Setting Up Login Policies

All users logging in to services through Novell BorderManager 3.7 must be authenticated. The type of authentication required for a user to log in and access network services through Novell BorderManager 3.7 is stored in NDS or eDirectory in a Login Policy object. Because of this, you must set up a generic login policy to enable users to access Novell BorderManager 3.7 services. Until a policy is set up, no user access will be allowed. There can be only one Login Policy object in an NDS or eDirectory tree. This object holds the login policies for all Novell BorderManager 3.7 servers and services in the tree.

NOTE:  The policies stored in the Login Policy object apply only to Novell BorderManager 3.7 services. Previous versions of Novell BorderManager 3.7 use hardcoded default policies.To manage login polices for all Novell BorderManager 3.7 services using the Login Policy object, you must upgrade previous versions of BorderManager to Novell BorderManager 3.7.

To create a Login Policy object and set up generic policy rules that allow users to access network services through each of the various Novell BorderManager 3.7 services with an eDirectory password, complete the following steps:

  1. In NetWare Administrator, select the Security container object in your eDirectory tree.

    The Login Policy object can only be created in the Security container object.

    2.

  2. From the Object menu, click Create > Login Policy > OK.

    3.

  3. To configure a login policy rule, click Rules > Add.

    4.

  4. To configure a rule for Novell BorderManager 3.7 Authentication Services, select the Object name radio button from the Service Type dialog box > browse to select the Dial Access System object associated with that service > check the Enabled check box.

    If this is a new installation of Novell BorderManager 3.7 Authentication Services, you will need to create a Dial Access System object. Refer to Creating a Dial Access System Object for more information.

    5.

  5. Select the Users tab > click Add > browse to select the user, group, or container objects to enable access.

    6.

  6. Select the Methods tab > click Add > check the Login Method enabled check box.

    7.

  7. In the Method Types dialog box, check NDS or eDirectory Passwords.

    8.

  8. In the Method Enforcement dialog box, check Mandatory > click OK > Add.

    9.

  9. To configure a rule for Proxy Services, select the Predefined radio button from the Service Type dialog box > select Proxy > check the Enabled check box.

    10.

  10. To configure a rule for SOCKS, select the Predefined radio button from the Service Type dialog box > select SOCKS > check the Enabled check box.

  11. To configure a rule for VPN, select the Predefined radio button from the Service Type dialog box > select VPN > check the Enabled check box.

    As NDS or eDirectory passwords are a prerequisite for VPN authentication, you only need to define additional method types and enforcement policies if you would like users to be authenticated by additional means such as token devices. (VPN users are always required to enter their NDS or eDirectory passwords.)

    12.

  12. Exit the utility.

    13.