Fibre Channel (SAN)

Reply
Occasional Contributor
Posts: 8
Registered: ‎08-28-2009

Radius - Steel-belted

Howdy

Has anyone got steel-belted working with 6.1.2

It works for me but only with local users set up on the radius, ie its not authenticating the users against the domain.

Also if I do set up a local user on the radius server it defaults to the default role when you do log in.  I do not know how to change this.

Is it a radius attribute I need to set to specify the Roles?

Cheers

Marc

Occasional Contributor
Posts: 8
Registered: ‎08-28-2009

Re: Radius - Steel-belted

Apologies, I meant to specify this is FABOS 6.1.2 M48 switches, and its SBR 6.0

External Moderator
Posts: 4,973
Registered: ‎02-23-2004

Re: Radius - Steel-belted

whit the command "aaaConfig" and the operands “radius;local”

for details about the config, see in the Command reference Manual

TechHelp24
Occasional Contributor
Posts: 8
Registered: ‎08-28-2009

Re: Radius - Steel-belted

Apologies this is not what I mean.

This is to do with config of the radius server, not the brocade switch.

I understand the aaa config, and have a fulback to local but that is the localdb on the switch.

I am meaning because I am missing radius attribute settings for brocade the radius will not authenticate to the windows domain, only local users configured on the radius server itself.

Cheers

M

External Moderator
Posts: 4,973
Registered: ‎02-23-2004

Re: Radius - Steel-belted

Fine... i have understand

and the answer is aaaconfig --“radius;local”

TechHelp24
Occasional Contributor
Posts: 8
Registered: ‎08-28-2009

Re: Radius - Steel-belted

Ok, I already have that set up for aaaconfig.

It is the attributes the radius sends to the switch during authentication that I am missing?

aaaconfig --show
RADIUS CONFIGURATIONS
=====================

Position     : 1
Server       : X.X.X.X

Port         : 1645
Secret       : XXXXXXXX
Timeout(s)   : 3
Auth-Protocol: CHAP

LDAP CONFIGURATIONS
===================
LDAP configuration does not exist.

Primary AAA Service: RADIUS
Secondary AAA Service: Switch database
JODI:admin>

however I still cannot login with radius users on the windows domain configured witht he radius server.

if i log in with a user configured locally on the radius server (not the switch localdb) if uses the default role?  how can I change that?

External Moderator
Posts: 4,973
Registered: ‎02-23-2004

Re: Radius - Steel-belted

Marc,

according the --show output you have posted here. I'am a little confused.

your wrote here: --->>> however I still cannot login with radius users on the windows domain configured witht he radius server.

Is the Authentication mode beetwen the windows domain and the Radius Server working ?

TechHelp24
Occasional Contributor
Posts: 8
Registered: ‎08-28-2009

Re: Radius - Steel-belted

Correct, the brocade config looks correct, this is a question about configuring the radius server to work with the switch.

Our radius servers can auth with the domain, and work for all the cisco, junipers, wireless, and plenty of other clients and they can authenticate to the windows domain.

However the brocade switches, seem to only want to authenticate with radius locally configured users. (not switch localdb)

From what I understand this is normally to do with radius attributes that we are not understanding or sending to the brocade.

Hence my orginal question, about radius attributes!!! What radius attributes need to be configured?

Or is it purely that brocade is not fully compatable with steel-belted?

External Moderator
Posts: 4,973
Registered: ‎02-23-2004

Re: Radius - Steel-belted

Marc,

--->>> Or is it purely that brocade is not fully compatable with steel-belted?

no guaranted, see here. But, i don't know wich Release as been tested with Brocade, I'll ask a certain person, when get answer i will post here.

http://www.brocade.com/products-solutions/solutions/ethernet-solutions/security/secure-authentication/index.page

--->>> What radius attributes need to be configured?

I dont know other attribute wich must be configured or need other as that is descripted in the Command ref. Manuals in the aaaconfig command.

TechHelp24
External Moderator
Posts: 4,973
Registered: ‎02-23-2004

Re: Radius - Steel-belted

Marc,

i have answer received from Juniper SE.

That asks which version it installed ?

Enterprise or Enterprise whit optional LDAP ?

TechHelp24

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.