Dell POWEREDGE M1000E User Manual

Page 158

Advertising
background image

158

Fabric OS Administrator’s Guide

53-1002745-02

Remote authentication

5

When you use network information service (NIS) for authentication, the only way to enable
authentication with the password file is to force the Brocade switch to authenticate using password
authentication protocol (PAP); this requires the -a pap option with the aaaConfig command.

Enabling clients

Clients are the switches that will use the RADIUS server; each client must be defined. By default, all
IP addresses are blocked.

The Brocade Backbones send their RADIUS requests using the IP address of the active CP. When
adding clients, add both the active and standby CP IP addresses so that, in the event of a failover,
users can still log in to the switch.

1. Open the $PREFIX/etc/raddb/client.config file in a text editor and add the switches that are to

be configured as RADIUS clients.

For example, to configure the switch at IP address 10.32.170.59 as a client:

client 10.32.170.59

secret

= Secret

shortname

= Testing Switch

nastype

= other

In this example, shortname is an alias used to easily identify the client. Secret is the shared
secret between the client and server. Make sure the shared secret matches that configured on
the switch (see

“Adding an authentication server to the switch configuration”

on page 175).

2. Save the file $PREFIX/etc/raddb/client.config, and then start the RADIUS server as follows:

$PREFIX/sbin/radiusd

Configuring RADIUS server support with Windows 2000

The instructions for setting up RADIUS on a Windows 2000 server are listed here for your
convenience but are not guaranteed to be accurate for your network environment. Always check
with your system administrator before proceeding with setup.

NOTE

All instructions involving Microsoft Windows 2000 can be obtained from

www.microsoft.com

or your

Microsoft documentation. Confer with your system or network administrator prior to configuration
for any special needs your network environment may have.

Configuring RADIUS service on Windows 2000 consists of the following steps:

1. Installing Internet Authentication Service (IAS)

For more information and instructions on installing IAS, refer to the Microsoft website.

2. Enabling the Challenge Handshake Authentication Protocol (CHAP)

swadmin

Auth-Type := System
Brocade-Auth-Role = "admin",
Brocade-AVPairs1 = "HomeLF=70",
Brocade-AVPairs2 = "LFRoleList=admin:2,4-8,70,80,128",
Brocade-AVPairs3 = "ChassisRole=switchadmin",
Brocade-Passwd-ExpiryDate = "11/10/2008",
Brocade-Passwd-WarnPeriod = "30"

Advertising
Popular Brands
Popular manuals