Re: BM 3.8 RADIUS and FreeRADIUS
Craig Johnson
possible cause to what is causing the issue with loss of management
ability of the NMAS RADIUS. I, and others, have been wondering what
has happened to cause the inability to manage DAS objects anymore. (We
have not yet found a workaround). I'm wondering if installing
FreeRADIUS -or attempting to install it- has altered the NMAS RADIUS
schema in such a way as to cause the problem.
As far as fixing this - let's see if we can come up with some ideas.
I'll pass this information on to Novell, and see if they can come up
with a way to extend the schema if we can't do it ourselves.
Assuming the schema can be extended (and one way might be to install
the schema update into a test tree and then import the schema), I don;t
think it would be that hard to switch to it. You would not need to
change out the BMgr servers. Just set up one (or possibly more)
FreeRADIUS servers (could be virtual servers...) and point the RADIUS
requests to them instead of the BMgr servers. No reason BMgr has to be
a RADIUS server.
Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to http://www.craigjconsulting.com ***
Craig Johnson
*****
Fix: go to your LDAP Group object, add a new Class Mapping:
(NDS name) RADIUS:Profile (LDAP name) novellRadiusProfile
Restart LDAP; rerun Radius Schema Extension
*****
Craig Johnson
> Will this fix allow to manage DAS object or will it allow to extend the
> schema for a Linux RADIUS version?
>
I'm not sure yet. I'm still working on managing the DAS on NetWare
issue, now with another sysop.
Craig Johnson
>
The other sysop (Peter Kuo) has determined that whatever happened here,
it wasn't simply eDir 8.8.x. He set up a brand new server with NW65sp7
(eDir 8.8.4), installed RADIUS from BM 3.8, and it worked using that
combo of NW, Edir, ConsoleOne and RADIUS. We're still trying to
isolate what is happening, but it seems most likely to me to have
something to do with ConsoleOne snapins coupled with some unknown
issue.
Craig Johnson
jar file for ConsoleOne changed. I'm setting up a new test VM server
to try to track down the change. I'm hopeful that the workaround will
involve using an older file, or separate and older ConsoleOne directory
to manage RADIUS. (I'd tried something like that before and failed,
but perhaps I missed something.)
Craig Johnson
ConsoleOne works fine with SP7, but not SP8. That is, I can edit a DAS
client with a server installed from scratch with SP7, but I cannot once
SP8 is installed.
I made a copy of the ConsoleOne 1.2 directory before installing SP8.
Didn't matter whether or not I used that version or the SP8 version,
both failed to work.
I uninstalled SP8, and ConsoleOne works again.
Still trying to track down the change, but at least some news for
RADIUS users is that if you uninstall SP8, you should be able to make
changes to the DAS object. (And could then perhaps reinstall SP8...)
Craig Johnson
Renamed ConsoleOne 1.2 directory.
Reinstalled NMAS_EE / RADIUS from BM 3.8. (Had to reinstall ConsoleOne
as well - used 3.8 source in NMAS_EE). Did not overwrite newer files.
Did not help DAS object editing.
Reinstalled NMAS_EE / RADIUS from 3.8, and this time I *did* overwrite
newer files. Caused other unacceptable issues (apache2 & tomcat didn't
load, sasl continuously loads), but ConsoleOne works again with DAS
objects.
Trying to manually copy selected files back from SP8 to make issues go
away, and track down what's breaking DAS editing.
Craig Johnson
many other things on my plate to set that up.
On the NMAS end, so far the only (non-risky) thing I've found to help
is to uninstall NW65SP8 back to SP7.