07-21-2015 04:30 PM
My SAN Switches are currently running FOS 7.1.1b with local and AD/LDAP authentication configured. We were able to authenticate via AD previously but recently when we tried to login using AD from putty. we are getting this below message from putty log
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2015.07.21 19:25:20 =~=~=~=~=~=~=~=~=~=~=~=
login as: ctsik358
Your password has expired. Please change your password now.
RADIUS authentication is turned on.
Please specify a switch local account name with passwd command.
After the above message putty session will close automatically
But we are able to login via GUI using the same password and we are facing this issue only when we try to login via cli, can someone help me understand what would be the issue
Solved! Go to Solution.
08-19-2015 04:40 PM
Finally the issue was attributed to expired password for admin account in switch..All remote authentications will rely on admin account in switch. So please make sure admin password is not expired for an successful remote authentication
06-22-2017 10:43 AM
Are there any Brocade personnel that can make this a feature request? I'm not sure why the 'admin' account is tied to external LDAP authentication for CLI logins, but in our organization the local admin account is subject to password policies and that includes expiring after X days.
06-30-2017 12:29 AM
I see that a case was opened around the same query the 22nd and a process was started, so this is beeing handled. Could not find a RFE (request for enhancement) or similiar, yet.
Note: If we use "ldapcfg --maprole Xrole admin" to map Xrole to admin, if the admin is disabled or password is expired, you will be denied access. Since we have specified mapping the Xrole (from LDAP/AD) to admin user and not admin role on the switch.