beautypg.com

Setting up a radius server, Configuring radius server support with linux, Adding the brocade attributes to the server – Brocade Fabric OS Administrators Guide (Supporting Fabric OS v7.3.0) User Manual

Page 155

background image

In the next example, on a Linux FreeRADIUS Server, the user has the "zoneAdmin" permissions, with
VFlist 2, 4, 5, 6, 7, 8, 10, 11, 12, 13, 15 17, 19, 22, 23, 24, 25, 29, 31 and HomeLF 1.

user300 Auth-Type := Local, User-Password == "password"

Brocade-Auth-Role = "zoneadmin",

Brocade-AVPairs1 = "HomeLF=1;LFRoleList=securityadmin:2,4-8,10"

Brocade-AVPairs2 = "LFRoleList=admin:11-13, 15, 17, 19;user:22-25,29,31"

Brocade-AVPairs3 = "ChassisRole=switchadmin"

Setting up a RADIUS server

NOTE
To set up the RADIUS server, you must know the switch IP address, in either IPv4 or IPv6 notation, or
the name to connect to switches. Use the ipAddrShow command to display a switch IP address.

For Brocade Backbones, the switch IP addresses are aliases of the physical Ethernet interfaces on the
CP blades. When specifying client IP addresses for the logical switches in these systems, make sure
the CP blade IP addresses are used. For accessing both the active and standby CP blades, and for the
purpose of HA failover, both of the CP blade IP addresses must be included in the RADIUS server
configuration.

User accounts should be set up by their true network-wide identities rather than by the account names
created on a Fabric OS switch. Along with each account name, the administrator must assign
appropriate switch access permissions. To manage a fabric, one can set these permissions to user,
admin, and securityAdmin.

Configuring RADIUS server support with Linux

The following procedures work for FreeRADIUS on Solaris and Red Hat Linux. FreeRADIUS is a
freeware RADIUS server that you can find at the following website:

http://www.freeradius.org

Follow the installation instructions at the website. FreeRADIUS runs on Linux (all versions), FreeBSD,
NetBSD, and Solaris. If you make a change to any of the files used in this configuration, you must stop
the server and restart it for the changes to take effect.

FreeRADIUS installation places the configuration files in $PREFIX/etc/raddb . By default, the PREFIX
is /usr/local .

Configuring RADIUS service on Linux consists of the following tasks:

• Adding the Brocade attributes to the server
• Creating the user
• Enabling clients

Adding the Brocade attributes to the server

1. Create and save the file $PREFIX/etc/raddb/dictionary.brocade with the following information:

# dictionary.brocade

#

VENDOR Brocade 1588

#

# attributes

#

ATTRIBUTE Brocade-Auth-Role 1 string Brocade

ATTRIBUTE Brocade-AVPairs1 2 string Brocade

ATTRIBUTE Brocade-AVPairs2 3 string Brocade

ATTRIBUTE Brocade-AVPairs3 4 string Brocade

Setting up a RADIUS server

Fabric OS Administrators Guide

155

53-1003130-01

See also other documents in the category Brocade Computer Accessories: