Brocade and Active Directory integration

Автор: | 20 января, 2020

If you have only local user(s) to do things in FOS, but want to do AD integration. Here`s a simple examle.

From the AD DC side:
1. Create user and group in your domain controller and put the required user(s) in this group.
2. You need to add Microsoft Active Directory Certificate Services (AD CS) if you doesn`t have it. I put a simple steps:
Server ManagerManage Add Roles and FeaturesInstallation Type (Role-based or feature-based installation) — Select your server (windc.local.lab in my case) — in Server Role choose Active Directory Certificate ServicesCertification Authority and wait till the end of installation.
3. Now you need to configure AD CS. I put a simple steps:
Credentials Role Services (Certification Authority) — Setup Type (Enterprise CA) — CA type (Root CA) — Private key (Create a new private key) — Cryptography (keep it default or choose that you need) — CA Name (keep it default or specify depending your configaration) — Valid period (keep it default or specify that you need) — Confirmation. Reboot may required.
4. To test SSL connectivity — run ldp.exe and initiate connection to domain controller. When the connection has been established go to Options > TLS and select Start TLS. If LDAP is able to connect via TLS you receive: ldap_start_tls_s(ld, &retValue, result, SvrCtrls, ClntCtrls) result <0>

From the Brocade switch side (commands are bold):
1. aaaconfig —add 10.4. (or windc) -conf ldap -d local.lab //Configure LDAP Server and Domain
2. aaaconfig —show
3. aaaconfig —authspec «ldap;local» //Activate LDAP authentication as primary and switch database as secondary service
4. aaaconfig —show //Verifying
5. ldapcfg —maprole bradmin admin //Map LDAP group to switch role
6. Logout from current session and try to login with domain user(s)
7. To check user configuration run userconfig —show command

Original from Broadcom

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *