beautypg.com

Table 18 – Dell POWEREDGE M1000E User Manual

Page 153

background image

Fabric OS Administrator’s Guide

153

53-1002745-02

Remote authentication

5

RADIUS, LDAP, and TACACS+ support all the defined RBAC roles described in

Table 12

on

page 134.

Users must enter their assigned RADIUS, LDAP, or TACACS+ account name and password when
logging in to a switch that has been configured with remote authentication. After the remote
authentication (RADIUS, LDAP, or TACACS+) server authenticates a user, it responds with the
assigned switch role in a Brocade Vendor-Specific Attribute (VSA). If the response does not have a
VSA permissions assignment, the user role is assigned. If no Administrative Domain is assigned,
then the user is assigned to the default Admin Domain AD0.

You can set a user password expiration date and add a warning for RADIUS login and TACACS+
login. The password expiry date must be specified in UTC and in MM/DD/YYYY format. The
password warning specifies the number of days prior to the password expiration that a warning of
password expiration notifies the user. You either specify both attributes or none. If you specify a
single attribute or there is a syntax error in the attributes, the password expiration warning will not
be issued. If your RADIUS server maintains its own password expiration attributes, you must set the
exact date twice to use this feature, once on your RADIUS server and once in the VSA attribute. If
the dates do not match, then the RADIUS server authentication fails.

Table 18

describes the syntax used for assigning VSA-based account switch roles on a RADIUS

server.

TABLE 18

Syntax for VSA-based account roles

Item

Value

Description

Type

26

1 octet

Length

7 or higher

1 octet, calculated by the server

Vendor ID

1588

4 octet, Brocade SMI Private Enterprise Code

Vendor type

1

1 octet, Brocade-Auth-Role; valid attributes for the Brocade-Auth-Role are:
Admin
BasicSwitchAdmin
FabricAdmin
Operator
SecurityAdmin
SwitchAdmin
User
ZoneAdmin

2

Optional: Specifies the Admin Domain or Virtual Fabric member list. For
more information on Admin Domains or Virtual Fabrics, see

“RADIUS

configuration with Admin Domains or Virtual Fabrics”

on page 155.

Brocade-AVPairs1

3

Brocade-AVPairs2

4

Brocade-AVPairs3

5

Brocade-AVPairs4

6

Brocade Password ExpiryDate

7

Brocade Password ExpiryWarning

Vendor length

2 or higher

1 octet, calculated by server, including vendor-type and vendor-length

Attribute-specific data ASCII string Multiple octet, maximum 253, indicating the name of the assigned role and

other supported attribute values such as Admin Domain member list.

See also other documents in the category Dell Computer Accessories: