Novell Cool Solutions: Feature
By Marcus Williamson
Digg This -
Posted: 5 Jan 2002
Current version: BorderManager 3.6
Looking for a way to let your users maintain a single password for both onsite and offsite access? Here are some ideas.
PAP and CHAP
BMAS can be configured to use CHAP (Challenge Handshake Authentication Protocol) or PAP (Password Authentication Protocol) for encoding the password between the RAS device and the BMAS server. The encoding protocols supported by the RAS device (acting as the Radius client) may be PAP, CHAP or both. For information about the protocols supported, check the documentation for your RAD device.
If PAP is specified, the existing NDS user password will be used.
If CHAP is specified, a separate password ("Dial Access Password") must be used. This is because CHAP requires access to a clear-text version of the password, which is never available for the user's NDS password. The Dial Access Password must be set up for each user in NWAdmin. There is no Novell-provided solution for bulk management of the Dial Access Password.
This Novell documentation page provides more info on PAP and CHAP: http://www.novell.com/documentation/lg/bmee36/index.html?nbplnenu/data/h9c5bkxr.html
There's a tool we created at Connectotel Ltd that you might want to take a look at. RADIMP will allow bulk management of RADIUS users and the Dial Access Password. You can read about it in this paper.
About the Author
Marcus of Connectotel Ltd is a member of our BorderManager Cool Solutions Advisory Board. You can see his handiwork at http://www.connectotel.com/.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com