Configuring BMAS 3.5 and 3.6.
(Last modified: 11Feb2003)
This document (10017913) is provided subject to the disclaimer at the end of this document.
How to configure BMAS 3.5 and 3.6.
Novell NetWare 5.0
Novell NetWare 4.11
Novell BorderManager Authentication Service (BMAS) 3.5
Novell BorderManager Authentication Service (BMAS) 3.6
Ensure that NWADMN32 has been launched at least once.
The BorderManager snapins will need to be installed and are located in SYS:PUBLIC\BRDRMGR\SNAPINS\SETUP.EXE.
*NOTE - In order to perform the initial configurations, ensure that you are logged in as ADMIN and not an ADMIN Equivalent.
Launch NWADMN32 from the drive mapping that was specified during the BorderManager snapins install.
Dial Access System
Create - Dial Access System (DAS) | Enter a Dial Access System Name | Check Define Additional properties | Create
Clients Tab | Add | Enter Client Address of Access Server | Select Client Type according to Access Server | Enter Shared Secret
Username Resolution Tab | Either select Use NDS find to resolve usernames or Use lookup contexts list to resolve usernames
Miscellaneous Tab | Change Dial Access System Password - This password will be used to load radius from the server console
Dial Access Profile
Create - Dial Access Profile (DAP) | Enter a Dial Access Service Profile Name | Check Define Additional properties | Create
Attributes Tab | Enter the attributes specified by the manufacturer for the Access Server
ie. Framed-Protocol PPP
**NOTE** Before proceeding with ActivCard and the Login Policy Object there is an important note that needs to be made. If you are only using NDS authentication, you do not need to proceed any further. The Login Policy Object only needs to be implemented when you have more than one form of authentication.
Object | Create | ActivCard Container | Enter a name or accept the default name | Check Define additional properties | OK
Highlight ActivCard Container | Details
Import Device Images | Import Device Images
Highlight a Token | Details
Assignment Tab | Associate this token with a user
Password Tests - Test to ensure token is synchronized
Unlock Code - Test to ensure token is synchronized
*Consult the ActivCard documentation for further information
Login Policy Object
View | Go Up a Level | Select Root and press OK
Highlight the Security Container | Create | Login Policy (LPO)
Rules | Add | Select the Object Name Radio Button and browse to the Dial Access System Object | OK
Methods Tab | Add - This rule will allow the use of NDS passwords
Method Enforcement | Choose either mandatory or Acceptable | OK
User List | Add - Either choose a user, users, container or group
* If ActivCard is to be used, the following changes will need to be made:
Methods Tab | Add | Object Name | Browse to the ActivCard Container | OK
Method Enforcement | Choose either mandatory, Required if assigned or Acceptable
Order the rules by highlighting a rule and use UP or Down
From the server console issue the following: LOAD RADIUS NAME=(DAS Name) PASSWORD=(DAS Password)
*NOTE - The following command will need to be issued before any changes are made to the LPO. From the server console issue the following: RADSTOP
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.
- Document ID:
- Solution ID: 1.0.32603934.2344748
- Creation Date: 01Oct