3.6 Setting Up Universal Password for Users

On networks where administrators plan to provide native Windows (CIFS) and native Macintosh (AFP) access to file services on an OES 2 server, Universal Password policies must be assigned to eDirectory users needing such access.

When you install Novell AFP and Novell CIFS, the OES installation creates Universal Password policies for each of these services, named AFP Default Policy and CIFS Default Policy, respectively.

eDirectory allows one Universal Password policy assignment per container. This means that if all of your users reside in the same container, their passwords can be governed by either the AFP or the CIFS policy, but not both.

Many organizations prefer to manage their users in a single container like the USERS container you just created, and they need one Universal Password policy that supports all of the services their users need.

3.6.1 Creating a Universal Password Policy to Support Both AFP and CIFS

The AFP and CIFS default policies are almost identical, except that the AFP and CIFS proxy users are allowed to retrieve passwords only in their respective policies.

You will now create a single password policy named File Services Policy that is based on the AFP policy, and you’ll grant the CIFS proxy user the ability to retrieve passwords along with the AFP proxy user.

NOTE:Larger organizations often prefer to limit the number of proxy users to either a single user or to one per service type, but that discussion is outside the scope of this document. For more information, see Understanding Proxy Users in the OES 2 SP2: Planning and Implementation Guide.

  1. In iManager, click the up-arrow Up Arrow icon, click the down-arrow Down Arrow icon next to Security, then click the Down Arrow icon next to Password Policies.

  2. Click AFP Default Policy, then in the pop-up list click Copy Object.

  3. In the Object Name field, type File Services Policy, then click the Browse icon Browse icon next to the Object Location field.

  4. Click the down-arrow Down Arrow icon next to Security, then click Password Policies.

  5. Click OK > OK.

  6. Click the Roles and Tasks icon Roles and Tasks icon

  7. Click Passwords > Password Policies.

  8. Click File Services Policy.

  9. In the Password Policies pop-up window, click the Universal Password tab, then click the Configuration Options sub-tab.

  10. Scroll down to the Universal Password Retrieval section.

  11. Under Allow the Following to Retrieve Passwords, click Insert.

  12. In the Object Selector, browse to the COMPANY > LAB > SERVERS container, click the cifsProxyUser - server_name object, then click OK > OK > Close.

  13. Do not close iManager. Continue with the next section, Assigning the Universal Password Policy to the USERS Container.

3.6.2 Assigning the Universal Password Policy to the USERS Container

For the users you create to be assigned the File Services Policy password policy, you must associate the policy with the USERS container created in Section 3.5, Creating a Context for Your Users and Groups.

  1. In iManager, click the Roles and Tasks icon Roles and Tasks icon.

  2. Click Passwords > Password Policies.

  3. Click the File Services Policy link.

  4. Click the Policy Assignment tab.

  5. Click the Browse icon Browse icon next to the Assign To field.

  6. In the Contents pane, browse to the LAB Organizational Unit.

  7. Select the USERS Organizational Unit object, then click OK.

  8. Click Apply > OK.

  9. Do not close iManager. Continue with the next section, Creating NCP and NSS Volumes for Home Directories.