11-30-2009 09:17 PM
I am trying to configure our switches to use Active Directory.
I have done the following:
Login as admin
ad --select 255
aaaConfig --add "ADServer" -conf ldap -d "ADDomain"
aaaConfig --authspec "ldap;local'
ldapcfg --maprole SANAdmin.gs admin
aaaConfig --show seems to show set up correctly, as does ldapcfg --show.
When I login as a user in the SANAdmin.gs group I just get Login incorrect error.
Is there a log on the switch that will show if it is actually getting anything back from the Active Directory server? I have tried looking in the Event Log on the server but there are thousands of entries a minute and it is almost impossible to sift through.
Any help you can give would be hugely appreciated!
11-30-2009 09:28 PM
--->>>I am trying to configure our switches to use Active Directory.
You are a little confused.
the command "ad --operands" , is a Admin Domain command, and not intended to configure Active Directory.
Do you want to configure out Admin Domain or Active Directory ?
11-30-2009 09:33 PM
I am trying to configure the switches to talk to Active Directory.
The ad --select 255 was just to log in to that domain so I could run the ldapcfg command.
The others are authentication commands I thought.
In the options where I mention ADDomain I am reffering to my Active Directory domain.
11-30-2009 09:37 PM
"ad --commands" are Admin Domain command
is the switch as Admin Domain configured ? ie. AD1 or AD2 and so on... ?
do you want to add a User specific created / configured AD = Admin Domain into Active Directory ?
11-30-2009 09:43 PM
I don't have Admin Domains configured, just the default AD0 and AD255.
I am just trying to get the switch to authenticate with Active Directory, I don't want to do anything with Admin Domains.
I have a user already created in Active Directory, it is in a Global Security group called SanAdmins.gs, which I ahve mapped to the admin role.
Is there a log somewhere on the switch that will show me detailed login errors?
11-30-2009 09:57 PM
--->>>I don't have Admin Domains configured,
--->>>I don't want to do anything with Admin Domains.
then just forgot the ad --command you post here as the threads was opened. OK ?
"ad" command's are not a part from Active Directory config!
In order to configure Active Directory, you must use the command "aaaconfig" and "ldapconfig"
here are diverse threads, that can you help to begin to config Active Directory integration.
as first, you must make sure, you ( Server Side ) Active Directory is correct configure and accepted login ie. from other Device, PC, server, etc...
details and Operands about the command are listed in the Command Reference Manuals and Fabric OS Administrator Guide.
11-30-2009 10:06 PM
Thank you for the links, unfortunatley I they do not help. I have read those already.
I just want to know if there is a log somewhere on the local switch that shows detailed login errors.
From what I undertand the ad --select 255 command has to be run to put me in to Admin Domain 255 before I can run the ldapconfig commmand. That is why it is listed here.
The other commands are all aaaConfig and ldapconfg commands. There are no other ad --opreands commands anywhere.
Active Directory is fully configured and servers\pc's all communicate with it. However I am unable to logon with any credentials from the Active Directory.
If there is loggind on the switch which may point me in the right direction can someone please let me know where it is?
11-30-2009 10:28 PM
--->>> From what I undertand the ad --select 255 command has to be run to put me in to Admin Domain 255 before I can run the ldapconfig commmand. That is why it is listed here.
They have misunderstood.
See please in the Fabric OS Admin Guide, is attached here as PDF
Chapter 5, The authentication model using RADIUS and LDAP
I have configured LDAP as several time, this is easy and very simple.
I will provide to create a LDAP How-To guide Contribution in the next day and post here.
12-01-2009 09:34 PM
Cheers for the doco, thats the one I followed originally, unfortunatley its still not working.
If you have a How To guide that would be great.
Do you knwo if there is a security log on the switch that will tell me any errors coming from the login. I want to know for sure if the switch is actually talking to AD or if it fails to even get there.
12-01-2009 09:43 PM
--->>>If you have a How To guide that would be great.
A official How-To Guide to implement LDAP / Active Directory is not available from Brocade, but Brocade offer a Course SEC-112 which contain
Restricting Administrative Access with User Authentication Controls with the RADIUS Protocol
Restricting Administrative Access with User Authentication Controls and the LDAP Protocol
As i said in my preview post yesterday, i will provide to Create a Contribution in teh next day.