Linux, Adding the attribute to the server, Creating the user – HP StorageWorks 2.128 SAN Director Switch User Manual
Page 47
Fabric OS 5.x administrator guide
47
Linux
The following procedures work for FreeRADIUS on Solaris and Red Hat Linux. FreeRADIUS is a freeware
RADIUS server that you can find at the following web site:
Follow the installation instructions at the web site. FreeRADIUS runs on Linux (all versions), FreeBSD,
NetBSD, and Solaris. If you make a change to any of the files used in this configuration, you must stop the
server and restart it for the changes to take effect.
FreeRADIUS installation places the configuration files in
$PREFIX/etc/raddb
. By default, the
PREFIX
is
/usr/local
.
Configuring RADIUS service on Linux consists of the following tasks:
•
Adding the HP attribute to the server
•
Creating the user
•
Enabling clients
Adding the attribute to the server
1.
Create and save the file
$PREFIX/etc/raddb/dictionary.brocade
with the following
information:
This defines the vendor ID as 1588, the vendor attribute 1 as
Brocade-Auth-Role
, and it is a string
value.
2.
Open the file
$PREFIX/etc/raddb/dictionary
in a text editor and add the following line:
$INCLUDE dictionary.brocade
As a result, the file
dictionary.brocade
is located in the RADIUS configuration directory and
loaded for use by the RADIUS server.
Creating the user
Open the
$PREFIX/etc/raddb/user
file in a text editor and add user names and roles for users who
will be accessing the switch and authenticating RADIUS. The user logs in using the role specified with
Brocade-Auth-Role
. The valid roles include root, factory, admin, switchAdmin, and user. You must
use quotation marks around
“password”
and
“role”
.
For example, to set up an account called JohnDoe with the admin role:
The next example uses the local system password file to authenticate users. (This does not work when
using NIS for authentication. The only way to enable authentication with the password file is to force the
HP StorageWorks switch to authenticate using PAP; this requires the
-a pap
option with the
aaaConfig
command.) For example:
#
# Brocade FabricOS v5.0.1 dictionary
#
VENDOR Brocade
1588
#
# attribute 1 defined to be Brocade-Auth-Role
# string defined in user configuration
#
ATTRIBUTE
Brocade-Auth-Role
1 string Brocade
JohnDoe Auth-Type := Local, User-Password == “johnPassword” Brocade-Auth-Role =
“admin”
JohnDoe Auth-Type := System, Brocade-Auth-Role = “admin”