Fibre Channel (SAN)

Reply
N/A
inf-assistance
Posts: 1
Registered: ‎12-05-2012

Brocade switch SAN and Active Directory

Hi,

i would like use Active Directory for authentication users

i have read the documentation but in this documentation , there is write : "Add the attribute brcdAdVfData to the existing Active Directory schema"

how make that ?

best regards

New Contributor
skaloyanova
Posts: 3
Registered: ‎11-17-2009

Re: Brocade switch SAN and Active Directory

Hi inf-assistance,

Here is a procedure, which I wrote some time ago for my colleagues:

Instructions for configuring the RADIUS (via IAS)

1. From the Windows Start menu, select Programs > Administrative Tools > Internet Authentication Service to open the Internet Authentication Service window.

2. Right click on "Internet Authentication Service (Local)" and select Properties.

In the Ports Tab, enter 1812,1645 in the Authentication field and 1813,1646 in the Accounting field. Click OK.

3. In the Internet Authentication Service window, right click the RADIUS Clients folder and select New RADIUS Client from the drop-down menu.

4. In the New RADIUS Client window, provide the following information:

Friendly name                          - enter switch friendly name

Client address (IP or DNS)   - enter switches IP address

Protocol                                     - Select RADIUS as the protocol.

Client-Vendor                       - Select RADIUS Standard.

Shared secret                       - Enter the following text: sharedsecret

5. In the Internet Authentication Service window, right-click the Remote Access Policies folder; then select New Remote Access Policy from the drop-down menu.

6. In the New Remote Access Policy window, select Set up a custom policy radio button, for Policy name enter the following text: Switch Admin policy and then click Next.

On the new screen (Policy Conditions window), click Add.

In the Select Attribute window, select Windows-Groups and click Add.

In the Groups window, click Add.

In the Select Groups window, select either local group on the RADIUS server or Activie Diresctory security group containg users accounts, click “Check Names” to resolve it and click OK. In the Groups window, click OK.

In the New Remote Access Policy window, confirm that the Conditions section displays the group that you selected and click Next.

Select the Grant remote access permission radio button and click Next.

On the new screen, click Edit Profile.

In the Edit Dial-in Profile window, click the Authentication tab and check only the Encrypted Authentication (CHAP) and Unencrypted Authentication (PAP, SPAP) checkboxes; then click the Advanced tab and click Add.

In the Add Attributes window, select Vendor-Specific and click Add.

In the Multivalued Attribute Information window, click Add.

In the Vendor-Specific Attribute Information window, click the Enter Vendor Code radio button and enter the value 1588. Click the Yes. It conforms radio button, and then click Configure Attribute....

In the Configure VSA (RFC compliant) window, enter the following values and click OK.

Vendor-assigned attribute number  - Enter the value 1

Attribute format                                    - Enter String

Attribute value                                      - Enter the following text: admin

Note: if you enter user in Attribute value field, you will assign user permissions for this policy

In the Vendor-Specific Attribute Information window, click OK.

In the Multivalued Attribute Information window, click OK.

In the Add Attribute windows, click Close.

In the Edit Dial-in Profile window, remove all additional parameters (except the one you just added, “Vendor-Specific”) and click OK.

In the New Remote Access Policy window, click Next and Finish.

7. In the Internet Authentication Service window, right click on the Internet Authentication Service (Local) and select Register Server in Active Directory from the drop-down menu. Click OK.

8. After completing the above steps to configure the Internet Authentication Service, you must stop and restart the Service.

In the Internet Authentication Service window, right click on the Internet Authentication Service (Local) and select Stop Service.

Right click on the Internet Authentication Service (Local) and select Start Service.

On the switch the following commands should be executed:

Replace 10.10.10.10 with the IP of the RADIUS server:

aaaConfig --add 10.10.10.10 -conf radius -a pap

aaaConfig --authspec "radius;local"

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.