beautypg.com

Setting the switch authentication mode, Fabric os user accounts – Dell POWEREDGE M1000E User Manual

Page 141

background image

Fabric OS Administrator’s Guide

101

53-1001763-02

The authentication model using RADIUS and LDAP

5

Setting the switch authentication mode

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the aaaConfig

--

authspec

command.

Fabric OS user accounts

RADIUS and LDAP servers allow you to set up user accounts by their true network-wide identity
rather than by the account names created on a Fabric OS switch. With each account name, assign
the appropriate switch access roles. For LDAP servers, you can use the ldapCfg

-–

maprole

command to map an LDAP server role to one of the default roles
available on a switch.

RADIUS and LDAP support all the defined RBAC roles described in

Table 10

on page 84.

Users must enter their assigned RADIUS or LDAP account name and password when logging in to a
switch that has been configured with RADIUS or LDAP. After the RADIUS or LDAP server
authenticates a user, it responds with the assigned switch role in a Brocade Vendor-Specific
Attribute (VSA). If the response does not have a VSA role assignment, the User role is assigned. If
no Administrative Domain is assigned, then the user is assigned to the default Admin Domain AD0.

--authspec “radius;local” --backup

Authenticates management connections
against any RADIUS databases. If RADIUS
fails because the service is not available, it
then authenticates against the local user
database. The

--

backup option directs the

service to try the secondary authentication
database only if the primary authentication
database is not available.

On

On

--authspec “ldap”

Authenticates management connections
against any LDAP databases only. If LDAP
service is not available or the credentials
do not match, the login fails.

n/a

n/a

--authspec “ldap; local”

Authenticates management connections
against any LDAP databases first. If LDAP
fails for any reason, it then authenticates
against the local user database.

n/a

On

--authspec “ldap; local” --backup

Authenticates management connections
against any LDAP databases first. If LDAP
fails for any reason, it then authenticates
against the local user database. The

--

backup option states to try the

secondary authentication database only if
the primary authentication database is not
available.

n/a

On

1.

Fabric OS v5.1.0 and earlier aaaConfig

--

switchdb setting.

TABLE 15

Authentication configuration options (Continued)

aaaConfig options

Description

Equivalent setting in Fabric
OS v5.1.0 and earlier

--

radius

--

switchdb

1

See also other documents in the category Dell Computer Accessories: