How to configure BMAS 3.5 and 3.6.

Novell Cool Solutions: Feature

Digg This - Slashdot This

Posted: 27 Sep 2002

Versions: BorderManager 3.5 and 3.6

Before you Start

Ensure that NWADMN32 has been launched at least once.
The BorderManager snapins will need to be installed and are located in SYS:PUBLIC\BRDRMGR\SNAPINS\SETUP.EXE.
In order to perform the initial configurations, ensure that you are logged in as ADMIN and not an ADMIN Equivalent.

Launch NWADMN32 from the drive mapping that was specified during the BorderManager snapins install.

Dial Access System
        Create - Dial Access System (DAS)  | Enter a Dial Access 
		System Name 
		| Check Define Additional properties | Create
        Clients Tab | Add | Enter Client Address of Access Server 
		| Select Client Type according to Access Server 
		| Enter Shared Secret
        Username Resolution Tab | Either select Use NDS find to 
		resolve usernames or Use lookup contexts list to 
		resolve usernames
        Miscellaneous Tab | Change Dial Access System Password - 
		This password will be used to load radius 
		from the server console

Dial Access Profile
        Create - Dial Access Profile (DAP) | Enter a Dial Access 
		Service Profile Name 
		| Check Define Additional properties | Create
        Attributes Tab | Enter the attributes specified by the 
		manufacturer 
		for the Access Server
                ie. Framed-Protocol   PPP
                    Service-Type   Framed

NOTE - Before proceeding with ActivCard and the Login Policy Object please note this. If you are only using NDS authentication, you do not need to proceed any further. The Login Policy Object only needs to be implemented when you have more than one form of authentication.

ActivCard Container
        Object | Create | ActivCard Container | Enter a name or 
		accept the default name 
		| Check Define additional properties | OK
        Highlight ActivCard Container | Details
        Import Device Images | Import Device Images 

Configuring Tokens
        Highlight a Token | Details 
        Assignment Tab | Associate this token with a user
        Password Tests - Test to ensure token is synchronized
        Unlock Code - Test to ensure token is synchronized
        *Consult the ActivCard documentation for further information

Login Policy Object 
        View | Go Up a Level | Select Root and press OK
        Highlight the Security Container | Create | Login 
		Policy (LPO)
        Rules | Add  | Select the Object Name Radio Button 
		and browse to 
		the Dial Access System Object | OK
        Methods Tab | Add  - This rule will allow the use of 
		NDS passwords
        Method Enforcement | Choose either mandatory or 
		Acceptable | OK
        User List | Add - Either choose a user, users, 
		container or group
  
      * If ActivCard is to be used, the following changes 
	  will need to be made:
        Methods Tab | Add | Object Name | Browse to the 
		ActivCard Container | OK
        Method Enforcement | Choose either mandatory, Required 
		if assigned or Acceptable
        Order the rules by highlighting a rule and use UP or Down

Loading Radius
        From the server console issue the following: 
		LOAD RADIUS NAME=(DAS Name) PASSWORD=(DAS Password)

NOTE - The following command will need to be issued before any changes are made to the LPO. From the server console issue the following: RADSTOP

For more info see TID 10017913

Like what you see?
Sign up for our weekly newsletter.