Download and install the following:
Install FreeRADIUS on SLES 11. For installation instructions, refer to Section 2.0, Installing FreeRADIUS.
Install Novell eDirectory 8.8 or later: For installation instructions, refer to the NetIQ eDirectory 8.8 Installation Guide.
After installing eDirectory, you need to use iManager to configure it. Refer to Configuring eDirectory for more information.
You also need to extract the self-signed certificate of the certificate authority (CA). For more information, refer to Extracting the Self-Signed Certificate of the Certificate Authority.
Install Novell iManager 2.7.x or later: For installation instructions, refer to the iManager 2.7 Installation Guide.
Install the Radius iManager plug-in. You can download the plug-in from the NetIQ Download site.
Ensure that you meet the security considerations as discussed in Section 8.0, Security Considerations.
The following prerequisite tasks explain how to configure eDirectory so that you can log in to the system as a system administrator.
You need to use iManager to perform the following configuration tasks for eDirectory:
Ensure that you enable Universal Password for the users in eDirectory. After enabling, you need to set the Universal Password either manually or by logging in.
For more information, refer to Deploying Universal Password in the Password Management 3.3.x Guide.
An Administrator object is a User object.
For information on creating a RADIUS Administrator object in eDirectory, refer to the Managing User Accounts section in the NetIQ eDirectory Administration Guide.
You need to provide the DN of the RADIUS Administrator object while modifying the attributes in the LDAP module.
Grant the RADIUS administrator the write right for the ACL attribute of the user object whose Universal Password needs to be read. This gives the RADIUS administrator administrative rights to that user object.
The eDirectory administrator can also be the RADIUS administrator. For more information on eDirectory rights, refer to the NetIQ eDirectory Administration Guide.
By default, the administrator does not have the right to read the Universal Password. The eDirectory administrator needs to modify the password policy to enable the RADIUS Administrator to read The Universal Password.
Use the following procedure to grant rights to the RADIUS administrator in order to retrieve the Universal Password:
In iManager, click thebutton .
Clickand select the password policy being used.
Select Universal Password Retrieval section.from the
Click, then click .
Extract the self-signed certificate of the certificate authority in Base 64 format. For information on extracting the certificate, refer to the NetIQ Certificate Server Administration Guide.
You need to provide the extracted path and the certificate filename while modifying the attributes in the LDAP module of the radiusd.conf configuration file.
Specifies the full path of a certificate file in the UNIX file system.
NOTE:The RADIUS server administrator must ensure that the (UNIX) user with RADIUS server rights also has rights to read the certificate files.