An NDS® or Novell eDirectoryTM Dial Access System object stores configuration information for RADIUS servers and can manage a common configuration for a collection of RADIUS servers working together. You must create at least one Dial Access System object in the NDS or eDirectory tree where your RADIUS server resides. All participating RADIUS servers use the Dial Access System object for configuration. The information stored in the object includes the following:
To create a Dial Access System object:
In NetWare Administrator, select the Organization or Organizational Unit object where you want to place the Dial Access System object.
From the Object menu, click Create > Dial Access System > OK.
Enter the name for the Dial Access System object > click Create.
Double-click the Dial Access System object you just created, then click Clients > Add.
Enter the IP address of the network access server in the Client Address field.
Select Client Type (the default is Generic RADIUS).
Enter the RADIUS secret. Reenter the secret.
The RADIUS secret should be a random string of 20 to 30 alphanumeric characters. The secret is used to protect authentication information sent across the network.
Check Add Another Client if you want to add another network access server after you created this one. Leave this check box unchecked if this is the last (or only) RADIUS client that you will create.
Click OK.
Select Authentication Policy to configure an authentication policy.
Click Add.
Select one of the following under Policy Type:
Select one of the following under Policy Rules:
Select Decrement Grace Logins to set the counter used to limit grace logins.
Select Add Another Policy to specify another authentication policy.
Select Lookup Context if you want to use a common name login.
Select Miscellaneous.
Select Change Dial Access System Password.
Enter the new password.
The Dial Access System password is used to generate encryption keys that protect passwords and secrets. Therefore, we recommend that the Dial Access System password be a random string of 20 to 30 alphanumeric characters. The password is required to start the service.
Reenter the new password > click OK.
Click OK twice.
You are now ready to create a Dial Access Profile object. Refer to the NetWare Administrator online help for information about specific configuration procedures for domains and remote connection restrictions.