All users logging in to services through Novell BorderManager 3.8 must be authenticated. The type of authentication required for a user to log in and access network services through Novell BorderManager 3.8 is stored in Novell eDirectory in a Login Policy object. Because of this, you must set up a generic login policy to enable users to access Novell BorderManager 3.8 services. Until a policy is set up, no user access is allowed. There can be only one Login Policy object in an eDirectory tree. This object holds the login policies for all Novell BorderManager 3.8 servers and services in the tree.
NOTE: The policies stored in the Login Policy object apply only to Novell BorderManager 3.8 services. Previous versions of Novell BorderManager 3.8 use hard-coded default policies.To manage login polices for all Novell BorderManager 3.8 services using the Login Policy object, you must upgrade previous versions of BorderManager to Novell BorderManager 3.8.
To create a Login Policy object and set up generic policy rules that allow users to access network services through each of the various Novell BorderManager 3.8 services with an eDirectory password, complete the following steps:
In NetWare Administrator, select the Security container object in your eDirectory tree.
The Login Policy object can be created only in the Security container object.
From the Object menu, select Create > Login Policy.
Click OK.
(Optional) To configure a login policy rule, click Rules > Add.
(Optional) To configure a rule for Novell BorderManager 3.8 Authentication Services, select the object name in the Service Type dialog box, browse to select the Dial Access System object associated with that service, check the Enabled check box.
(Conditional) If this is a new installation of Novell BorderManager 3.8 Authentication Services, you need to create a Dial Access System object. See
Select the Users tab, then click Add, browse to select the user, group, or container objects to enable access.
Click the Methods tab, then click Add and check the Login Method Enabled check box.
In the Method Types dialog box, check Novell eDirectory Passwords.
In the Method Enforcement dialog box, check Mandatory and then click OK > Add.
(Optional) Configure any or all of the available rules in the Service Type dialog box.
Select Predefined.
Select any or all of the services (Proxy, SOCKS, VPN).
Check the Enabled check box.
Because NDS or eDirectory passwords are always required for VPN authentication, you need to define additional method types and enforcement policies only if you want users to be authenticated by additional means such as token devices.
Exit the utility.