Perform the following tasks to modify the eDirectory objects in your eDirectory tree to manage dial access services with Novell BorderManager 3.7 Authentication Services:
You can specify common dial access properties for all users in Organization or Organizational Unit container objects. The Dial Access Service page of an Organization or Organizational Unit allows you to
For example, if your organization has several departments that want to allow remote users to access your corporate network, you could use Novell BorderManager 3.7 Authentication Services to manage users who authenticate with the RADIUS protocol. Each department could specify rights to applications, file and print services, and dial-in configuration information. However, multiple departments could be managed by the same network administrator without the requirement to maintain multiple databases.
Specifying dial access properties in the Dial Access Service page for an Organization or Organizational Unit container object has the following benefits:
The dial access properties that you define for an Organization or Organizational Unit container object apply to every user in the selected container object (but not to users in Organizational Units that are at a lower level in the eDirectory tree). Refer to the NetWare Administrator online help for information about specific configuration procedures.
You can override the dial access properties of an Organization container object or Organizational Unit container object by modifying the Dial Access Services page of a User object. This allows you to specify unique dial access properties for any User object in your NDS or eDirectory tree.
To enable users in an Organization or Organizational Unit container object for dial access services:
In NetWare Administrator, select the Organization or Organizational Unit container object.
Click Dial Access Services > Enable Dial Access and click OK.
Refer to the NetWare Administrator online help for more detailed configuration instructions.
You can grant rights to use one or more specified Dial Access System objects to members of a Group object. Group-based administration leverages the powerful access control list (ACL) capability of eDirectory to enforce user dial-in access restrictions. For example, separate Dial Access System objects could be created for firewall and dial-in access servers. Then a Firewall Group object and a Dial-In Users Group object could be created with access privileges to the firewall Dial Access System object and the dial-in Dial Access System object. By making a user a member of one or both groups, access to these resources is granted selectively based on group membership. Group-based administration can also be used to allow access to high-speed connections by selected users only, while allowing low-speed connections by all users by creating multiple Dial Access System objects.
Restricting access based on assignment to a geographical region is another use for group-based administration. Dial Access System objects could be created for each geographical region that a set of users are allowed to access. Groups such as West Coast, Midwest, and East Coast could be created with users in those regions added as members. Certain users, such as sales staff, could be included in more than one geographical group to allow access to different locations.
Each Dial Access System object must have sufficient rights to any User object that can be authenticated. This can be done for multiple users in a Group object by assigning a parent container object to which the users belong as a trustee of a Dial Access System object.
Likewise, the Group object must have sufficient rights to the Dial Access System object used for authentication. This can be done by assigning the Group object as a trustee of the Dial Access System object.
This section contains the following tasks:
To assign a container object as a trustee of a Dial Access System object:
In NetWare Administrator, select the Dial Access System object.
Select Object > Trustees Of This Object > Add Trustees.
Select the Organization or Organizational Unit container object and check the following properties:
Click OK.
Refer to the NetWare Administrator online help for more detailed configuration instructions.
To assign a group object as a trustee of a Dial Access System object, complete the following steps:
In NetWare Administrator, select the Dial Access System object.
Select Object > Trustees Of This Object > Add Trustees.
Select the Group object and check the following properties:
Click OK.
Refer to the NetWare Administrator online help for more detailed configuration instructions.