Brocade Communications Systems 53-1001778-01 manual Access control

Page 34

3

Access control

 

 

 

 

 

TABLE 1

Login failure status messages

 

 

 

 

 

 

 

 

LoginAsUser Return Code

Status message in Proxies panel

Description

 

 

 

 

 

 

 

RT_NOT_SUPPORTED

Not supported

Access protocol is not supported.

 

 

 

 

 

 

 

RT_ALREADY_EXISTS

Duplicate Connection

Attempt to make an additional

 

 

 

 

 

connection to an already connected

 

 

 

 

 

switch, or an attempt to make a

 

 

 

 

 

connection to a switch in a fabric that is

 

 

 

 

 

already connected through another

 

 

 

 

 

switch.

 

 

 

 

 

 

 

RT_PWD_EXPIRED

Password Expired

Login failed due to password expired.

 

 

 

 

 

 

 

RT_ACCOUNT_LOCKOUT

Account Lockout

Login account is locked out.

 

 

 

 

 

 

 

RT_ACCOUNT_DISABLED

Account Disabled

Login account is disabled.

 

 

 

 

 

 

 

 

RT_TIMEOUT

 

Connection Timed Out

Connection timed out.

 

 

 

 

 

 

 

 

RT_FAILED

 

Connection Failed

 

 

 

 

 

 

 

 

 

RT_SUCCESS

 

Connected

Login successful.

 

 

 

 

 

 

 

RT_INVALID_PARAMETER

Invalid Connection Parameter

Some connection parameters are invalid.

 

 

 

 

 

 

 

RT_INSUFFICIENT_VF_

Insufficient VF Membership

Login failed due to insufficient VF (user

 

 

MEMBERSHIP

 

does not have admin/chassis access

 

 

 

 

 

across VF) membership.

 

 

 

 

 

 

 

RT_INSUFFICIENT_USER_ROLE

Insufficient User Role

Login failed due to insufficient user role.

 

 

 

 

 

 

 

RT_INVALID_PASSWORD

Invalid Password

Login failed due to invalid

 

 

 

 

 

username/password.

 

 

 

 

 

 

 

RT_NOT_ENOUGH_RPC_

Not Enough RPC Handles

Login failed due to insufficient number of

 

 

HANDLES

 

 

RPC handles (20 max).

 

 

 

 

 

 

Access control

An SMI client uses a two-level login: one login to the SMI-A and another login to the proxy switch to gain access to a fabric. The SMI-A has a limitation of one connection per fabric, so all SMI clients share the same connection to a fabric even if they have different Role-Based Access Control (RBAC) roles.

To enable SMI clients to have different RBAC roles, you can map each SMI client to a different switch user. With this mapping, SMI clients can have different RBAC roles, even though they share the same connection to the fabric.

For additional information about RBAC roles, see the Brocade SMI Agent Developer’s Guide. The Brocade SMI Agent Configuration Tool has two Access Control options:

User Mapping

Default User Mapping

The User Mapping option allows you to map specific SMI-A users to specific switch user names. The Default User Mapping option allows you to set up the mapping for all other SMI-A users. Using these two options, you can restrict access to specific SMI-A users. For example, in the User Mapping section you can specify a few SMI-A users who have admin-level access and give all the other SMI-A users user-level access in the Default User Mapping section.

18

Brocade SMI Agent User’s Guide

 

53-1001778-01

Page 33 Page 35
Image 34
Page 33 Page 35
Contents Brocade SMI Agent Brocade Communications Systems, Incorporated Title Publication number Summary of changes Date Brocade SMI Agent User’s Guide Contents Chapter Brocade SMI Agent Configuration Chapter Mutual Authentication for Clients and Indications Index This chapter How this document is organizedSupported hardware and software Document conventions What’s new in this documentText formatting Identifies command syntax examples Key termsBrocade resources Additional informationOther industry resources Getting technical help FT00X0054E9Brocade SMI Agent support Support@brocade.comDocument feedback Overview Common Information Model CIMBrocade SMI-S Initiative Brocade SMI AgentBrocade SMI Agent Brocade SMI Agent User’s Guide Brocade SMI Agent Starting the SMI-AStop the Brocade SMI Agent Starting the SMI-A as a serviceStopping the SMI-A Service Location Protocol SLP support Stopping the SMI-A as a serviceSlptool commands SLP on Linux, Solaris, and AIXStarting SLP on Linux, Solaris, and AIX Stopping SLP on Linux, Solaris, and AIXSLP on Windows Installing SLP on WindowsStarting SLP on Windows Disable Http for security reasons Connection monitoringEnable multi-homed support For exampleBrocade SMI Agent Configuration About the Brocade SMI Agent Configuration ToolApply Launch the Brocade SMI-A Configuration Tool Launching the Brocade SMI Agent Configuration Tool WindowsReloading provider.xml on fabric segmentation Proxy connectionsAdding proxy connections Login failure status information Removing proxy connectionsAccess control Access control Login failure status messagesMapping an SMI-A user to a switch user Setting up default SMI-A user mapping Limitations of SMI-A user-to-switch user mapping SMI Agent securityMutual authentication setup Configuring mutual authentication for clientsConfiguring mutual authentication for indications Configuring Http access Mutual authentication for indicationsHttp access Importing client certificatesExporting server certificates SMI Agent security Configuring user authentication User authentication Encoding proxy connection details Encode proxy detailsSMI Agent service configuration and removal Configuring or removing the SMI Agent as a serviceConfigure Http and Https ports Port configurationConfiguring the Http and Https ports Configure ARR and eventing ports Configuring the ARR and eventing portsFabric Manager database server configuration Configure ARR and eventing portsFirmware download software locations configuration Configuring software locations for firmware downloadFile Path Configuring debugging options for Cimom Debugging and logging options configurationDebugging options for Cimom Configure debugging options for Cimom Debugging options for the providerConfiguring debugging options for the provider Dynamic UpdateConfiguring logging options for provider Logging options for the providerConfigure logging options Log file examplesCapture provider cache information Capturing information from the provider cacheSupport information collection Collect support informationCollecting support information XML dumpRunning an XML dump Cimom server configuration Configuring the Cimom serverConfiguring log file options Uncomment the following linesMutual authentication for clients IntroductionEnabling mutual authentication for clients Mutual authentication for indicationsClient configuration to use client certificates Enabling mutual authentication for indicationsClient.ind.truststore Clientind.cer Java -classpath SMIAgent/agent/wbem.jar Troubleshooting XmlerrorXmlerror Frequently Asked Questions General questionsHow do I collect diagnostic data from the Brocade SMI Agent? Does the SMI Agent have support for Https communication? On Linux Type the following command Open source software used in SMI-A AppendixSun Industry Standards Source License Source Code LicenseDistribution Obligations Inability to Comply DUE to Statute or Regulation Termination IBM Common Public License Grant of Rights Commercial Distribution OpenSLP License Bouncy Castle GNU Library General Public LicensePublic Domain Sun Binary Code License AgreementBrocade SMI Agent User’s Guide Supplemental License Terms Brocade SMI Agent User’s Guide Brocade SMI Agent User’s Guide 53-1001778-01 Sun Binary Code License Agreement Index Brocade SMI Agent User’s Guide
Top Page Image Contents