3

Access control

 

 

 

 

 

TABLE 1

Login failure status messages

 

 

 

 

 

 

 

 

LoginAsUser Return Code

Status message in Proxies panel

Description

 

 

 

 

 

 

 

RT_NOT_SUPPORTED

Not supported

Access protocol is not supported.

 

 

 

 

 

 

 

RT_ALREADY_EXISTS

Duplicate Connection

Attempt to make an additional

 

 

 

 

 

connection to an already connected

 

 

 

 

 

switch, or an attempt to make a

 

 

 

 

 

connection to a switch in a fabric that is

 

 

 

 

 

already connected through another

 

 

 

 

 

switch.

 

 

 

 

 

 

 

RT_PWD_EXPIRED

Password Expired

Login failed due to password expired.

 

 

 

 

 

 

 

RT_ACCOUNT_LOCKOUT

Account Lockout

Login account is locked out.

 

 

 

 

 

 

 

RT_ACCOUNT_DISABLED

Account Disabled

Login account is disabled.

 

 

 

 

 

 

 

 

RT_TIMEOUT

 

Connection Timed Out

Connection timed out.

 

 

 

 

 

 

 

 

RT_FAILED

 

Connection Failed

 

 

 

 

 

 

 

 

 

RT_SUCCESS

 

Connected

Login successful.

 

 

 

 

 

 

 

RT_INVALID_PARAMETER

Invalid Connection Parameter

Some connection parameters are invalid.

 

 

 

 

 

 

 

RT_INSUFFICIENT_VF_

Insufficient VF Membership

Login failed due to insufficient VF (user

 

 

MEMBERSHIP

 

does not have admin/chassis access

 

 

 

 

 

across VF) membership.

 

 

 

 

 

 

 

RT_INSUFFICIENT_USER_ROLE

Insufficient User Role

Login failed due to insufficient user role.

 

 

 

 

 

 

 

RT_INVALID_PASSWORD

Invalid Password

Login failed due to invalid

 

 

 

 

 

username/password.

 

 

 

 

 

 

 

RT_NOT_ENOUGH_RPC_

Not Enough RPC Handles

Login failed due to insufficient number of

 

 

HANDLES

 

 

RPC handles (20 max).

 

 

 

 

 

 

Access control

An SMI client uses a two-level login: one login to the SMI-A and another login to the proxy switch to gain access to a fabric. The SMI-A has a limitation of one connection per fabric, so all SMI clients share the same connection to a fabric even if they have different Role-Based Access Control (RBAC) roles.

To enable SMI clients to have different RBAC roles, you can map each SMI client to a different switch user. With this mapping, SMI clients can have different RBAC roles, even though they share the same connection to the fabric.

For additional information about RBAC roles, see the Brocade SMI Agent Developer’s Guide. The Brocade SMI Agent Configuration Tool has two Access Control options:

User Mapping

Default User Mapping

The User Mapping option allows you to map specific SMI-A users to specific switch user names. The Default User Mapping option allows you to set up the mapping for all other SMI-A users. Using these two options, you can restrict access to specific SMI-A users. For example, in the User Mapping section you can specify a few SMI-A users who have admin-level access and give all the other SMI-A users user-level access in the Default User Mapping section.

18

Brocade SMI Agent User’s Guide

 

53-1001778-01

Page 33 Page 35
Page 34
Image 34
Brocade Communications Systems 53-1001778-01 manual Access control Login failure status messages
Page 33 Page 35
Top Page Image Contents