Fibre Channel (SAN)

Reply
New Contributor
beohmer
Posts: 2
Registered: ‎09-24-2008

Help with RADIUS authentication

We have several FC switches in our environment that we would like to move to RADIUS authentication. We need to know what type of RADIUS to use, and if needed, where to get VSAs for Brocade to apply to the RADIUS server.

Thanks!

Valued Contributor
TechHelp24
Posts: 3,634
Registered: ‎02-23-2004

Re: Help with RADIUS authentication

--->>>....We need to know what type of RADIUS to use,

see in the FabOS Admin Guide.

what you mean exactely with "...what type....to use" ?

TechHelp24

TechHelp24
Occasional Contributor
lyle_yahoo
Posts: 5
Registered: ‎10-26-2007

Re: Help with RADIUS authentication

We use FreeRADius at work and it works fine for us.

Let me know if you need help with this.

New Contributor
beohmer
Posts: 2
Registered: ‎09-24-2008

Re: Help with RADIUS authentication

Thanks for the feedback - the network engineer here is going to be working on building custom VSAs for Brocade devices, and we'll see how that goes. I'll post back with the results when they are available.

Occasional Contributor
lyle_yahoo
Posts: 5
Registered: ‎10-26-2007

Re: Help with RADIUS authentication

Sure. np

Occasional Contributor
gaurav10.s
Posts: 6
Registered: ‎12-11-2010

Re: Help with RADIUS authentication

Hi , We have a brocade 48000 director class switchand we ar e using freeradius server 1.1.13 configured on a linux server for authenticating users . A ladap server is running for authentication at the backend of radius server .The server is authenticating the users but the users auhenticated ar assigned a default role of user in switch . How can we set the VSA in dictinary.brocade file and the configuration in user file so that the users can be authenticated with some different role say admin or zoneadmin etc ? Its urgent please reply asap.Thanks in advance.

Super Contributor
SAN-AB
Posts: 635
Registered: ‎04-12-2010

Re: Help with RADIUS authentication

Hi,

this depends on you FOS code. The FOS Admin guide point to the correct dictionary entries.

But Why did you not authenticate directly against LDAP?

For the correct entries check page 105 of the attached Admin Guide.

Regards,

Andreas

Occasional Contributor
gaurav10.s
Posts: 6
Registered: ‎12-11-2010

Re: Help with RADIUS authentication

Thanks for the reply Anderas our FOS version is 6.1.1d and kernel version is  2.6.14.2 . We are not using LDAP directly as it is the required in the setup . I have configured all the files of radius as per the directives given on page 91 of chapter 5 but it is not working . We are not using virtual fabric .Please advice .

Occasional Contributor
gaurav10.s
Posts: 6
Registered: ‎12-11-2010

Re: Help with RADIUS authentication

Hi Andreas , this is  for your reference
We are having brocade FC switches and we are using freeradius server "freeradius-1.1.3-1.1.el5" on RHEL 5.5 for authenticating the users . At the backend of radius, LDAP server is running which authenticates the requests of radius server . When we login from the radius client using an LDAP account the request is getting authenticated but the user is getting a default role of "user" in the switch .
The switch we are logging to is the principal switch in the fabric and the radius server used for authentication is kept at the 1st position in the switch .
1. The dictionary.brocade file is
#dictionary.brocade
VENDOR Brocade 1588
#attributes
#
#
#
ATTRIBUTE Brocade-Auth-Role 1 string Brocade
ATTRIBUTE Brocade-AVPairs1 2 string Brocade
ATTRIBUTE Brocade-AVPairs2 3 string Brocade
ATTRIBUTE Brocade-AVPairs3 4 string Brocade
ATTRIBUTE Brocade-AVPairs4 5 string Brocade
ATTRIBUTE Brocade-Passwd-ExpiryDate 6 string Brocade
ATTRIBUTE Brocade-Passwd-WarnPeriod 7 string Brocade
2. Entry in Clients.conf file is
client <client ip subnet is here>  {
secret =        <secret key is there >
shortname =     BrocadeinHOST
}
3. Entry in user file
<username> Auth-Type := Local
User-Password == <"Password" >,
Brocade-Auth-Role = "Admin",
Brocade-AVParis1 = "ADList=0;HomeAD=0",
Brocade-Passwd-ExpiryDate = "01/30/11",

4. Entry added in users file

DEFAULT Auth-Type := LDAP
#       Fall-Through = Yes
Brocade-Auth-Role="admin"

Super Contributor
SAN-AB
Posts: 635
Registered: ‎04-12-2010

Re: Help with RADIUS authentication

Hi,

with  FOS 6.1 I assume that ADList and HomeAD are supported the others fro FOS 6.4 are not supported.

To be honest I have no skills with openRadius implementations.

I am using IAS (RADIUS implementation from Microsoft) and it works fine with FOS 5.3, 6.1,6.2,6.3 and 6.4

If you are not using AD try to delete these entries and try to write admin in lower case.

Andreas

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.