Fibre Channel (SAN)

Reply
Occasional Contributor
Posts: 5
Registered: ‎07-16-2008

Error log for failed Active Directory login attmepts

Hi,

I am trying to configure our switches to use Active Directory.

I have done the following:

Login as admin

ad --select 255

aaaConfig --add "ADServer" -conf ldap -d "ADDomain"

aaaConfig --authspec "ldap;local'

ldapcfg --maprole SANAdmin.gs admin

aaaConfig --show seems to show set up correctly, as does ldapcfg --show.

When I login as a user in the SANAdmin.gs group I just get Login incorrect error.

Is there a log on the switch that will show if it is actually getting anything back from the Active Directory server? I have tried looking in the Event Log on the server but there are thousands of entries a minute and it is almost impossible to sift through.

Any help you can give would be hugely appreciated!

Cheers

Paul

External Moderator
Posts: 4,907
Registered: ‎02-23-2004

Re: Error log for failed Active Directory login attmepts

Paul.

--->>>I am trying to configure our switches to use Active Directory.

You are a little confused.

the command "ad --operands" , is a Admin Domain command, and not intended to configure Active Directory.

Do you want to configure out Admin Domain or Active Directory ?

TechHelp24
Occasional Contributor
Posts: 5
Registered: ‎07-16-2008

Re: Error log for failed Active Directory login attmepts

I am trying to configure the switches to talk to Active Directory.

The ad --select 255 was just to log in to that domain so I could run the ldapcfg command.

The others are authentication commands I thought.

In the options where I mention ADDomain I am reffering to my Active Directory domain.

External Moderator
Posts: 4,907
Registered: ‎02-23-2004

Re: Error log for failed Active Directory login attmepts

again,

"ad --commands" are Admin Domain command

is the switch as Admin Domain configured ? ie. AD1 or AD2 and so on... ?

do you want to add a User specific created / configured AD = Admin Domain into Active Directory ?

TechHelp24
Occasional Contributor
Posts: 5
Registered: ‎07-16-2008

Re: Error log for failed Active Directory login attmepts

I don't have Admin Domains configured, just the default AD0 and AD255.

I am just trying to get the switch to authenticate with Active Directory, I don't want to do anything with Admin Domains.

I have a user already created in Active Directory, it is in a Global Security group called SanAdmins.gs, which I ahve mapped to the admin role.

Is there a log somewhere on the switch that will show me detailed login errors?

External Moderator
Posts: 4,907
Registered: ‎02-23-2004

Re: Error log for failed Active Directory login attmepts

--->>>I don't have Admin Domains configured,

--->>>I don't want to do anything with Admin Domains.

Fine Paul,

then just forgot the ad --command you post here as the threads was opened. OK ?

"ad" command's are not a part from Active Directory config!

In order to configure Active Directory, you must use the command "aaaconfig" and "ldapconfig"

here are diverse threads, that can you help to begin to config Active Directory integration.

http://community.brocade.com/home/thread/2638

http://community.brocade.com/home/message/8641#8641

http://community.brocade.com/home/message/7834#7834

as first, you must make sure, you ( Server Side ) Active Directory is correct configure and accepted login ie. from other Device, PC, server, etc...

details and Operands about the command are listed in the Command Reference Manuals and Fabric OS Administrator Guide.

TechHelp24
Occasional Contributor
Posts: 5
Registered: ‎07-16-2008

Re: Error log for failed Active Directory login attmepts

Thank you for the links, unfortunatley I they do not help. I have read those already.

I just want to know if there is a log somewhere on the local switch that shows detailed login errors.

From what I undertand the ad --select 255 command has to be run to put me in to Admin Domain 255 before I can run the ldapconfig commmand. That is why it is listed here.

The other commands are all aaaConfig and ldapconfg commands. There are no other ad --opreands commands anywhere.

Active Directory is fully configured and servers\pc's all communicate with it. However I am unable to logon with any credentials from the Active Directory.

If there is loggind on the switch which may point me in the right direction can someone please let me know where it is?

Cheers

Paul

External Moderator
Posts: 4,907
Registered: ‎02-23-2004

Re: Error log for failed Active Directory login attmepts

--->>> From what I undertand the ad --select 255 command has to be run to put me in to Admin Domain 255 before I can run the ldapconfig commmand. That is why it is listed here.

They have misunderstood.

See please in the Fabric OS Admin Guide, is attached here as PDF

Chapter 5, The authentication model using RADIUS and LDAP

I have configured LDAP as several time, this is easy and very simple.

I will provide to create a LDAP How-To guide Contribution in the next day and post here.

TechHelp24
Occasional Contributor
Posts: 5
Registered: ‎07-16-2008

Re: Error log for failed Active Directory login attmepts

Hey Techhelp24,

Cheers for the doco, thats the one I followed originally, unfortunatley its still not working.

If you have a How To guide that would be great.

Do you knwo if there is a security log on the switch that will tell me any errors coming from the login. I want to know for sure if the switch is actually talking to AD or if it fails to even get there.

Cheers

Paul

External Moderator
Posts: 4,907
Registered: ‎02-23-2004

Re: Error log for failed Active Directory login attmepts

Hi Paul,

--->>>If you have a How To guide that would be great.

A official How-To Guide to implement LDAP / Active Directory is not available from Brocade, but Brocade offer a Course SEC-112 which contain

Restricting Administrative Access with User Authentication Controls with the RADIUS Protocol
Restricting Administrative Access with User Authentication Controls and the LDAP Protocol

As i said in my preview post yesterday, i will provide to Create a Contribution in teh next day.

TechHelp24

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.