Fibre Channel (SAN)

Reply
Occasional Contributor
Posts: 6
Registered: ‎11-20-2012
Accepted Solution

Authentication failure via LDAP Authentication using cli

Hello All,

 

My SAN Switches are currently running FOS 7.1.1b with local and AD/LDAP authentication configured. We were able to authenticate via AD previously but recently when we tried to login using AD from putty. we are getting this below message from putty log

 

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2015.07.21 19:25:20 =~=~=~=~=~=~=~=~=~=~=~=
login as: ctsik358
ctsik358@10.450.40.31's password:
Your password has expired. Please change your password now.
RADIUS authentication is turned on.
Please specify a switch local account name with passwd command.

 

After the above message putty session will close automatically

 

But we are able to login via GUI using the same password and we are facing this issue only when we try to login via cli, can someone help me understand what would be the issue

Occasional Contributor
Posts: 6
Registered: ‎11-20-2012

Re: Authentication failure via LDAP Authentication using cli

Finally the issue was attributed to expired password for admin account in switch..All remote authentications will rely on admin account in switch. So please make sure admin password is not expired for an successful remote authentication

Visitor
Posts: 1
Registered: ‎04-24-2013

Re: Authentication failure via LDAP Authentication using cli

Are there any Brocade personnel that can make this a feature request? I'm not sure why the 'admin' account is tied to external LDAP authentication for CLI logins, but in our organization the local admin account is subject to password policies and that includes expiring after X days.

Brocade Moderator
Posts: 307
Registered: ‎03-29-2011

Re: Authentication failure via LDAP Authentication using cli

Hi Sergio,

 

I see that a case was opened around the same query the 22nd and a process was started, so this is beeing handled. Could not find a RFE (request for enhancement) or similiar, yet.

 

Note: If we use "ldapcfg --maprole Xrole admin" to map Xrole to admin, if the admin is disabled or password is expired, you will be denied access. Since we have specified mapping the Xrole (from LDAP/AD) to admin user and not admin role on the switch.




If this provided you with a solution to this issue, please mark it with the button at the bottom "Accept as solution".


Any and all information provided by me is not reviewed, approved or endorsed by Brocade and is provided solely as a convenience for Brocade customers. All systems and all networks are different and unique. If you have a service affecting network problem, please open a TAC service request for service through Brocade, or through your OEM equipment provider. If this provided you with a solution to this issue, please mark it with the button at the bottom "Accept as solution"

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.