Brocade Communications Systems 53-1001763-02 사용자 설명서
Fabric OS Administrator’s Guide
101
53-1001763-02
The authentication model using RADIUS and LDAP
5
Setting the switch authentication mode
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the aaaConfig
--
authspec
command.
Fabric OS user accounts
RADIUS and LDAP servers allow you to set up user accounts by their true network-wide identity
rather than by the account names created on a Fabric OS switch. With each account name, assign
the appropriate switch access roles. For LDAP servers, you can use the ldapCfg
rather than by the account names created on a Fabric OS switch. With each account name, assign
the appropriate switch access roles. For LDAP servers, you can use the ldapCfg
-–
maprole
<ldap_role name> <switch_role> command to map an LDAP server role to one of the default roles
available on a switch.
available on a switch.
RADIUS and LDAP support all the defined RBAC roles described in
Users must enter their assigned RADIUS or LDAP account name and password when logging in to a
switch that has been configured with RADIUS or LDAP. After the RADIUS or LDAP server
authenticates a user, it responds with the assigned switch role in a Brocade Vendor-Specific
Attribute (VSA). If the response does not have a VSA role assignment, the User role is assigned. If
no Administrative Domain is assigned, then the user is assigned to the default Admin Domain AD0.
switch that has been configured with RADIUS or LDAP. After the RADIUS or LDAP server
authenticates a user, it responds with the assigned switch role in a Brocade Vendor-Specific
Attribute (VSA). If the response does not have a VSA role assignment, the User role is assigned. If
no Administrative Domain is assigned, then the user is assigned to the default Admin Domain AD0.
--authspec “radius;local” --backup
Authenticates management connections
against any RADIUS databases. If RADIUS
fails because the service is not available, it
then authenticates against the local user
database. The
against any RADIUS databases. If RADIUS
fails because the service is not available, it
then authenticates against the local user
database. The
--
backup option directs the
service to try the secondary authentication
database only if the primary authentication
database is not available.
database only if the primary authentication
database is not available.
On
On
--authspec “ldap”
Authenticates management connections
against any LDAP databases only. If LDAP
service is not available or the credentials
do not match, the login fails.
against any LDAP databases only. If LDAP
service is not available or the credentials
do not match, the login fails.
n/a
n/a
--authspec “ldap; local”
Authenticates management connections
against any LDAP databases first. If LDAP
fails for any reason, it then authenticates
against the local user database.
against any LDAP databases first. If LDAP
fails for any reason, it then authenticates
against the local user database.
n/a
On
--authspec “ldap; local” --backup
Authenticates management connections
against any LDAP databases first. If LDAP
fails for any reason, it then authenticates
against the local user database. The
against any LDAP databases first. If LDAP
fails for any reason, it then authenticates
against the local user database. The
--
backup option states to try the
secondary authentication database only if
the primary authentication database is not
available.
the primary authentication database is not
available.
n/a
On
1.
Fabric OS v5.1.0 and earlier aaaConfig
--
switchdb <on | off> setting.
TABLE 15
Authentication configuration options (Continued)
aaaConfig options
Description
Equivalent setting in Fabric
OS v5.1.0 and earlier
OS v5.1.0 and earlier
--
radius
--
switchdb
1