Download and install the following:
After installing eDirectory, you need to configure it using iManager. Refer to Configuring eDirectory for more information.
You also need to extract the self-signed certificate of the Certificate Authority (CA). For more information, refer to Extracting the Self-Signed Certificate of the Certificate Authority.
For installing iManager 2.5, refer to the Novell iManager 2.5 Administration Guide.
You need to download the RADIUS iManager plug-in from the Novell Forge site.
Security considerations:
The following prerequisite tasks explain how to configure eDirectory so that you can log in to the system as a system administrator.
You need to configure the following in eDirectory using iManager:
Ensure that you enable universal password for the users in eDirectory. After enabling, you need to set the universal password either manually or by logging in. For more information, refer to the Novell Modular Authentication Services 2.3.x Administration Guide .
An Administrator object is a User object.
For information on creating an RADIUS Administrator object in eDirectory, refer to the Creating an Object section in the Novell eDirectory Administration Guide.
You need to mention the FDN of the RADIUS Administrator object while modifying the attributes in the LDAP module.
Grant the RADIUS administrator the write right over the ACL attribute of the user object whose universal password has to be read. By granting this right, the RADIUS administrator will gain the administrative rights over that user object.
The eDirectory administrator can also be the RADIUS administrator. For more information on eDirectory rights, refer to the Novell eDirectory Administration Guide.
By default, the administrator does not have the right to read universal password. eDirectory administrator will modify the password policy to enable the RADIUS Administrator to read universal password.
There are two possible scenarios of granting rights to the RADIUS administrator to retrieve password:
If the Password Management 2.0.2 for Novell eDirectory for iManager 2.x plug-in is installed, complete the following steps:
If Password Management 2.0.2 for Novell eDirectory for iManager 2.x plug-in is not installed, complete the following steps:
In iManager, click the Roles and Tasks button .
Click eDirectory Administration > Modify Object.
Select General tab.
IMPORTANT: If Password Management 2.0.2 for Novell eDirectory for iManager 2.x plug-in is not installed, download the Password Management 2.0.2 for Novell eDirectory for iManager 2.x from the Novell Download site and follow the Scenario 1 procedure.
You need to extract the self-signed certificate of the Certificate Authority in base 64 format. For information on extracting the certificate, refer to the Novell Certificate Server 2.7.x Administration Guide.
You need to mention the extracted path and the certificate filename while modifying the attributes in the LDAP module of the radiusd.conf configuration file. The two configuration parameters are:
Parameter | Description |
---|---|
tls_cacertfile |
Specifies the full path of a certificate file in the UNIX file system. |
tls_cacertdir |
Specifies the full path of a directory containing certificates. |
NOTE: If either of the parameter is specified, then the RADIUS server administrator has to make sure that the (UNIX) user having RADIUS server rights also has right to read the certificate files.