Radius – Dell POWEREDGE M1000E User Manual

Fabric OS Administrator’s Guide

155

53-1002745-02

Remote authentication

5

Brocade-AVPairs2 =

"LFRoleList=admin:2,4-8,70,80,128;ChassisRole=admin",

Brocade-Passwd-ExpiryDate = "11/10/2011",
Brocade-Passwd-WarnPeriod = "30"

RADIUS configuration with Admin Domains or Virtual Fabrics

When configuring users with Admin Domains or Virtual Fabrics, you must also include the Admin
Domain or Virtual Fabric member list. This section describes the way that you configure attribute
types for this configuration.

The values for these attribute types use the syntax key=val[;key=val], where key is a text description
of attributes, value is the attribute value for the given key, the equal sign (=) is the separator
between key and value, and the semicolon (;) is an optional separator for multiple key-value pairs.

Multiple key-value pairs can appear for one Vendor-Type code. Key-value pairs with the same key
name may be concatenated across multiple Vendor-Type codes. You can use any combination of
the Vendor-Type codes to specify key-value pairs. Note that a switch always parses these attributes
from Vendor-Type code 2 to Vendor-Type code 4.

Only the following keys are accepted; all other keys are ignored.

•

HomeAD is the designated home Admin Domain for the account. The valid range of values is
from 0 to 255. The first valid HomeAD key-value pair is accepted by the switch, and any
additional HomeAD key-value pairs are ignored.

•

ADList is a comma-separated list of Administrative Domain numbers to which this account is a
member. Valid numbers range from 0 to 255. A dash between two numbers specifies a range.
Multiple ADlist key-value pairs within the same or across the different Vendor-Type codes are
concatenated. Multiple occurrences of the same Admin Domain number are ignored.

•

HomeLF is the designated home Virtual Fabric for the account. The valid values are between 1
to 128 and chassis context. The first valid HomeLF key-value pair is accepted by the switch,
additional HomeLF key-value pairs are ignored.

•

LFRoleList is a comma-separated list of Virtual Fabric ID numbers to which this account is a
member. Valid numbers range from 1 to 128. A dash between two numbers specifies a range.
Multiple Virtual Fabric list key-value pairs within the same or across different Vendor-Type
codes are concatenated. Multiple occurrences of the same Virtual Fabric ID number are
ignored.

•

ChassisRole is the account access permission at the chassis level. The chassis role allows the
user to execute chassis-related commands in a Virtual Fabrics-enabled environment. Valid
chassis roles include the default roles and any of the user-defined roles.

RADIUS authentication requires that the account have valid permissions through the attribute type
Brocade-Auth-Role. The additional attribute values ADList, HomeAD, HomeLF, and LFRoleList are
optional. If they are unspecified, the account can log in with AD0 as its member list and home
Admin Domain or VF128 as its member list and home Virtual Fabric. If there is an error in the
ADlist, HomeAD, LFRoleList, or HomeLF specification, the account cannot log in until the AD list or
Virtual Fabric list is corrected; an error message is displayed.