Setting Up Dial Access Server

You must perform the following tasks to create and set up the necessary eDirectory objects in your NDS or eDirectory tree to support dial access services with Novell Novell BorderManager 3.7 Authentication Services:

• Creating and Setting Up Dial Access System Object
• Creating A Dial Access System Object
• Configuring a Dial Access System Object

Creating and Setting Up Dial Access System Object

You must create a Dial Access System object in your eDirectory tree to manage common configuration tasks for a collection of RADIUS servers working together. The information stored in this object consists of the following:

• Client configuration---Enables you to define IP addresses for network access servers and shared secrets among the RADIUS servers and the various network access servers.
• Domains---Enables you to configure other RADIUS servers to which you want to forward RADIUS requests.
• Authentication policy---Enables you to define the authentication policy for the Dial Access System object.
• Dial Access System object password---Enables you to restrict access to authorized users.
• Lookup contexts---Enables contexts to be searched when the common name portion of the username is received in an authentication request.
• Remote connection restrictions---Enables you to limit the number of connections that a remote user can have concurrently per network.

Typically, you need only one Dial Access System object in your eDirectory tree.

You can easily assign rights to an NDS or eDirectory object using NetWare Administrator. For example, you can assign Browse and Read rights from NetWare Administrator by dragging the Dial Access System object over an Organizational Unit object near the root of an eDirectory tree.

This section contains the following tasks:

• Creating A Dial Access System Object
• Configuring a Dial Access System Object
• Specifying A Dial Access System Password

Creating A Dial Access System Object

To create a Dial Access System object, complete the following steps:

1. In NetWare Administrator, select the Organizational Unit container object.

2. Click Object > Create > Dial Access System.

3. Enter the name of the Dial Access System object and click Create.

Refer to the NetWare Administrator online help for more detailed configuration instructions.

Configuring a Dial Access System Object

To configure a Dial Access System object, complete the following steps:

1. In NetWare Administrator, select the Dial Access System object.

2. Click Clients > Add to add a RADIUS client. Enter the following information:

   • IP address of the network access server
   • Client type
   • RADIUS secret

3. Click Authentication Policy > Add to configure an authentication policy. Specify the following information:

   • Policy type
   • Policy rules

4. Click Lookup Context > Add if you want to use common name login. Browse and select the name context, then click OK.

Refer to the NetWare Administrator online help for more detailed configuration instructions.

Specifying A Dial Access System Password

To specify a Dial Access System password, complete the following steps:

1. In NetWare Administrator, select the Dial Access System object.

2. Click Miscellaneous > Change Dial Access System Password.

3. Enter and reenter the new password > click OK.

Refer to the NetWare Administrator online help for more detailed configuration instructions.

Creating Dial Access Profile Objects

You must create at least one Dial Access Profile object in your eDirectory tree to define common services used by many dial-in users. The Dial Access Profile object contains a list of RADIUS dial access attributes that specify the configuration for creating a specific service.

You can set up as many profiles as you need to define different services. For example, you can create a Point-to-Point Protocol (PPP) profile that enables users to dial in and access the Internet. You can also create a Telnet profile that enables users to connect to a local host using a terminal or terminal emulator. You can specify dial access profiles in the User object that can override settings in the Dial Access Profile object.

Creating a Dial Access Profile Object

To create a Dial Access Profile object:

1. In NetWare Administrator, select the Organizational Unit container object.

2. Click Object > Create > Dial Access Profile.

3. Enter the name of the Dial Access Profile object > click Create.

4. Select the Dial Access Profile object you created > Attributes > Add and specify RADIUS attributes.

Refer to the NetWare Administrator online help for more detailed configuration instructions.

Creating and Setting Up User Objects

The User Dial Access Services page allows you to

• Enable a user for dial access services
• Select the appropriate Dial Access System object for a user
• Set a Dial Access System Password for a user (if you use separate passwords for dial-in users)
• Configure (or define) dial-in services for a user (such as enabling a user to select one or more Dial Access Profile objects and associate user-specific settings for each)
• Select a default dial access service if a user is configured for more than one
• Configure remote connection restrictions as well as view active connections and connection history
• Assign an authentication device

This section contains the following tasks:

• Enabling a User Object for Dial Access Service
• Disabling Dial Accesss Services for User Object
• Adding a User's Token Assignment
• Deleting a User's Token Assignment

Enabling a User Object for Dial Access Service

To enable a User object for dial access services:

1. In NetWare Administrator, select the User object.

2. Click Dial Access Services, specify a dial access control setting > click OK.

Refer to the NetWare Administrator online help for more detailed configuration instructions.

Disabling Dial Accesss Services for User Object

To disable a User object for dial access services:

1. In NetWare Administrator, select the User object.

2. Click Dial Access Services > Select Disable > click OK.

Refer to the NetWare Administrator online help for more detailed configuration instructions.

Adding a User's Token Assignment

To add an Authentication Device assignment:

1. In NetWare Administrator, select the User object.

2. Select Authentication Devices > Add.

3. Browse to the context containing the object to assign, select the object > click OK.

Refer to the NetWare Administrator online help for more detailed configuration instructions.

Deleting a User's Token Assignment

To delete an Authentication Device assignment:

1. In NetWare Administrator, select the User object.

2. Click Authentication Devices.

3. Select the device to delete, then click Delete > OK.

Refer to the NetWare Administrator online help for more detailed configuration instructions.