This guide explains the concepts and the administrative tasks to integrate Novell eDirectory with FreeRADIUS.
Latest document is available at
http://www.novell.com/documentation/edir_radius/index.html
Errata
The following changes are proposed for the Administration guide (PDF format) and the same will incorporated into the online documentation as well:
Page 7, Documentation Updates
Replace
For the most recent version of the Integrating Novell eDirectory with FreeRADIUS Administration Guide, see the Novell Forge site (http://forge.novell.com/modules/xfmod/docman/?group_id=1623).
with
For the most recent version of the Integrating Novell eDirectory with FreeRADIUS Administration Guide, see the Novell Documentation site (http://www.novell.com/documentation/edir_radius/index.html).
Page 9
Replace
You can integrate Novell® eDirectoryTM 8.7.1 or later
with
You can integrate Novell® eDirectoryTM 8.8.x or later
Page 9
Replace For more information on eDirectory, refer to the Novell eDirectory 8.7.1 Administration Guide (http://www.novell.com/documentation/edir871/index.html)
with
For more information on eDirectory, refer to the Novell eDirectory 8.8.x Administration Guide (http://www.novell.com/documentation/edir88/index.html)
Page 11, Supported Platforms
The eDirectory integration with FreeRADIUS is supported on the following Linux platforms:
SUSE LINUX Enterprise Server (SLES®) 10 or above
Page 11,
Remove the entire section "Prerequisites for Installing FreeRADIUS"
Page 12,
Remove the entire section "Installing FreeRADIUS on Red Hat"
Page 13,
Replace the content of section "Installing FreeRADIUS on SLES" with the following :
1. Log in as root user. 2. Install the FreeRADIUS package from the OS installation media. For eg, on a SLES 10 box, yast > Software > Software Management > Package Search > freeradius
OR
rpm -Uhv </path/to/package name> For example, rpm -Uhv freeradius-1.1.0-19.9.i586.rpm
Page 13, What Next ?
Replace
After downloading and compiling FreeRADIUS, you need to configure the FreeRADIUS server and eDirectory users. For more information, refer to:
with
After installing FreeRADIUS, you need to configure the FreeRADIUS server and eDirectory users. For more information, refer to:
Page 15
Replace
FreeRADIUS 1.0.2: Install FreeRADIUS 1.0.2.
with
FreeRADIUS 1.0.2 or later: Install FreeRADIUS 1.0.2 or later
Page 15
Replace
Novell eDirectory 8.7.1 or later: For installation instructions, refer to the Novell eDirectory 8.7.1 Administration Guide (http://www.novell.com/documentation/edir871/edir871/data/a2uci7d.html).
with
Novell eDirectory 8.8.x or later: For installation instructions, refer to the Novell eDirectory8.8.x Administration Guide (http://www.novell.com/documentation/edir88/index.html).
Page 15
Novell iManager 2.0.x or later: For installing iManager 2.0.x, refer to the Novell iManager 2.0.x Administration Guide (http://www.novell.com/documentation/imanager20/imanager20/data/alw39eb.html#alw39eb).
with
Novell iManager 2.7.x or later: For installing iManager 2.7.x, refer to the Novell iManager 2.7.x Administration Guide (http://www.novell.com/documentation/imanager27/index.html).
Page 15
Remove the sentence
For installing iManager 2.5, refer to the Novell iManager 2.5 Administration Guide (http://www.novell.com/documentation/imanager25/imanager_install_25/data/alw39eb.html).
Page 15
Replace
You need to download the RADIUS iManager plug-in from the Novell Forge site (http://forge.novell.com/modules/xfcontent/file.php/edirfreeradius/radius_npm.tar.gz).
with
Download the RADIUS iManager plug-in from the Novell Download site (http://download.novell.com/SummaryFree.jsp?buildid=QL_myGHU0V4~). For the most recent version of iManager plug-in refer to Novell Download site (http://download.novell.com/).
Page 16, Enabling Universal Password for eDirectory Users
Replace
For more information, refer to the Novell Modular Authentication Services 2.3.x Administration Guide (http://www.novell.com/documentation/nmas23/admin/data/allq21t.html).
with
For more information, refer to "Deploying Universal Password" chapter in Password Management 3.3.x Guide (http://www.novell.com/documentation/password_management33/index.html).
Page 16
Replace
For information on creating an RADIUS Administrator object in eDirectory, refer to the Creating an Object section in the Novell eDirectory Administration Guide (http://www.novell.com/documentation/edir873/edir873/data/a4jgpgc.html#a3olp4k).
with
For information on creating an RADIUS Administrator object in eDirectory, refer to the Managing User Accounts section in the Novell eDirectory Administration Guide (http://www.novell.com/documentation/edir88/edir88/data/afxkmdi.html).
Page 16
The eDirectory administrator can also be the RADIUS administrator. For more information on eDirectory rights, refer to the Novell eDirectory Administration Guide (http://www.novell.com/documentation/edir873/edir873/data/fbachifb.html#fbachifb).
with
The eDirectory administrator can also be the RADIUS administrator. For more information on eDirectory rights, refer to the Novell eDirectory Administration Guide (http://www.novell.com/documentation/edir88/edir88/data/fbachifb.html)
Page 16
Replace
There are two possible scenarios of granting rights to the RADIUS administrator to retrieve password: Scenario 1: If the Password Management 2.0.2 for Novell eDirectory for iManager 2.x plugin is installed. Scenario 2: If Password Management 2.0.2 for Novell eDirectory for iManager 2.x plug-in is not installed.
Scenario 1 If the Password Management 2.0.2 for Novell eDirectory for iManager 2.x plug-in is installed,complete the following steps:
with
Follow the steps mentioned below to Grant rights to the RADIUS administrator to retrieve Universal password:
Page 17
Replace
2a Select the password policy being used. 2b Click Edit.
with
2a Click the password policy being used.
Page 17
Replace
3b Click OK.
with
3b Click Apply 3c Click OK.
Page 17
Remove the Scenario 2 completely. Remove the IMPORTANT note
Page 17
Replace
You need to extract the self-signed certificate of the Certificate Authority in base 64 format. For information on extracting the certificate, refer to the Novell Certificate Server 2.7.x Administration Guide (http://www.novell.com/documentation/crt27/index.html?page=/documentation/crt27/crtadmin/data/a2ebopb.html#a2ebopd).
with
Extract the self-signed certificate of the Certificate Authority in base 64 format. For information on extracting the certificate, refer to the Novell Certificate Server 3.3.x Administration Guide (http://www.novell.com/documentation/crt33/crtadmin/data/a2ebopb.html#a2ebopd).
Page 18
Replace
FDN of the RADIUS Server object in eDirectory
with
DN of the RADIUS Administrator in eDirectory
Page 18
Replace
password of the RADIUS Server object in eDirectory
with
password of the RADIUS Administrator in eDirectory
Page 18
Replace
start_tls yes Creates a secure connection on port 389. IMPORTANT: Make sure that the tls_mode attribute is commented out and port is set to 389.
tls_mode conditional Creates a secure connection on port 636. IMPORTANT: Make sure that the strat_tls attribute is commented out and port is set to 636.
with
start_tls yes Creates a secure connection on port 389. IMPORTANT: Make sure that the tls_mode attribute is either commented or tls_mode is set to "no" and port is set to 389.
tls_mode no Creates a secure connection on port 636. IMPORTANT: Make sure that the strat_tls attribute is either commented or start_tls is set to "no" and port is set to 636.
Page 23
Replace
Novell iManager plug-in for RADIUS: Download the iManager plug-in from the Novell Forge site (http://forge.novell.com/modules/xfcontent/file.php/edirfreeradius/radius_npm.tar.gz). For installation instructions, refer to the Novell iManager 2.0.x Administration Guide (http://www.novell.com/documentation/imanager20/imanager20/data/alw39eb.html#alw39eb).
with
Novell iManager plug-in for RADIUS: Download the iManager plug-in from the Novell Download site (http://download.novell.com/SummaryFree.jsp?buildid=QL_myGHU0V4~). For the most recent version of iManager plug-in, visit the Novell Download site (http://download.novell.com/).
Page 23
Remove the bullet point with following content : eDirectory User: To add new eDirectory User objects, refer to the Novell eDirectory 8.7.3 Administration Guide (http://www.novell.com/documentation/edir873/edir873/data/a4jgpgc.html#a3olp4k).
Page 23
Replace
For more information on Configuring iManager for SSL/TLS connection to eDirectory, refer to iManager 2.0 Administration Guide (http://www.novell.com/documentation/lg/imanager20/index.html?page=/documentation/lg/imanager20/imanager20/data/am4ajce.html#bow4dv4).
with
For more information on Configuring iManager for SSL/TLS connection to eDirectory, refer to iManager 2.7.x Administration Guide (http://www.novell.com/documentation/imanager27/imanager_admin_273/data/bx8g5g8.html).
Page 29
Replace
Novell Technical Support (NTS) will be available to customers only if they use these RPMs and integrate FreeRADIUS with eDirectory.
With
Novell Technical Support (NTS) will be available to customers only if they use the RPMs shipped with SLES 10 and above.
Page 33, Risks of Enabling Universal Password
Replace The risks of enabling universal password are documented by NMASTM. Refer to the Deploying Universal Password section in the Novell Modular Authentication Service 2.3.x Administration Guide (http://www.novell.com/documentation/nmas23/admin/data/allq21t.html).
with
The risks of enabling universal password are documented by NMASTM. Refer to the "Deploying Universal Password" chapter in Password Management 3.3.x Guide (http://www.novell.com/documentation/password_management33/index.html).
© 2009 Novell, Inc. All Rights Reserved.
