Creating a Dial Access System Object

An NDS^® or Novell eDirectory^TM Dial Access System object stores configuration information for RADIUS servers and can manage a common configuration for a collection of RADIUS servers working together. You must create at least one Dial Access System object in the NDS or eDirectory tree where your RADIUS server resides. All participating RADIUS servers use the Dial Access System object for configuration. The information stored in the object includes the following:

• Client configuration---Allows you to define IP addresses for the network access servers and the shared secrets used among the RADIUS servers, network access servers, and proxy RADIUS servers from which requests will be received.
• Domains---Allow you to configure other RADIUS servers to which you want to forward RADIUS requests.
• Authentication policy---Allows you to define an authentication policy for the Dial Access System.
• Remote connections---Allow you to restrict the number of concurrent remote connections.
• Lookup context---Defines the search path for objects.

To create a Dial Access System object:

1. In NetWare Administrator, select the Organization or Organizational Unit object where you want to place the Dial Access System object.

2. From the Object menu, click Create > Dial Access System > OK.

3. Enter the name for the Dial Access System object > click Create.

4. Double-click the Dial Access System object you just created, then click Clients > Add.

   1. Enter the IP address of the network access server in the Client Address field.

   2. Select Client Type (the default is Generic RADIUS).

   3. Enter the RADIUS secret. Reenter the secret.

      The RADIUS secret should be a random string of 20 to 30 alphanumeric characters. The secret is used to protect authentication information sent across the network.

   4. Check Add Another Client if you want to add another network access server after you created this one. Leave this check box unchecked if this is the last (or only) RADIUS client that you will create.

   5. Click OK.

5. Select Authentication Policy to configure an authentication policy.

   1. Click Add.

   2. Select one of the following under Policy Type:

      • Authentication Method---Remote users are authenticated using an authentication policy that is not listed, such as token authentication. Browse and select the authentication policy.
      • NetWare Password---Remote users are authenticated using the same passwords used for NetWare print and file services.
      • Dial Access Password---Remote users are authenticated using separate passwords that are stored encrypted in the NDS or eDirectory database.
      • Dial Access Password (CHAP)---Remote users are authenticated using Challenge Handshake Authentication Protocol (CHAP) passwords.
      • Any User-Assigned Device---Remote users are authenticated using a token assigned to a user.

   3. Select one of the following under Policy Rules:

      • Must Authenticate By This Method---Remote users always authenticate using the selected policy type.
      • Required If Assigned---Remote users always authenticate using the selected policy type (enabled only for Authentication Method and User-Assigned Device).
      • Optional---Remote users will be able to choose the selected policy for authentication.

   4. Select Decrement Grace Logins to set the counter used to limit grace logins.

   5. Select Add Another Policy to specify another authentication policy.

6. Select Lookup Context if you want to use a common name login.

   1. Click Add.

   2. Browse and select the name context.

   3. To add another search context, check Add Another Context.

   4. Click OK.

7. Select Miscellaneous.

8. Select Change Dial Access System Password.

   1. Enter the new password.

      The Dial Access System password is used to generate encryption keys that protect passwords and secrets. Therefore, we recommend that the Dial Access System password be a random string of 20 to 30 alphanumeric characters. The password is required to start the service.

   2. Reenter the new password > click OK.

9. Click OK twice.

You are now ready to create a Dial Access Profile object. Refer to the NetWare Administrator online help for information about specific configuration procedures for domains and remote connection restrictions.