Token-based iChain Installation



By: coolguys

August 9, 2006 12:00 am

Reads: 145

Comments:0

Rating:0

Problem

A Forum reader recently asked the following question:

“I’m trying to use a token with iChain, for which I need to install a RADIUS module on my NetWare 6.5 SP5 server. The docs indicate that this is part of NMAS, but the NMAS installation does not offer it as an option!”

And here’s a suggestion from Wayne Doust …

Solution

I’ve recently completed a token-based installation of iChain. You MUST upgrade to eDirectory 8.7.3.8 and apply ssp201.tgz to the server you want to authenticate to with RADIUS.

RADIUS comes on the iChain authentication server CD under the NMAS directory. It’s buried in there somewhere … You will also need to install the snapins for ConsoleOne.

A trap that I got caught in was trying to apply the RADIUS attribute details for the RADIUS Profile at the container level. If you do this, RADIUS will not work. Simply leave the RADIUS Profile at [DEFAULT]. Do not specify the FDN at the container level; do it in the Profile only.

You will need to get NTRADPING to test and debug Radius – it is invaluable. I spent many late nights debugging my setup, and without this tool it would have been impossible. To download this tool, see:
http://www.novell.com/coolsolutions/tools/14377.html

To debug radius, after it has succesfully loaded type:

RADIUS DEBUG ON
RADIUS DEBUGLOG ON
RADIUS REFRESHCACHE
VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Tags: ,
Categories: Uncategorized

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Comment