manual
Page 301
Removing the mapping of an Active Directory to a switch role
The following example removes the mapping between the Brocade admin role and the Active Directory
(AD) Administrator group. A Brocade user with the admin role can no longer perform the operations
associated with the AD Administrator group.
To unmap an AD group to a switch role, perform the following steps from privileged EXEC mode.
1. Use the configure terminal command to enter global configuration mode.
switch# config terminal
Entering configuration mode terminal
2. Use the no ldap-server command to set the group information.
switch(config)# no ldap-server maprole group Administrator
Configuring the client to use LDAP/AD for login authentication
After you configured the switch LDAP server list, you must set the authentication mode so that ALDAP
is used as the primary source of authentication. refer to
on page 277 for
information on how to configure the login authentication mode.
Clearing sessions on the client side
In Network OS 4.0 and later, you can use the clear sessions command to log out user sessions that
are connected to a switch. This command is not distributed across a cluster. If you are in VCS mode,
you must use the RBridge ID of the node to log out the users connected to the individual nodes.
In standalone mode:
switch# clear sessions
This operation will logout all the user sessions. Do you want to continue (yes/no)?: y
In VCS mode:
switch# clear sessions rbridge-id 3
This operation will logout all the user sessions. Do you want to continue (yes/no)?: y
Configuring an Active Directory server on the client side
The following high-level overview of server-side configuration for LDAP/AD servers indicates the steps
needed to set up a user account. This overview is provided for your convenience only. All instructions
involving Microsoft Active Directory can be obtained from
or from your Microsoft
documentation. Confer with your system or network administrator prior to configuration for any special
needs your network environment may have.
Creating a user account on an LDAP/AD server
1. Create a user on the Microsoft Active Directory server.
2. Create a group. The group should either match with the user’s Brocade switch role or you can map
the role to the Brocade switch role with the ldap-server maprole command.
3. Associate the user with the group by adding the user to the group.
The user account configuration is complete.
Verifying the user account on the switch
1. Log in to the switch as a user with admin privileges.
2. Verify that the LDAP/AD server has an entry in the switch LDAP server list.
switch# show running-config ldap-server
Removing the mapping of an Active Directory to a switch role
Network OS Administrator’s Guide
301
53-1003225-04