Configuring LDAP or AD users in Brocade SAN

Brocade SAN switches by default comes with four local user account( Figure 1).( root, factory,admin and user). Brocade SAN switches can be configured to authenticate with LDAP( Lightweight Directory Access Protocol) or windows Active directory services.

To enable Brocade Fabric OS to authenticate with LDAP, Management port should be configured with IP and DNS servers. DNS address can be added to management port by “dnsconfig” Command.

Configuring DNS

Login to the switch with admin user and execute dnsconfig
Admin> dnsconfig 
Enter option        

1 Display Domain Name Service (DNS) configuration
2 Set DNS configuration
3 Remove DNS configuration
4 Quit
Select an item: (1..4) [4] 2
Type 2 and strike enter

Enter the Domain Name and DNS IP address:-
Enter Domain Name: []                                              # Type your domain name and hit enter.
Enter Name Server IP address in dot/colon notation: []  # Type Primary DNS IP
Enter Name Server IP address in dot/colon notation: []  # Type Secondary DNS IP.
DNS parameters saved successfully.

To integrate brocade SAN switch with LDAP or windows active directory management network
should allowed to communicate with LDAP server on TCP port 389.

Create a security group in windows active directory

Login to the windows domain controller.Go to Start > Run and type "dsa.msc" .
( Alternatively start > Administrative tools > Active Directory Users and computers. )

Right click on the domain name> New > Group

Type the group name and click OK.

Add the the users to this AD group

Add the domain controllers or LDAP servers to switch

Use “aaaconfig” command to add the domain controllers :

Add Primary Domain Controller :-

“aaaconfig --add -conf ldap -d”

Add Secondary Domain Controller-

“aaaconfig --add -conf ldap -d

Make LADP as primary authentication  method

“aaaconfig --authspec "ldap;local"”

Map the LDAP group with Brocade admin role

"ldapcfg --maprole brocade_admin admin"
switch is ready for LDAP authendication. use user@domain format to login with the LDAP users.

Post a Comment