Adding a user and assigning a role, Configuring admin domain lists, Configuring virtual fabric lists – Brocade Fabric OS Administrators Guide (Supporting Fabric OS v7.3.0) User Manual
Page 168
Adding a user and assigning a role
When adding a user to the tac_plus.cfg file, you should at least provide the brcd-role attribute. The
value assigned to this attribute should match a role defined for the switch. When a login is
authenticated, the role specified by the brcd-role attribute represents the permissions granted to the
account. If no role is specified, or if the specified role does not exist on the switch, the account is
granted user role permissions only.
on page 134 for details about roles.
The following fragment from a tac_plus.cfg file adds a user named fosuser1 and assigns the
securityAdmin role to the account.
user = fosuser1 {
chap = cleartext "my$chap$pswrd"
pap = cleartext "pap-password"
service = exec {
brcd-role = securityAdmin;
}
}
Configuring Admin Domain lists
If your network uses Admin Domains, you should create Admin Domain lists for each user to identify
the Admin Domains to which the user has access.
Assign the following key-value pairs to the brcd-AV--Pair1 and, optionally, brcd-AV-Pair2 attributes to
grant the account access to the Admin Domains:
• HomeAD is the designated home Admin Domain for the account. The valid range of values is from
0 through 255. The first valid HomeAD key-value pair is accepted by the switch, and any additional
HomeAD key-value pairs are ignored.
• ADList is a comma-separated list of Administrative Domain numbers of which this account is a
member. Valid numbers range from 0 through 255. A - between two numbers specifies a range.
The following example sets the home Admin Domain for the fosuser4 account to 255 and grants the
account access to Admin Domains 1, 2, 3, and 200 through 255.
user = fosuser4 {
pap = clear "password"
chap = clear "password"
password = clear "password"
service = shell {
set brcd-role = securityAdmin
set brcd-AV-Pair1 = "homeAD=255;ADList=1,2,3";
set brcd-AV-Pair2 = "ADList=200-255";
}
}
Configuring Virtual Fabric lists
If your network uses Virtual Fabrics, you should create Virtual Fabric lists for each user to identify the
Virtual Fabrics to which the account has access.
Assign the following key-value pairs to the brcd-AV--Pair1 and, optionally, brcd-AV-Pair2 attributes to
grant the account access to the Virtual Fabrics:
• HomeLF is the designated home Virtual Fabric for the account. The valid values are from 1 through
128 and chassis context. The first valid HomeLF key-value pair is accepted by the switch. Additional
HomeLF key-value pairs are ignored.
• LFRoleList is a comma-separated list of Virtual Fabric ID numbers to which this account is a
member, and specifies the role the account has on those Virtual Fabrics. Valid numbers range from
1 through 128. A - between two numbers specifies a range.
Adding a user and assigning a role
168
Fabric OS Administrators Guide
53-1003130-01