- Community Home
- >
- Storage
- >
- Storage Networking
- >
- HPE Storage Networking - Switches
- >
- permission user and VF
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-25-2019 05:31 AM
06-25-2019 05:31 AM
permission user and VF
hi comunity, i loggin in the SW SAN whith the Active Directory User.. but when i try to change the VF the SW show my the fallowing messeg:
FID128:User_Prueba> setcontext 3
VF Permission for fid 3 is denied
is necesary add any permission in the SW SAN to this user?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-26-2019 03:36 AM
06-26-2019 03:36 AM
Re: permission user and VF
Hi francisco82,
I see that you are trying to login as active directory user on switch with Virtual Fabric enabled and while login to one of the VF, you are getting an error VF Permission for fid is denied.
This happens when the admin privilege was not granted to the admin accounts on the VF level on the Active Directory server. That was why those accounts did not have the admin privilege when logged in into the Virtual Fabric.
To resolve this issue you will need to grant the admin privilege to the user accounts at the VF level. Add the user’s Administrative Domains or Virtual Fabrics to the CN_list by either editing the adminDescription value or adding the "brcdAdVfData" attribute to the existing Active Directory schema. This action maps the Admin Domains or Virtual Fabrics to the user name. Multiple Admin Domains can be added as a string value separated by the underscore character ( _ ). Virtual Fabrics are added as a string value separate by a comma ( , ) and entered as a range.
Adding an Admin Domain or Virtual Fabric list:
1. From the Windows Start menu, select Programs > Administrative Tools > ADSI.msc.
ADSI is a Microsoft Windows Resource Utility. This utility must be installed to proceed with the rest of the setup. For Windows 2003, this utility comes with Service Pack 1 or you can download this utility from the Microsoft website.
2. Go to CN=Users.
3. Select Properties. Click the Attribute Editor tab.
4. Double-click the adminDescription attribute.
The String Attribute Editor dialog box displays.
NOTE: The attribute can be added to user objects only.
5. Perform the appropriate action based on whether you are using Admin Domains or Virtual Fabrics:
• If you are using Admin Domains, enter the values of the Admin Domains separated by an underscore ( _ ) into the Value field.
Example for adding Admin Domains:
adlist_0_10_200_endAd
Home Admin Domain (homeAD) for the user will be the first value in the adlist (Admin Domainlist). If a user has no values assigned in the adlist attribute, then the homeAD "0" will be the default administrative domain for the user.
• If you are using Virtual Fabrics, enter the values of the logical fabrics separated by a semi-colon( ; ) into the Value field.
Example for adding Virtual Fabrics:
HomeLF=10;LFRoleList=admin:128,10;ChassisRole=admin
In this example, the logical switch that would be logged in to by default is 10. If 10 is not available,then the lowest FID available will be chosen. You would have permission to enter logical switch 128 and 10 in an admin role and you would also have the chassis role permission of admin.
Adding attributes to the Active Directory schema
To create a group in Active Directory, refer to www.microsoft.com or Microsoft documentation. You must:
• Add a new attribute brcdAdVfData as Unicode String.
• Add brcdAdVfData to the person’s properties.
The attributes for configuring account privilege at the VF level on the AD server can be found in the Fabric OS Administrators Guide. Please refer to appropriate FOS Admin guide according to the FOS version on the switch.
I am a HPE employee.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-26-2019 05:01 AM
06-26-2019 05:01 AM
Re: permission user and VF
hi thank very much for yo comment .. let me apply this steps and i comnet you letter the result
thank