Manualshelf

HP StorageWorks Fabric OS 5.2.x administrator guide (5697-0014, November 2009)

ManualsBrandsHP ManualsStorageHP StorageWorks 4/256 SAN Director Switch
61626364656667686970
Fabric OS 5.2.x administrator guide 67
Creating Fabric OS user accounts
With RADIUS servers, set up user accounts by their true network wide identity rather than by the account
names created on a Fabric OS switch. Along with each account name, assign appropriate switch access
roles.
RADIUS supports all the defined RBAC roles described in Table 9 on page 55.
Users must enter their assigned RADIUS account name and password when logging in to a switch that has
been configured with RADIUS. After the RADIUS server authenticates a user, it responds with the assigned
switch role in a
Vendor-Specific Attribute
(VSA). If the response does not have a VSA role assignment, the
user” role is assigned. If no Administrative Domain is assigned then they are assigned to the default
Admin Domain AD0.
The syntax used for assigning VSA-based account switch roles on a RADIUS server is described in
Table 14.
Table 14 Syntax for VSA-based account roles
Item Value Description
Type 26 1 octet
Length 7 or higher 1 octet, calculated by the server
Vendor ID 1588 4 octet, Brocade's SMI Private Enterprise Code
Vendor type 1 1 octet, Brocade-Auth-Role; valid attributes for the
Brocade-Auth-Role are:
SwitchAdmin
ZoneAdmin
FabricAdmin
BasicSwitchAdmin
Operator
User
Admin
2 Optional: Specifies the Admin Domain member list. See
RADIUS configuration and admin domains” on page 69.
Brocade-AVPairs1
3 Brocade-AVPairs2
4 Brocade-AVPairs3
5 Brocade-AVPairs4
Vendor length 2 or higher 1 octet, calculated by server, including vendor-type and
vendor-length
Attribute-specific data ASCII string multiple octet, maximum 253, indicating the name of assigned
role and other supported attribute values such as Admin
Domain member list.