HP A7533A HP StorageWorks Fabric OS 6.x administrator guide (5697-0015, May 20 - Page 75

6. In the Add Remote Access Policy window, enter an easily identifiable Policy friendly name that will enable you to see the switch login for which the policy is being created; then click Next. 7. After the Add Remote Access Policy window refreshes, click Add. 8. In the Select Attribute window, select Windows Groups and click Add. 9. In the Groups window, click Add. 10. In the Select Groups window, select the user-defined group for which you are creating a policy and click Add. After adding all appropriate groups, click OK. In the Groups window, click OK. 11. In the Add Remote Access Policy window, confirm that the Conditions section displays the group(s) that you selected and click Next. 12. After the Add Remote Access Policy window refreshes, select the Grant remote access permission radio button and click Next. 13. After the Add Remote Access Policy window refreshes again, click Edit Profile. 14. In the Edit Dial-in Profile window, click the Authentication tab and check only the Encrypted Authentication (CHAP) and Unencrypted Authentication (PAP, SPAP) checkboxes; then click the Advanced tab and click Add. 15. In the Add Attributes window, select Vendor-Specific and click Add. 16. In the Multivalued Attribute Information window, click Add. 17. In the Vendor-Specific Attribute Information window, click the Enter Vendor Code radio button and enter the value 1588. Click the Yes. It conforms radio button, and then click Configure Attribute.... 18. In the Configure VSA (RFC compliant) window, enter the following values and click OK. Vendor-assigned attribute number-Enter the value 1. Attribute format-Enter String. Attribute value-Enter the login role (Root, Admin, SwitchAdmin, User, etc.) the user group must use to log in to the switch. 19. In the Multivalued Attribute Information window, click OK. 20.In the Edit Dial-in Profile window, remove all additional parameters (except the one you just added, "Vendor-Specific") and click OK. 21. In the Add Remote Access Policy window, click Finish. After returning to the Internet Authentication Service window, repeat step 5 through step 21 to add additional policies for all login types for which you want to use the RADIUS server. After this is done, you can configure the switch. LDAP configuration and Microsoft's Active Directory LDAP provides user authentication and authorization using Microsoft's Active Directory service in conjunction with LDAP on the switch. The following are restrictions when using LDAP: • In Fabric OS 6.x there will be no password change through Active Directory. • There is no automatic migration of newly created users from local switch database to Active Directory. This is a manual process explained later. • LDAP authentication is used on the local switch only and not for the entire fabric. Roles for users can be added through the Microsoft Management Console. Groups created in Active Directory must correspond directly to the RBAC user roles on the switch. Role assignments can be achieved by including the user in the respective group. A user can be assigned to multiple groups like Switch Admin and Security Admin. For more information on RBAC roles, see "Using Role-Based Access Control (RBAC)" on page 56. NOTE: All instructions involving Microsoft's Active Directory can be obtained from www.microsoft.com. Confer with your network administrator prior to configuration for any special needs your network environment may have. Fabric OS 6.x administrator guide 75