HP 8/40 Fabric OS Administrator's Guide v6.4.0 (53-1001763-01, June 2010) - Page 147
Configuring RADIUS server support with Windows 2000
View all HP 8/40 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 147 highlights
The authentication model using RADIUS and LDAP 5 Enabling clients Clients are the switches that will use the RADIUS server; each client must be defined. By default, all IP addresses are blocked. The Brocade 48000 director, Brocade DCX and DCX-4S enterprise-class platforms send their RADIUS requests using the IP address of the active CP. When adding clients, add both the active and standby CP IP addresses so that, in the event of a failover, users can still log in to the switch. 1. Open the $PREFIX/etc/raddb/client.config file in a text editor and add the switches that are to be configured as RADIUS clients. For example, to configure the switch at IP address 10.32.170.59 as a client: client 10.32.170.59 secret = Secret shortname = Testing Switch nastype = other In this example, shortname is an alias used to easily identify the client. Secret is the shared secret between the client and server. Make sure the shared secret matches that configured on the switch (see "Adding a RADIUS or LDAP server to the switch configuration" on page 114). 2. Save the file $PREFIX/etc/raddb/client.config then start the RADIUS server as follows: $PREFIX/sbin/radiusd Configuring RADIUS server support with Windows 2000 The instructions for setting up RADIUS on a Windows 2000 server are listed here for your convenience but are not guaranteed to be accurate for your network environment. Always check with your system administrator before proceeding with setup. NOTE All instructions involving Microsoft Windows 2000 can be obtained from www.microsoft.com or your Microsoft documentation. Confer with your system or network administrator prior to configuration for any special needs your network environment may have. Configuring RADIUS service on Windows 2000 consists of the following steps: 1. Installing internet authentication service (IAS) For more information and instructions on installing IAS, refer to the Microsoft Web site. 2. Enabling the Challenge Handshake Authentication Protocol (CHAP) If CHAP authentication is required, then Windows must be configured to store passwords with reversible encryption. Reverse password encryption is not the default behavior; it must be enabled. NOTE If a user is configured prior to enabling reverse password encryption, then the user's password is stored and cannot utilize CHAP. To use CHAP, the password must be re-entered after encryption is enabled. If the password is not re-entered, then CHAP authentication will not work and the user will be unable to authenticate from the switch. 3. Configuring a user Fabric OS Administrator's Guide 107 53-1001763-01