advertisement
Using Novell Security Manager
13. In the Proxies tab, open the menu corresponding to the proxy service you wish to use.
14. If User Authentication is not enabled (red status light), click the
Enable button.
Authentication Methods: Choose RADIUS from the selection field.
15. Now confirm your settings by clicking on the Add button.
The user authentication using RADIUS is now active.
The IAS service will log every access attempt in the Microsoft Windows
NT/2000 Event Log.
In order to prevent the Windows Event Log from overflowing, Novell
Security Manager stores RADIUS access information for five minutes. This may mean that changes in the RADIUS database will not be reflected at
Novell Security Manager for a few minutes.
Attention:
Novell Security Manager sends queries on UDP port 1812.
4.1.7.3. SAM – NT/2000/XP
This authentication method uses an MS Windows NT/2000 Domain
Controller or standalone server. Many businesses already use MS Windows
NT/2000 networks based on ActiveDirectory.
The advantage of SAM is that it is very easy to configure if the network already has a Primary Domain Controller (PDC) or if a server with a user database is running.
The drawback, however, is that this system does not distinguish between different user groups. You can either allow all users in an SAM database access to a proxy or none of them.
Configuring SAM – NT/2000/XP:
In order to use this authentication method, you will need to have a
Microsoft Windows NT or 2000 server on your network that contains the user information. This can be either a
Primary Domain Controller (PDC) or a standalone server.
Note that Windows servers have a NetBIOS name (the NT/2000 server name) as well as an IP address.
58
Using Novell Security Manager
1. In the System tab, open the User Authentication menu.
2. In the SAM (NT/2000/XP) Server Settings window, click the
Enable button next to Status.
PDC Name: Enter the name of the Domain Controller in this entry field.
Since, beginning with Windows 2000, these names are also official
DNS names, only names consisting of alphanumeric, minus (-), and period (.) characters are allowed.
Other characters, for example %!#_{} are not allowed.
PDC Address: Enter the IP address of the Domain Controller.
BDC Name: If you have a Backup Domain Controller, enter its name in this entry field. If you do not use a BDC, enter the name of the PDC here.
BDC Address: If you have a Backup Domain Controller, enter its IP address here. If you do not use a BDC, enter the IP address of the
PDC here.
NT4 Domain: Enter the name of your MS Windows NT/2000-Domain.
Allowed characters are: Letters of the alphabet, hyphen (-), and underscore characters (_).
Note:
This is not the Internet domain, as in Company.com, but rather a simple designator, e.g., Intranet. If you are using a standalone server rather than a Domain Controller, enter its NETBIOS name here.
This corresponds to the PDC Name entry.
3. Confirm your settings by clicking Save.
Security Note:
For the
Shared Secret
only passwords consisting of alphanumeric
, minus (-), and period (.) characters are allowed. Other characters, for example %!#_{} are not allowed.
Security Note:
If you use SAM authentication, make sure to disable the Guest account on your Windows domain. Otherwise all username/password combinations will be accepted as valid.
59
advertisement
