7.3 Configuring Novell RADIUS Components

After NMAS, Novell RADIUS, and the token login method have been installed, you must configure Novell RADIUS on your NMAS server.

Perform the following procedures in order:

7.3.1 Creating a Dial Access System (DAS) Object

  1. Start ConsoleOne.

  2. Right-click an Organizational Unit container object, click New, click Object, then click RADIUS:Dial Access System.

  3. Specify the object name.

  4. Click OK.

  5. Specify the password.

  6. Click OK.

7.3.2 Configuring the Login Policy Rules

  1. Start ConsoleOne.

  2. From the Security Container, double-click the Login Policy object.

  3. Click the Rules tab (if it isn't already open).

  4. Click the plus sign (+) to add a login rule.

  5. Click the browse button at the end of the Service Object field, then select the DAS object.

  6. On the User list tab, click +, then select the user or container that you want the rule to apply to.

  7. On the Sequences tab, click +, select the token method, then select Mandatory.

  8. Click OK until you return to ConsoleOne.

7.3.3 Adding the iChain Proxy Server As a Client of the DAS Object

  1. Start ConsoleOne.

  2. Double-click the DAS object.

  3. On the Clients page, click Add.

  4. For Address, type the IP address of your iChain proxy server.

  5. For Vendor Type, use the drop-down list to select Novell.

  6. Type and confirm a secret for this client.

  7. Click OK.

  8. On the User Resolution page, click the Use Lookup Contexts List to Resolve User Name option if the users are not in the same context as the DAS object.

  9. Click Add.

  10. Browse and select the container where the User objects reside.

  11. In the Object Name field, type a name for the object.

  12. Click OK, then click OK again.

7.3.4 Creating a RADIUS Dial Access Profile (DAP) Object

  1. Start ConsoleOne.

  2. Right-click an Organizational Unit container object, click New, click Object, then click RADIUS:Profile.

  3. Click OK.

  4. Specify the object name.

  5. Click OK.

7.3.5 Adding an Attribute to the RADIUS DAP Object

  1. Start ConsoleOne.

  2. Double-click the DAP object.

  3. On the Attributes page, click Add.

  4. Select the Novell eDirectory Name attribute.

  5. Select the check box next to Novell eDirectory attribute.

  6. Select FDN (Fully Distinguished Name).

    IMPORTANT:It is critical that you select FDN so that name resolution works properly. Otherwise, the users who use this profile will get a 403 User Name Mismatch error when they try to access Web pages.

  7. Click OK twice.

7.3.6 Assigning the Token Method to Each User Object

  1. Start ConsoleOne.

  2. Double-click a User object.

  3. Click the Login Methods tab, then select the Token method you previously installed.

  4. Follow the partner’s instructions for enabling this method.

7.3.7 Assigning the DAS Object to Each User Object

  1. Start ConsoleOne.

  2. Double-click a User object.

  3. Click the Dial Access Services tab.

  4. Select a Dial Access Control.

  5. Browse and select the DAS object you want to assign to this user.

  6. Click Add.

  7. Browse and select the DAP object.

  8. Click OK twice.

7.3.8 Starting Novell RADIUS Services on Your NMAS Server

From the NMAS server console, type RADIUS to start the RADIUS services.