All users logging in to services through Novell BorderManager 3.8 must be authenticated. The type of authentication required for a user to log in and access network services through Novell BorderManager 3.8 is stored in Novell eDirectory in a Login Policy object. Because of this, you must set up a generic login policy to enable users to access Novell BorderManager 3.8 services. Until a policy is set up, no user access is allowed. There can be only one Login Policy object in an eDirectory tree. This object holds the login policies for all Novell BorderManager 3.8 servers and services in the tree.
NOTE: The policies stored in the Login Policy object apply only to Novell BorderManager 3.8 services. Previous versions of Novell BorderManager 3.8 use hard-coded default policies.To manage login polices for all Novell BorderManager 3.8 services using the Login Policy object, you must upgrade previous versions of BorderManager to Novell BorderManager 3.8.
To create a Login Policy object and set up generic policy rules that allow users to access network services through each of the various Novell BorderManager 3.8 services with an eDirectory password, complete the following steps:
In NetWare Administrator, select the Security container object in your eDirectory tree.
The Login Policy object can only be created in the Security container object.
From the Object menu, click Create > Login Policy, then click OK.
To configure a login policy rule, click Rules, then click Add.
To configure a rule for Novell BorderManager 3.8 Authentication Services, select the Object name radio option from the Service Type dialog box, browse to select the Dial Access System object associated with that service, select the Enabled check box.
If this is a new installation of Novell BorderManager 3.8 Authentication Services, you will need to create a Dial Access System object.
Select the Users tab, click Add, then browse to select the user, group, or container objects to enable access.
Select the Methods tab, click Add, then select the Login Method enabled check box.
In the Method Types dialog box, select Novell eDirectory Passwords.
In the Method Enforcement dialog box, select Mandatory, click OK, then click Add.
To configure a rule for Proxy Services, select the Predefined option button from the Service Type dialog box, select Proxy, then select the Enabled check box.
To configure a rule for SOCKS, select the Predefined option button from the Service Type dialog box, select SOCKS, then select the Enabled check box.
To configure a rule for VPN, select the Predefined radio button from the Service Type dialog box, select VPN, check the Enabled check box.
Because NDS®or eDirectory passwords are a prerequisite for VPN authentication, you only need to define additional method types and enforcement policies if you want users to be authenticated by additional means such as token devices. (VPN users are always required to specify their NDS or Novell eDirectory passwords.)
Exit the utility.