Fibre Channel (SAN)

Reply
New Contributor
Posts: 3
Registered: ‎06-10-2009

Brocade 5300 VF enabled IAS/RADIUS authentication...

Hi there,

I have just pass through the related discussions and the admin guide, but without success.

I have two 5300 with VF enabled and Windows IAS as a RADIUS server.

I'm able to authenticate using the AD groups, deviding the roles.

The only issue I have is the "Chassis Role"

Here is the output from "userconfig --show" compareing "local admin" and my personal RADIUS account:

Account name: hristo.kavlachki
Description: RADIUS Account
Enabled: Yes
Password Last Change Date: Unknown (UTC)
Password Expiration Date: Not Applicable (UTC)
Locked: No
Home LF Role: admin
Role-LF List: admin: 128
No chassis permission
Home LF: 128

Account name: admin
Description: Administrator
Enabled: Yes
Password Last Change Date: Mon Nov 22 2010 (UTC)
Password Expiration Date: Not Applicable (UTC)
Locked: No
Home LF Role: admin
Role-LF List: admin: 1-128
Chassis Role: admin
Home LF: 128

And the VSA looks like (see the attachment)

Any help will be appreciated.

Regards,

Hristo Kavlachki

Super Contributor
Posts: 635
Registered: ‎04-12-2010

Re: Brocade 5300 VF enabled IAS/RADIUS authentication...

Hi,

I think you have not configured your VSA attribute correctly. As I had a play with it I struggle at the same topic.

But currelty I have no VF any longer to verify the correct environment.

If I remember it correctly I configured for each Pairs a single entry. The attribute number was important for each entry.

Brocade-AVPairs1 --> 2

Brocade-AVPairs2 --> 3

Brocade-AVPairs3 --> 4

...


Auth-Type := System Brocade-Auth-Role = "admin",

Brocade-AVPairs1 = "HomeLF=70",

Brocade-AVPairs2 = "LFRoleList=admin:2,4-8,70,80,128",

Brocade-AVPairs3 = "ChassisRole=switchadmin"

Check the FOS 6.4 Admin Guide. The Free Radius table on page 103 makes it clear what  I try to explain.

I try to post a screen picture later this day.

Andreas

New Contributor
Posts: 3
Registered: ‎06-10-2009

Re: Brocade 5300 VF enabled IAS/RADIUS authentication...

Thank you Andreas,

You are exact right, the semicolon separation does not work..

I have made separate VSA for each AV pair and now everything is working fine.

Thanks again for your prompt reply.

Best regards,

Hristo Kavlachki

Super Contributor
Posts: 635
Registered: ‎04-12-2010

Re: Brocade 5300 VF enabled IAS/RADIUS authentication...

Hello Hristo,

I am glad to assist. I would appreciate if you can mark the thread as correct.

This will help others to find some help on the same topic.

Thank you,

Andreas

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.