Integrating Novell eDirectory with FreeRADIUS

Recommendations

Info

Novell Confidential Manual (ENU) 21 December 2004 • If you want to configure RADIUS iManager plug-in and iManager on different machines, you need to configure iManager for SSL/TLS connection to eDirectory manually. For more information on Configuring iManager for SSL/TLS connection to eDirectory, refer to iManager 2.0 Administration Guide (http://www.novell.com/documentation/lg/imanager20/ index.html?page=/documentation/lg/imanager20/imanager20/data/am4ajce.html#bow4dv4). Extending the eDirectory Schema for RADIUS Scenario 1 Scenario 2: There are three possible scenarios of extending the eDirectory schema for RADIUS. If mapping already exists between RADIUS:Profile to rADIUSProfile, then follow the below steps: 1 In iManager, click the Roles and Tasks button . 2 Click LDAP > LDAP Overview 2a Select View LDAP Groups. 2b Select Class Map from the drop down list. 2c Select the RADIUS:Profile to rADIUSProfile mapping. 2d Click Edit. 2e Change the primary LDAP class name to anything other than rADIUSProfile, for example, novellradiusprofile. 2f Click Apply. 3 Refresh LDAP server. 4 Click RADIUS > Extend schema for RADIUS. 4a Click OK. Help is available on the screens. If mapping does not exist between RADIUS:Profile to rADIUSProfile, then follow the below steps: 1 In iManager, click the Roles and Tasks button . 2 Click LDAP > LDAP Overview 2a Select View LDAP Groups. 2b Select Class Map from the drop down list. 2c Click Add mapping button. 2d In the eDirectory class drop down list, select RADIUS:Profile. 2e Change the primary LDAP class name to anything other than rADIUSProfile, for example, novellradiusprofile. 2f Click OK. 3 Refresh LDAP server. 4 Click RADIUS > Extend schema for RADIUS. 18 Integrating Novell eDirectory with FreeRADIUS Administration Guide
Novell Confidential Manual (ENU) 21 December 2004 Scenario 3: 4a Click OK. Help is available on the screens. If mapping already exists between RADIUS:Profile to any name other than radiusprofile, then follow the below steps: 1 In iManager, click the Roles and Tasks button . 2 Click LDAP > LDAP Overview 2a Select View LDAP Groups. 2b Select Class Map from the drop down list. 2c Select the RADIUS:Profile to any name other than rADIUSProfile mapping. 3 Refresh LDAP server. 4 Click RADIUS > Extend schema for RADIUS. 4a Click OK. Help is available on the screens. TIP: You can extend the schema using ldif files, in case you are not able to extend through the iManager plug-in. Refer “Extending the eDirectory Schema Using LDIF Files” on page 31 for more information. Adding RADIUS Attributes to eDirectory Users You can add the RADIUS attributes to the following: • Users • Profiles that can be associated with the users. You can also add the RADIUS attributes when you are modifying users or the eDirectory objects. Profile Objects You can create Profile objects in eDirectory to store a set of RADIUS attributes. Profile objects help in associating a User object collectively with the RADIUS attributes. For example, a set of RADIUS attributes, Auth-Type, NAS-IP-Address, and Framed-IPX-Network is to be assigned to users Jack, Tom, and Jane. You can create a Profile object PR1 containing these RADIUS attributes and then assign PR1 to all the three users. Managing RADIUS Objects You can manage RADIUS objects using the iManager plug-in for RADIUS management. Ensure that you meet all the prerequisites before proceeding further. This section provides information on • “Managing RADIUS Users” on page 20 • “Managing RADIUS Profiles” on page 20 Configuring eDirectory Users for RADIUS Authentication Using iManager Plug-in 19
Page 1 and 2: Novell Confidential Manual (ENU) 21
Page 21: Novell Confidential Manual (ENU) 21

Integrating Novell eDirectory with FreeRADIUS

Create successful ePaper yourself

Delete template?

Save as template?