06-11-2013 09:23 AM
I am curious if it is possible to distribute the account/password database and/or IPFilter Policies across redundant SAN's or, more importantly, to devices configured as access gateways.
I am looking into ways to get centralized user account management on my SAN and AD/LDAP is not an option due to many devices not supporting the version of FabricOS required to do this.
Beyond that, the vast majority of my SAN are blade chassis based devices configured as access gateways.
How are people running redundant (non-connected) SAN's, with many access gateway devices performing centralized policy distribution and account management?
06-12-2013 04:19 AM
there´s the distribute command with that cmd it is possible to distribute the /user/pwd and other db from the local switch onto the other switches in the same fabric.
before you head out to use this command, verify first if the local db can be distributed or not, you can do that with the fddcfg --show command, every db should have the accept word next to it.
beware from which switch you start the distribute command ^^
and make sure no one is actually configuring something on the fabric, cause the distribute command causes all current useres logged in somewhere in the fabric, where you about to issue the command to be be logged off.
@havent tried the distribute the pwd/user db onto switches running the AG mode, but this is my next task
06-12-2013 06:47 AM
I think you'll find that most of what you have suggested does not seem to work with devices in Access Gateway mode, which is a huge problem for me.
06-12-2013 06:57 AM
Lightweight Directory Access Protocol (LDAP) Yes
and it works, it is just a pain to set it up