Fibre Channel (SAN)

Reply
Contributor
Posts: 39
Registered: ‎02-14-2006

Active directory integration

Hi,

I try to integrate a 5300 into an existing active directory.

  • First, I created a OU called SAN.

  • Second, I added a group called "SANAdmins" including me as user.

  • Next, I configed the switch with aaconfig to recognize the LDAP server(AD-server)

  • As next, I used ldapcfg -maprole SANAdmins admin

But now, I got an error message that the switch first must known by the LDAP server.

Therefore, I tried to add the switch as comupter within the AD. But the error still exist.

Now the core question. Dioes anyone can tell me how to add the switch to the AD?

Many thanks in advance.

Kind regards,

Chris

New Contributor
Posts: 4
Registered: ‎11-18-2003

Re: Active directory integration

You have to go into AD 255 on the switch, then the ldapcfg command can be used to map the roles. AD stands for Administrive Domain and not Active Directory.

We found that the user account has to be in de CN=users folder in Active Directory or else it does not work. This is a big (security) problem for us. Hope you have a solution for this

Regards Ralph

Contributor
Posts: 39
Registered: ‎02-14-2006

Re: Active directory integration

Hi Ralph,

Sorry for the long delay.

I tried to set the command within AD 255 and set a user under CN=Users.

Nevertheless, I doesn't worked for me.

Therefore, can you send me a very short example of the steps to get success.

For you information, I have done the following tasks:

logged in:

ad --select 255

aaconfig --add 192.168.10.10 -conf ldap -d test.mydomain.com

ldapcfg --maprole SANmanager admin

aaaconfig --authspec "ladp;local"

logged out from switch

Inside Active directory server:

Created a user called testuser

Created a group called SANmanager

Added the user testuser to the group SANmanager

But, the login failed with access deneid error.

Thanks in advance for your help.

Kind regards,

Chris

New Contributor
Posts: 4
Registered: ‎11-18-2003

Re: Active directory integration

Most likely LDAP is not setup on the domain controller.

A windows administrator did this for me, so I don't know how it's done.

Regards Ralph

Contributor
Posts: 39
Registered: ‎02-14-2006

Re: Active directory integration

Hi Ralph,

Thanks for the information.

I have only a last short question.

What LDAP role do you mapped to admin? ldapcfg --maprole Users admin?

Was it Users or something else?

Kind regards,

Chris

Occasional Contributor
Posts: 11
Registered: ‎07-23-2009

Re: Active directory integration

Same problem here.. no success with AD Integration.. is there any help available from brocade stuff?

External Moderator
Posts: 4,909
Registered: ‎02-23-2004

Re: Active directory integration

Hi axel.mueller,

Parts this threads here, according the post from CReeber, is a little confused, as follow reason:

For you information, I have done the following tasks:

logged in:

ad --select 255

aaconfig --add 192.168.10.10 -conf ldap -d test.mydomain.com

ldapcfg --maprole SANmanager admin

aaaconfig --authspec "ladp;local"

logged out from switch

AD for Admin Domain and AD for Active Directory are TWO differents things.

For AD Integration betwen a Windows Domain ( AD = Active Directory ) , LDAP must be configured into the Switch,  and is very simple when your Windows AD is working. See please the FOS Admin Guide for details.

I mean, i have some DOC Example about the LDAP config, but unfortunately don't have access a the moment to this file. I will provide to upload here next week.

TechHelp24
Occasional Contributor
Posts: 6
Registered: ‎08-09-2009

Re: Active directory integration

after running -

aaaconfig --authspec "ladp;local"

- local accounts are not authenticating and LDAP is not functional.

can anyone tell me how to get back into the switch?

thx.

-r

External Moderator
Posts: 4,909
Registered: ‎02-23-2004

Re: Active directory integration

ross,

when the aaaconfig is failed, and your cannot log-in to the switch, must first removed the config.

Plug the Serial cable, and connect to the Switch whit Hyper terminat or anther similary Software.

call the command "aaaconfig --show" to verify the config.

remove the wrong config with the command

"aaaconfig --remove server -conf radius|ldap"

for details see the Command Refernce Manuals

TechHelp24
Occasional Contributor
Posts: 6
Registered: ‎08-09-2009

Re: Active directory integration

no joy. attached with serial cable, same problem - access denied for all local accounts. unplugged ethernet cables from mgmt modules to try to force local database authentication - msg: unable to contact ldap server.

-r

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.