Brocade Fibre Channel Networking Community

Expand all | Collapse all

LDAP user permissions

  • 1.  LDAP user permissions

    Posted 03-02-2020 01:01 PM
    Hi group,

    I am using LDAP (Windows Authentication) for access to my switches.  Some of my switches are working fine. Some do not have chassis command access even though the LDAP Role is assigned to the admin Switch Role.  The switches are running FOS v8.0.2c.  I am not sure if having a FID specified has anything to do with this.  On the switches where it works the prompt show switchname:LDAPusername.  The ones that do not work show switchname:FID128:LDAPusername.  Can anyone help me correct this?

    Thank you,
    Ron

    ------------------------------
    Sr. Storage Engineer, SAN SME
    Walgreens
    ------------------------------


  • 2.  RE: LDAP user permissions

    Posted 03-03-2020 04:49 AM
    Hi Ron,

    Maybe some obvious questions:
    - The working switches have VF enabled?
    - On the Windows LDAP configuration, (taken from the admin guide 8.2.1 page 177)
    "
    Associate the user to the group by adding the user to the group.
    5. Add the user's Virtual Fabrics to the CN_list by either editing the adminDescription value or adding the brcdAdVfData attribute to the existing Active Directory schema.
    This action maps the Virtual Fabrics to the user name. Virtual Fabrics are added as a string value separate by a comma ( , ) and entered as a range.
    "
    Is this done as well?

    Regards,
    Ed


  • 3.  RE: LDAP user permissions

    Posted 03-04-2020 04:31 AM
    Hello Ron,

    from what you posted it looks like the AD authentication is not functioning on the switches with Virtual Fabrics enabled.
    If you are not using VF the feature can be disabled or
    you can take a look at the technical brief:
    https://community.broadcom.com/HigherLogic/System/DownloadDocumentFile.ashx?DocumentFileKey=8718a10e-9bc5-4c41-8669-0b188ebb68b4
    for solving the issue (if it is what it looks like).

    ------------------------------
    Backup and storage administrator
    YAVORNET SPLTD
    ------------------------------