15.7 Configuring Console Access

The following options control access to the NetWare Access Gateway console:

15.7.1 Setting Up an FTP Listening Address

(NetWare only) The Mini FTP option allows you to configure an FTP listening address for management. If this option is enabled, you can use FTP to upload and download files.

  1. In the Administration Console, click Access Manager > Access Gateways > Edit > Mini FTP.

  2. Fill in the following fields:

    Cluster Member: (Available only if the Access Gateway is a member of a cluster.) Select the server you want to configure from the list of servers. All changes made to this page apply to the selected server.

    Listening Addresses: To enable this feature, select an IP address for FTP listening.

    If the Access Gateway server has only one IP address, only one is displayed for selection. If the server has multiple IP addresses, you can select one or more.

  3. To save your changes to browser cache, click OK.

  4. On the Server Configuration page, click OK, then click Update > OK.

When logging in to an FTP session, the username must be config, and the password is empty unless you have configured a password. If you enable FTP, we strongly recommend that you set up a password for the config user. See Section 15.7.3, Setting the Password for the admin and config Users.

15.7.2 Enabling Console Access with SSH and Telnet Sessions

(NetWare only) The Console Access option allows you to control whether administrators can set up SSH or Telnet sessions with the NetWare Access Gateway and use command line options to configure it.

  1. In the Administration Console, click Access Manager > Access Gateways > Edit > Console Access.

    Configuring NetWare console access

  2. Fill in the following fields:

    Cluster Member: (Available only if the Access Gateway is a member of a cluster.) Select the server you want to configure from the list of servers. All changes made to this page apply to the selected server.

    Enable SSH on Server: If this option is selected, SSH is enabled. SSH sets up a secure, encrypted connection between the Access Gateway and the client. Enabling this option opens an LDAP listener on the Access Gateway for port 636. Disabling this option does not fully close the listener. You must restart the Access Gateway to fully close the LDAP listener.

    Enable Telnet on Server: If this option is selected, Telnet is enabled.

    IMPORTANT:Telnet is inherently insecure. All information is sent in clear text, including passwords.

  3. To save your changes to browser cache, click OK.

  4. On the Server Configuration page, click OK, then click Update > OK.

You can use SSH client software or a terminal window to set up a session. When prompted, log in to the NetWare Access Gateway as the admin user.

If you enable Telnet, use the client software on your workstation to set up a session. When prompted, you can log in to the NetWare Access Gateway as either the config or the admin user.

15.7.3 Setting the Password for the admin and config Users

(NetWare only) Access Manager sets up an admin user when you install the Administration Console, and you are prompted to supply a name for this user. During installation, the NetWare Access Gateway sets up an admin and a config user, for managing the NetWare Access Gateway console. These names are not configurable.

The admin user is the NetWare Access Gateway user that has been created for accessing the machine over SSH. It is assigned a default password of novell.

The config user is the NetWare Access Gateway user that has been created for accessing the machine over FTP and Telnet. If you enable FTP or Telnet, you should set up a password for the config user. When an Access Gateway is installed, the config user is not assigned a password.

To set or modify the password for the config or admin user:

  1. In the Administration Console, click Access Manager > Access Gateways > Edit > Console Access.

  2. (Conditional) If the Access Gateway is a member of a group, select the server you want to configure from the list of servers. All changes made to this page apply to the selected server.

  3. In the Change Password section, select the Console User, either config or admin.

  4. Fill in the following fields:

    Old Password: Specifies the current password for the console user. When used in conjunction with the New Password and Confirm New Password fields, this field allows you to change the console password. When the admin user was created, it was assigned a default password of novell. When you install the NetWare Access Gateway, no password is assigned to the config user. To create a password the first time for the config user, leave this field blank.

    New Password: Specifies a new password. The password must be at least six characters long.

    Confirm New Password: Retype the new password.

  5. To save your changes and have them applied, click OK.

    As soon as you click OK, the change is sent to the NetWare Access Gateway and the password change is applied. The password is not saved to browser cache, and you do not need to update the Access Gateway configuration.