Dear everybody-<div><br></div><div>We just got these shiny new Brodade VDX units in our lab and they're running Network OS v2.0.1a with a very stripped down CLI. Apparently this platform used to be a SAN switch.<div><br>
</div><div>I have basic authentication working via PAP, but that's only half the battle:</div><div><br></div><div><div>aaa authentication login tacacs+</div><div>tacacs-server host HOST1 protocol pap key KEY timeout 1</div>
<div>tacacs-server host HOST2 protocol pap key KEY timeout 1</div></div><div><br></div><div>And on the server:</div><div><br></div><div><div>group = admin {</div><div> default service = permit</div><div> service = exec {</div>
<div> priv-lvl = 15</div><div> } </div><div>}</div></div><div><div>user = jathan {</div><div> login = des [redacted]</div><div> pap = des [redacted]</div><div> member = 181</div></div><div>}</div>
<div><br></div><div>The system uses a role model similar to that in JUNOS that designates what users can do. Commands are assigned to roles, and roles are assigned to users. </div><div><br></div><div><div>I know that if I want to give a user superuser (read-write) I can assign them to the "admin" role (one of the 2 built-ins), The other built-in is "user", which is read-only. If a TACACS user doesn't receive a role from the server, it defaults to "user":</div>
<div><br></div><div>% telnet myswitch</div><div>myswitch login: jathan</div><div>Password: </div><div>User's role is unavailable, using default.</div><div>Welcome to the Brocade Network Operating System Software</div>
<div>jathan connected from 127.0.0.1 using console on myswitch</div><div>myswitch#</div></div><div><br></div><div>The documentation indicates the device is expecting the server to send an a/v pair that specifies the authenticated user's role. I assume the value would be "admin" in this case. The problem is that nowhere in the documentation so far have I seen what attribute the device is expecting. There may also be a unique service type (again similar to JUNOS' "junos-exec") that is being expected.</div>
<div><br></div><div>So... After all that background, anyone had experience with this platform and gotten it working successfully w/ tac_plus?</div><div><br></div><div>Thanks in advance!</div><div><div><br></div>-- <br>Jathan.<br>
--<br>
</div></div>