User's Manual

Virtual Connect users and roles 84

Role Management (Role Authentication Order) screen

Use this screen to specify the authentication services to be used during log in and to set the order in which

each authentication method is queried for each role. Role authentication order is followed for role-prefixed

logins only, such as "domain:user1". In the case of an authentication service-prefixed login, such as

"radius:user1", or a default login without a prefix, such as "user1", the login succeeds if credentials are

correct and the authentication service is enabled, regardless of what role authentication orders are defined.

TACACS and RADIUS checkboxes are disabled and cannot be selected when the domain is in FIPS mode

("Virtual Connect FIPS mode of operation" on page 314).

By default, VCM queries the authentication services for each role in the following order:

• Domain: local > ldap > radius > tacacs

• Network: tacacs > radius > local

• Server: ldap > local

• Storage: radius > local

If a method fails, the next method is tried, and so on.

For each role (Domain, Network, Server, and Storage):

1. Select the check boxes corresponding to the authentication services to query on user login.

2. Configure the order of the queries:

a. Click an authentication service to highlight it.

b. Click the up and down arrows to set the query order.

3. Click Apply.

Unselected authentication services are not queried, regardless of the order in which they appear.