Hi francisco82,
I see that you are trying to login as active directory user on switch with Virtual Fabric enabled and while login to one of the VF, you are getting an error VF Permission for fid is denied.
This happens when the admin privilege was not granted to the admin accounts on the VF level on the Active Directory server. That was why those accounts did not have the admin privilege when logged in into the Virtual Fabric.
To resolve this issue you will need to grant the admin privilege to the user accounts at the VF level. Add the userтАЩs Administrative Domains or Virtual Fabrics to the CN_list by either editing the adminDescription value or adding the "brcdAdVfData" attribute to the existing Active Directory schema. This action maps the Admin Domains or Virtual Fabrics to the user name. Multiple Admin Domains can be added as a string value separated by the underscore character ( _ ). Virtual Fabrics are added as a string value separate by a comma ( , ) and entered as a range.
Adding an Admin Domain or Virtual Fabric list:
1. From the Windows Start menu, select Programs > Administrative Tools > ADSI.msc.
ADSI is a Microsoft Windows Resource Utility. This utility must be installed to proceed with the rest of the setup. For Windows 2003, this utility comes with Service Pack 1 or you can download this utility from the Microsoft website.
2. Go to CN=Users.
3. Select Properties. Click the Attribute Editor tab.
4. Double-click the adminDescription attribute.
The String Attribute Editor dialog box displays.
NOTE: The attribute can be added to user objects only.
5. Perform the appropriate action based on whether you are using Admin Domains or Virtual Fabrics:
тАв If you are using Admin Domains, enter the values of the Admin Domains separated by an underscore ( _ ) into the Value field.
Example for adding Admin Domains:
adlist_0_10_200_endAd
Home Admin Domain (homeAD) for the user will be the first value in the adlist (Admin Domainlist). If a user has no values assigned in the adlist attribute, then the homeAD "0" will be the default administrative domain for the user.
тАв If you are using Virtual Fabrics, enter the values of the logical fabrics separated by a semi-colon( ; ) into the Value field.
Example for adding Virtual Fabrics:
HomeLF=10;LFRoleList=admin:128,10;ChassisRole=admin
In this example, the logical switch that would be logged in to by default is 10. If 10 is not available,then the lowest FID available will be chosen. You would have permission to enter logical switch 128 and 10 in an admin role and you would also have the chassis role permission of admin.
Adding attributes to the Active Directory schema
To create a group in Active Directory, refer to www.microsoft.com or Microsoft documentation. You must:
тАв Add a new attribute brcdAdVfData as Unicode String.
тАв Add brcdAdVfData to the personтАЩs properties.
The attributes for configuring account privilege at the VF level on the AD server can be found in the Fabric OS Administrators Guide. Please refer to appropriate FOS Admin guide according to the FOS version on the switch.
I am a HPE employee.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
