Brocade Fibre Channel Networking Community

Expand all | Collapse all

Brocade Active Directory Integration requires @fqdn in username?

  • 1.  Brocade Active Directory Integration requires @fqdn in username?

    Posted 01-02-2013 09:06 AM

    Hello All,

    I am confused as to why I need to append the @fqdn when logging in using ldap authentication.

    aaaconfig --show

    RADIUS CONFIGURATIONS

    =====================

    RADIUS configuration does not exist.

    LDAP CONFIGURATIONS

    ===================

    Position                 : 1

    Server                   : 10.0.0.5

    Port                     : 389

    Domain                   : fqdn

    Timeout(s)               : 1

    Position                 : 2

    Server                   : 10.0.0.6

    Port                     : 389

    Domain                   : fqdn

    Timeout(s)               : 1

    ldapcfg --show

            LDAP Role       |       Switch Role

    ------------------------------------------------

            brocadeAdminGrp  |     admin

    ------------------------------------------------

    I have a testuser AD account created and is a member of the brocadeAdminGrp...The issue is when i log into the brocade switch I have to append the FQDN like this

    testuser@fqdn

    If I don't include the @fqdn it will reject the login with denied.


    #BrocadeFibreChannelNetworkingCommunity


  • 2.  Re: Brocade Active Directory Integration requires @fqdn in username?

    Posted 01-14-2013 05:41 PM

    I too recently ran into a similar problem where a particular LDAP user was unable to login to 2 of the 3 Brocade switches I recently setup for LDAP auth.  After several hours of troubleshooting I realized that if I typed a wrong password then the correct password the user was allowed to SSH into the 2 Brocades using a non-FQDN login.  I found this odd and I could reproduce it every time by typing a bad password then the correct password and get logged in.  Also noticed if I used the user@FQDN it worked every time without problems.  We had 3 other LDAP users that had no problems using only their user name on any of the Brocades.  The 1 switch we could all login to was pointing at a 2008R2 DC where the “problem” switches were pointing to a 2003R2 DC.  Once I pointed the 2 switches to a 2008R2 DC this user can now login using only his user name.  Just wanted to share my findings since I spend about 4 hours today working on it.  Still not sure why only his ID was effected.


    #BrocadeFibreChannelNetworkingCommunity