Configuring a tacacs+ server to authenticate rbm – Brocade Virtual ADX Administration Guide (Supporting ADX v03.1.00) User Manual

Brocade Virtual ADX Administration Guide

112

53-1003249-01

Integrating RBM with RADIUS and TACACS+

3

Where:

•

The + symbol is a special character and cannot be used inside the context name or role name.

•

context - The maximum allowed length is 32 characters. For example,
SIContextRole=ProductMgmt+Manager
The Brocade Virtual ADX should support more than one context-role pair for a single user,
separated by a semicolon.

In the file: /usr/local/share/freeradius/dictionary.foundry, add the following:

In this RADIUS server configuration, “*” specifies the default pair. If “*” is not present, the first pair
is considered as the default pair.

Configuring a TACACS+ server to authenticate RBM

Add the following configuration to the file /usr/local/etc/tacacs.conf for the TACACS+ server to
authenticate RBM. The settings for “brocade-context-role” and “brocade-role-temp1” must reflect
the settings in the specified RBM role template.

user=brcd1 {

default server = permit

#member = admin

#Global password

global = cleartext “pass”

service = exec {

foundry-privlvl = 1

brocade-context-role = rad+viewer

brocade-role-templ = brcd

NOTE

Some TACACS+ servers such as Access Control Server (ACS), do not allow spaces to be present
around the "equal to" operator; for example,

foundry-privlvl=1brocade-context-role=rad+manager.

ATTRIBUTE SIContextRole

10 string

ATTRIBUTE SIRoleTemplate

11 string