Home

User Authentication with NetScape Directory Server 4.12

1. Accept to overwrite If you already have a pre installed Directory Server with user defined attributes use an editor and extend your file with the entries User defined attributes These attributes can be updated via LDAP by modifing the cn schema schema entry The attributes in slapd at conf can not be updated attribute switchGroups switchGroups oid int single attribute numberOfSwitchGroups numberOfSwitchGroups oid int single attribute accountFailTime accountFailTime oid cis single attribute accountStartTime accountStartTime oid cis single attribute accountStopTime accountStopTime oid cis single attribute switchSerialNumber switchSerialNumber oid cis single attribute switchSlotPort switchSlotPort oid cis single attribute clientMACAddress clientMACAddress oid cis single attribute clientIPAddress clientIPAddress oid cis single 8 After having attributes added which you will need for user defined object classes proceed to add values into Slapd user_oc conf Copyright 2001 Rainer Bemsel www bemsel com rainer bemsel com Page 11 of 24 CERPIRiFRFIEG This technical document has been created and evaluated by myself with the purpose to help friends to get into new technology and installations There is no financial interest however please respect the copyright Certified NOVELL ENGINEERSM Click on Object Classes tab and on create to open a new Create Object Class Windows a Disati Opi Clita En e ENE ipp amim y ee a
2. In this scenario I have a center switch which will be extended in the near future with more edge devices and features The requirement was to have 3 independent IP Groups DHCP and XVSS Authentication has been asked for I ve put the DHCP Server onto LDAP Server using WinRoute 3 04 and configured 3 scopes for Group 5 6 amp 7 Using the relay function on the switch will pass DHCP request direct to the DHCP Server and provide the client regarding the group membership with the proper IP out of the group s scope i L f 4 Defaut Group IPis disabled LDAPSRV amp a DHCP SRV 192 168 10 150 2 10 2 11 GRP2 TRANSFER ka IP 192 168 10 11 2 9 I LDAPAUTH 1 OmniS witch 2 8 o To have above drawing as a compete setup running you have to perform a couple of steps which may take a while Create and fill out an installation template Installing Windows NT Server 4 0 preferable US Version and upgrade to Service Pack 4 Installing Netscape Directory Server 4 12 Configure Netscape Directory Server with Object Class and Attributes to be used for Authentication Getting User s into the database and define Group membership Configure Switch for Authentication and Relay Installing XVSS Client on a WIN95 or WIN NT 4 Workstation 8 Verify your configuration and have a good feeling once it is running ee eee a oa Copyright 2001 Rainer Bemsel www bemsel com rainer bemsel com Page 1 of 24 ERERPiFGE D
3. LDAPAUTH 1 gt LDAPAUTH 1 gt crgp GROUP Number 2 7 Description no quotes ACTORS Enable WAN Routing n Enable ATM CIP n Enable IP y IP Address 192 168 7 1 IP Subnet Mask Oxffffff0O0 IP Broadcast Address 192 168 10 255 Description 30 chars max Configure as Loopback n Disable routing n Enable NHRP n Copyright 2001 Rainer Bemsel www bemsel com rainer bemsel com Page 21 of 24 EERTIFIEG This technical document has been created and evaluated by myself with the purpose to help friends Certified NOVELL to get into new technology and installations There is Novelle no financial interest however please respect the copyright CUBE IP RIP mode Deaf d Silent s Active a Inactive i s Default framing type Ethernet II e Ethernet 802 3 SNAP 8 e Enable IPX y n Enter a priority level 0 7 0 Enable Group Mobility on this Group y n n y Enable User Authentication for this Group y n n y Enable Spanning Tree for this group y n y Do you wish to configure the interface group for this Virtual LAN at this time y n Group 7 has been added to the system You may modify interfaces to this group using the addvp modvp and rmvp commands at a later date if you choose Configure Auto Activated LEC service y n y n Select Protocol for this group iy Le 2 IPX 3 DECNET 4 APPLETALK 5 Protocol specif
4. Highlight and click on OK The new attribute appears in Property Window Do it again and get attribute switchgroups into the properties Don t forget to set values numberOfSwitchGroups 1 switchgroups lt authenticated group gt i e Wesley Snipes is an actor and should have access to Group No 7 so will set the value to 7 Another way to get user into the database is by importing the LDIF as decribed in step lt lt lt lt XXX gt gt gt It s almost the same way as you did after modifying the additional entires into the LDIF file Please see my exported User LDIF which created using Directory Server The manual modified entries have colorized red dn o xylan com creatorsname cn Directory Manager createtimestamp 200008102321332 objectclass top objectclass organization Oo xylan com aci targetattr version 3 0 acl Allow self entry modification allow write userdn ldap self aci targetattr userPassword version 3 0 acl Anonymous access allo w read search compare userdn ldap anyone aci targetattr version 3 0 acl Configuration Adminstrator allow all userdn ldap uid admin ou Administrators ou TopologyManagement o NetscapeRoot aci targetattr version 3 0 acl Configuration Administrators Group al low all groupdn ldap cn Configuration Administrators ou Groups ou TopologyManagement o NetscapeRoot aci targetattr vers
5. NOTE clientMACAddress and clientIPAddress are only used for single authority mode Once above attributes had been added you should see in the window User defined Attributes new values OID values are added automatically Copyright 2001 Rainer Bemsel www bemsel com rainer bemsel com Page 10 of 24 ECEETIFIE D This technical document has been created and evaluated by myself with the purpose to help friends to get into new technology and installations There is no financial interest however please respect the copyright Certified ENGINEERSM CUBE ed rags Lise bo oes Dated Pih uss Luetiory Serer 4 PH Lae le et a i Loge I Ps fms Lae Eire al hae Hd ee pn ELE epr brer Pra s E Soom Fim d Th g Ce Desa 0 T11 EA ihk ha E E ET Erer Hissin ap ees Ser cee ee oe ee J ium a Pa unr hpr TE oom DE Friki gee ecu ee oe el oe ee an erg Srey mE ma ee De me aed eer onli me mae Gives el ce POT mM i ee Ser ars rieri day aac ay ir Grey irk lees thes EBL Lo 1 Er ee ire BrEA a eS En sd ee ed ed Ti reer ear De te ee mem orth a N a etl ee cero ane gee re ak iriran od Te am j ee Jo o ol i To verify Check out your directory Netscape Server4 slapd freebird config you should find a new time set to slapd user_at conf and by opening the file you see new addings For your convenience you may also just copy the file into your Directory Server s slapd lt servername gt config
6. Address 192 168 5 1 IP Subnet Mask Oxffffff0O0 IP Broadcast Address 192 168 10 255 Description 30 chars max Configure as Loopback n Disable routing n Enable NHRP n IP RIP mode Deaf d Silent s Active a Inactive i s Default framing type Ethernet II e Ethernet 802 3 SNAP 8 e Enable IPX y n Enter a priority level 0 7 0 Enable Group Mobility on this Group y n n n Yy Enable User Authentication for this Group y n n y Enable Spanning Tree for this group y n y Do you wish to configure the interface group for this Virtual LAN at this time y n Group 5 has been added to the system You may modify interfaces to this group using the addvp modvp and rmvp commands at a later date if you choose Configure Auto Activated LEC service y n y Select Protocol for this group Le I P IPX DECNET APPLETALK Protocol specified by ether type in hex Protocol specified by DSAP and SSAP in hex Protocol specified by SNAP in hex 8 ALL PROTOCOLS Enter protocol type 1 8 TA OP W DY Configure binding rules for this group y n y LDAPAUTH 1 gt Copyright 2001 Rainer Bemsel www bemsel com rainer bemsel com ECERTGFiIE D CUBE Certified NOVELL ENGINEERSM n n Page 20 of 24 This technical document has been created and evaluated by myself with the purpose to help friends to get into ne
7. Components Netscape Server Products Common files Core Java classes Java Runtime Environment Netscape Server Products Common files Core Java classes Java Runtime Environment Netscape Directory Suite Netscape Directory Server Netscape Directory Management Console Netscape Directory Server Directory Server Settings Server Identifier freebird Suffix o xylan com Port 389 Configuration Directory Administrator ID admin Administration Domain xylan com Directory Manager DN cn Directory Manager Install Sample Organizational Structure yes Populate Database with Disable Schema Checking no Netscape Directory Management Console Administration Services Netscape Administration Server Administration Server Console Netscape Administration Server Administration User ID admin Administration Port 15417 Administration URL http freebird xylan com 15417 Administration IP Address 192 168 10 150 Administration Server Console After having the installation process finished you will have to restart the PC Copyright 2001 Rainer Bemsel www bemsel com rainer bemsel com CER PUFGIE amp Certified N ENGINEERSM CUBE ue FERFEEE Page 7 of 24 This technical document has been created and evaluated by myself with the purpose to help friends to get into new technology and installations There is no financial interest however please respect the copyright
8. Configure Netscape Directory Server with Object Class and Attributes to be used for Authentication NOTE You will read sometimes freebird which used as the computer name for all LDAP Installations described in here You may use your own computer name and remember always the different name 1 Open Netscape Directory Console and logon as admin using password secret99 if you haven t changed my example Administration URL should be predefined as http freebird xylan com 1541 7 2 Expand Directory Server under Console Tab until you get to Directory Server Select Directory Server freebird and click on right upper side on open ka Directory Gure eatin En rr A PrE Wrk i Be P reas ae ere imina ie Ell Taree ee are are eee MIHA JEF ee TR PRR Desens a Sea Ce babies oe ie vie ra a Copyright 2001 Rainer Bemsel www bemsel com rainer bemsel com Page 8 of 24 CERTIRFRFIEG This technical document has been created and evaluated by myself with the purpose to help friends to get into new technology and installations There is no financial interest however please respect the copyright Certified OVELL ENGINEERSM U g ER PE E 4 When Directory Server is open you see the entry with Task tab activated Click on Configuration expand Database and click on Schema a bJ Bate i i j i i wd bhor i g an Hied L Letina Beis H Tail ale birila D Embi MP Earyirerrr pir Berrien E iiep GA AT eres Yer
9. Copyright 2001 Rainer Bemsel www bemsel com rainer bemsel com Page 4 of 24 CER PTUFGE amp This technical document has been created and evaluated by myself with the purpose to help friends Certified NOVELL to get into new technology and installations There is Novella no financial interest however please respect the copyright ue FERFEEE Wns Resa Gace ree Fea SS a Mp aA Ts Mas DL My Tae ae meg af Se del Se Nii al E bjk Frera Aeg Teira Tanp j Tinm tare o CUCt i i t t S ee a r SE o o s i iara i Ba mi hai ij a mi Hmi T Errei Now going to verify the Administration Domain Also here is xylan com it s based on DNS setting on NT Server TCP IP Properties prewritten and should remain Click on next and set the password for the Directory Manager also to secert99 It s easier to remember that both admin parts on Directory Server are having the same password When getting the Configuration Window for Server Replication you should have Do not configure as a Supplier and also Do not configure as a Consumer selected Ca irri ee Lanm a es m Weed wires d eie et bieli Pade Dime Mime iil feii i i ae Ee en Benes es ee ee ey oe cee LLES i eee se EI Tee RG pee Ma ng OO py SAA Mig iA Mj pA a pe AD a ia Gaai e ien a i ele Fee d jp eed eeh PE du EI er a a Tappar enn Eeh ee rarr Ferreri eee e Er iT a ee ee La DTi rey Pee eis 2 eee p b u
10. Mask 255 255 255 0 6 IP Broadcast Address 192 166 10 lt 255 7 Router Description GROUP 1 0 IP router vport 8 RIP Mode Silent Active a Inactive i Deaf d Silent s 9 Routing disabled N 10 NHRP enabled N 11 Default Framing Ethernet II Ethernet II e Ethernet 802 3 8 IPX parameters 12 IPX enabled N save quit cancel 3 n save LDAPAUTH 1 gt gp Group Network Address Proto ID Group Description IP Subnet Mask Encaps VLAN ID or IPX Node Addr 1 Default GROUP 1 4 Create a Transfer Group LDAPAUTH 1 gt LDAPAUTH 1 gt crgp GROUP Number 2 Description no quotes TRANSFER Enable WAN Routing n Enable ATM CIP n Enable IP y IP Address 192 168 10 1 IP Subnet Mask Oxffffff00 IP Broadcast Address 192 168 10 255 Description 30 chars max Configure as Loopback n Disable routing n Enable NHRP n IP RIP mode Deaf d Silent s Active a Inactive i s Default framing type Ethernet II e Ethernet 802 3 SNAP 8 e Enable IPX y n Enter a priority level 0 7 0 Enable Group Mobility on this Group y n n y Enable User Authentication for this Group y n n y Enable Spanning Tree for this group y n y Do you wish to configure the interface group for this Virtual LAN at this time y Initial Vports Slot Phys Intf Range For example first I O Module slot 2 second Interface wou
11. Name if known Enter IP address or host name of server to be added to list h for help lt ret gt to exit 192 168 10 150 FORWARD TO Server List Item Server address Server Name if known 1 192 168 10 150 Enter IP address or host name of server to be added to list h for help lt ret gt to exit lt return gt UDP Relay Configuration 1 BOOTP DHCP Enabled Yes 11 Server Address list add delete SET 12 Forward Delay 3 Copyright 2001 Rainer Bemsel www bemsel com rainer bemsel com Page 23 of 24 CERETIFIEG This technical document has been created and evaluated by myself with the purpose to help friends Certified NOVELL to get into new technology and installations There is Novelle no financial interest however please respect the copyright CUBE 13 Maximum Hops 4 2 NBNS Enabled No 3 NBDD Enabled No 4 Generic Services Menu Command Item Value Help Quit Redraw Save Redraw save Saving config for service 0 Starting task UDP Relay configuration change service 1 UDP Relay initializing UDP Relay initialized LDAPAUTH 1 gt LDAPAUTH 1 gt Finally do a reboot LDAPAUTH 1 gt reboot Confirm n y Locking filesystem locked System going down immediately switch 4a5efbe8 System rebooted by admin Installing XVSS Client on a WIN95 or WIN NT 4 Workstation Please refer to one of my older OmniTips Authentication
12. ee cece ee a De pee 4a tH Cw dia ima Eai Done this you could choose to install Sample Original Structure but don t populate Database as you don t have a proper LDIF file available You may have seen in the SNS User s manual Section IP Control to disable Schema checking Do not disable yet as if really needed you can disable Schema checking on Server s Console as well So leave the default which is not disabling Copyright 2001 Rainer Bemsel www bemsel com rainer bemsel com Page 5 of 24 CERPIRiFRFIEG This technical document has been created and evaluated by myself with the purpose to help friends to get into new technology and installations There is no financial interest however please respect the copyright Certified OVELL ENGINEERSM bo ee ee le i SS ell pas Set ph ee Gd ee mE ee ee ee ee ee ee ee Se F Ppr HEH PW A PEAN AD a LDF sarr ee eee oe T Fee Peis Peal aS aa EE EEE a ay ced car P a feelers a jibe Peg od ee ed ae ey Be Ee CSE moa Lr a oi im ep Tatas rary Done this you set again a pre valued Server IP Address which is the local NT Server s IP Address Please verify if this is correct with your server otherwise change it here After having IP Address checked you may want to change the server s Administrator port as this number is choosen ramdomly and you always have to remember this port otherwise you won t be able to connect to
13. with Radius where have decribed the steps to install the XVSS Client Make sure you have DLC 32Bit Protocol available as you need it to get XVSS running Verify your configuration and have a good feeling once it is running A nice demonstration is by verifying the group membership of the port Do a vi on a certain port where you have a XVSS client connected You should group membership 1 as the default After authorizing using XVSS you should see a change at the group membership which should now say either 5 6 or 7 depending what user you have used to authorize Also open up the IP configuration tool on Windows 95 winipcfg exe and see the proper IP Address If you have any questions please do not hesitate to contact me via rbemsel ind alcatel com Copyright 2001 Rainer Bemsel www bemsel com rainer bemsel com Page 24 of 24 CERTIFIEG This technical document has been created and evaluated by myself with the purpose to help friends Certified NOVELL to get into new technology and installations There is Novella no financial interest however please respect the copyright CUBE ue FERFEEE
14. y Ts fie a e Leer eee ipods Lp er ie ciel F Se ace nd Ledeen eo a het appoi str eo Lor a ee ice ee Oa ae Oe poeta tye ai Eee rec eer ox coca Hee During the Creation Process you have to copy all required User Defined Attributes in the Box named Allowed Attributes Here s the summary Name IxylanAuthenticationPerson Parent top Required Attributes Allowed Attributes accountFailTime accountStartTime numberOfSwitchGroups SswitchGroups switchSeialNumber switchSlotPort To verify Check out your directory Netscape Server4 slapd freebird config you should find a new time set to slapd user_oc conf and by opening the file you see new addings Copyright 2001 Rainer Bemsel www bemsel com rainer bemsel com Page 12 of 24 CEG TiFRGE This technical document has been created and evaluated by myself with the purpose to help friends to get into new technology and installations There is no financial interest however please respect the copyright Certified OVELL ENGINEERSM Ue ENPE RT For your convenience you may also just copy the file into your Directory Server s slapd freebird config slapd user_oc conf Accept to overwrite If you already have a pre installed Directory Server with user defined attributes use an editor and extend your file with the entries user defined objectclasses These ObjectClasses are read
15. D oO secrete Manager Manager o xylan com 192 168 10 150 Directory Root nee eh oe RBemsel malibu Default DHCP 192 168 10 150 WinRoute 3 admin Switch Copyright 2001 Rainer Bemsel www bemsel com rainer bemsel com Page 2 of 24 CEG TiFRGE This technical document has been created and Certified OVELL ENGINEERSM no financial interest however please respect the copyright U g ERPE E evaluated by myself with the purpose to help friends to get into new technology and installations There is WorkStation DHCP Win95 NT 4 Idap user Idap user NetScape Directory Server Version 4 12 Administration Domain xylan com Server Port 3 89 Administration Port 115417 OmniSwitch SwitchType SwitchName Microcode User Password OS 4024 LDAPAUTH OS4024 4 1 3GA admin switch Installing Windows NT Server 4 0 preferable US Version and upgrade to Service Pack 4 I assume that I don t need to explain how to install Windows NT Server and do a Service Pack upgrade Just remember to install the server as Standalone Also have Netscape Communicator 4 7 installed before you start installing Directory Server Installing the Netscape Directory Server 4 12 Execute the installation file d412diu exe and follow the directions You will see a welcome window and continue with clicking on next You should read to Software License Agreement and if you are happy with it click o
16. This technical document has been created and evaluated by myself with the purpose to help friends Certified F NOVELL to get into new technology and installations There is Novella no financial interest however please respect the copyright ue FERFEEE 1 Create and fill an installation template Before you start to install make sure you have a Windows NT 4 0 Server in Standalone mode installed with Service Pack 4 upgraded A template should be used during installation and also as a reference for further use Netscape Directory Server Parameters Issue in a DOS BOX the command ipconfig all and get the output in here c gt ipconfig all gt c temp ipconfig txt Windows NT IP Configuration Host Name i ss lt sS freebird xylan com Node Type Broadcast IP Routing Enabled 0 IN WINS Proxy Enabled 0 Moo NetBIOS Resolution Uses DNS No Ethernet adapter E100B20 Description Intel EtherExpress PRO 100B PCI LAN Adapter Physical Address 00 A0 C9 10 BF 21 sss DHCP Enabled No IP Address sS SC Sd 092 168 1010 Subnet Mask 1255 255 2550 Default Gateway 0 9268101 Administration Accounts Passwords and additional Information Server and Stations Server Name Ip Address Application Service Pack User Password Freebird 192 168 10 150 4 0 Server 4 admin switch Freebird 192 168 10 150 Directory Server admin secret99 Admin Freebud 192 168 10 150
17. cae TI a Jali niri Bini a Bn TI j dirimi Thri dnjih aal op miljea Ben iri Baje Teili dees F ie EH Poe Tie epi be Erh peices ech beep ie bi d en en oe Et l era nia HEES TIRI DM ed A r be ce ered Ba apni gip Dei Dhi Iit Coe as il p Lhen See Poles oe ae Face Saeed aa Tre Bed 5 TIEN ede EA S Beak Biri peal Beak EFi a Dp After clicking next you should see This instance will be the configuration directory server selected which should remain like that Also you will be notified on the next window with pre selected Store data in this directory server Server port is grayed as well as Bind As and Suffix Compare it with your template should be seen or if not already filled get the missing data in you template Le Hh rH ee i e Pe Sa Tap aap ee ej y ja pg id M op m ina CS ee Se ee Se Se Ma d e N a ENT thar HD jE ra PA ee N HE E H EEANN a ae ie Lees Pos ARG fe rm Me fi tapas fey pl be ee Peed ie oe ee ee ee AE a a ee Le l Bat Ae r iire eee Moe ra wa mw E 23 i EHen jai cet mer coe u p _ Another Server Settings Window will give you the opportunity the change Server Identifier Server Port amp Suffix which should already be filled with correct data Don t change it here better go back and change first the Windows NT Network settings Done this you will have to set Directory Server Administrator s password which have set to secret99
18. enter password once more malibu this entry is hidden Enter LDAP server in the format IPaddress Port Separate each server by space LDAP server chain 192 168 10 150 389 LDAP server type to l Generic Schema 2 Netscape Directory Server 3 Novell NDS 4 Sun Directory Services 2 LDAP server retry attempts 3 LDAP server response timeout Seconds 30 LDAP server accounting on off l on 2 off 1 LDAP server login fail log identifier DENIED LDAPAUTH 1 gt Check connectivity to Directory Server LDAPAUTH 1 gt avlslserver LDAP server 192 168 10 150 389 is alive and happy LDAPAUTH 1 gt Configure Ports for Authentication LDAPAUTH 1 gt LDAPAUTH 1 gt avlports Do you wish to add or delete a port add lt return gt Which ports do you wish to add 2 3 2 4 2 8 2 9 2 10 2 11 LDAPAUTH 1 gt Configure DHCP Relay Function LDAPAUTH OS4024 gt relayc UDP Relay Configuration 1 BOOTP DHCP Enabled No 2 NBNS Enabled No 3 NBDD Enabled No 4 Generic Services Menu Command Item Value Help Quit Redraw Save Redraw l yes UDP Relay Configuration 1 BOOTP DHCP Enabled Yes 11 Server Address list add delete UNSET 12 Forward Delay 3 13 Maximum Hops 4 2 NBNS Enabled No 3 NBDD Enabled No 4 Generic Services Menu Command Item Value Help Quit Redraw Save Redraw 1l add FORWARD TO Server List Item Server address Server
19. horize using XVSS Client connected to OmniSwitches Do it the same way as you have created the Xylan com top user Instead of creating the users on top you have to highlight People 12 When having added the new user to the database the new name appears on the right side Highlight the name click on right mouse button and open the properties When the window is open click on Advanced to add some new attributes and values which are mandatory to have Authentication working Click on Object Class within this window click on right mouse button and choose add value A new window appears scroll down to the end finding xylanauthenticationperson Highlight and click on OK WP Property Edea welrey Traa ina ae Fic Ed Verwv os Fao Hee il MaE Fimi mani er L Corr Lemay Fadi ra ia iiw itr O p Pare eee y Canine Pepe k Ea Prana AM pea er W n H Ti ja Caste uah Tf sistem BERBER EERE RRR 4 o j aa j You should see a new value inside the Object Class box Now click on Edit and highlight add Attribute Copyright 2001 Rainer Bemsel www bemsel com rainer bemsel com Page 14 of 24 CEETIFIED This technical document has been created and evaluated by myself with the purpose to help friends to get into new technology and installations There is no financial interest however please respect the copyright Certified OVELL ENGINEERSM U ERPE E scroll down to find numberofswitchgroups
20. ied by ether type in hex 6 Protocol specified by DSAP and SSAP in hex 7 Protocol specified by SNAP in hex 8 ALL PROTOCOLS Enter protocol type 1 8 Configure binding rules for this group y n y n LDAPAUTH 1 gt Check your groups LDAPAUTH 1 gt gp Group Network Address Proto ID Group Description IP Subnet Mask Encaps VLAN ID or IPX Node Addr 1 Default GROUP 1 2 Transfer 192 168 10 1 IP Pierre UU 3 ETH 5 Movie Directors 192 168 5 1 IP TE ff ff 00 ETH2 6 Rock Stars 192 168 6 1 IP eka ETH2 7 Actors 192 168 7 1 IP EEG etre ETH2 LDAPAUTH 1 gt Activate Authentication LDAPAUTH 1 gt LDAPAUTH 1 gt layer2 Layer 2 User Authentication is not enabled Set authentication type to r RADIUS 1 LDAP Set authentication to 0 Disabled 1 Enabled 0 I1 LDAPAUTH 1 gt Copyright 2001 Rainer Bemsel www bemsel com rainer bemsel com Page 22 of 24 EERTIFIEG This technical document has been created and evaluated by myself with the purpose to help friends Certified NOVELL to get into new technology and installations There is Novelle no financial interest however please respect the copyright CUBE Configure Directory Server Connection LDAPAUTH 1 gt avllschain LDAP server search base o xylan com LDAP server super user rdn uid RBemsel LDAP super user password malibu this entry is hidden Please
21. inistrators ou TopologyManagement o NetscapeRoot createtimestamp 200008231500292Z modifytimestamp 200008231500292Z Configure Switch for Authentication and Relay Verify your hardware LDAPAUTH 1 gt slot Module Type Adm Status HW Board Mfg Firmware Version Slot Part Number Oper Status Rev Serial Date Base MAC Address 1 MPM 1G Enabled A6 71221951 03 20 97 4 1 3 GA 05014306 Operational 00 20 da 8b 5c 7f 2 Ether 12 Enabled E2 71245118 10 24 97 4 1 3 GA 05011206 Operational 00 20 da 7e 33 4 3 Empty LDAPAUTH 1 gt Turn Group Mobility on LDAPAUTH 1 gt gmcfg Group Mobility is Disabled Enable Group Mobility yes no no y move_to_def is set to Disabled Set to Enable yes no no lt return gt def_group is set to Enable Set it to Disable yes no no lt return gt LDAPAUTH 1 gt Disable IP on Default Group LDAPAUTH 1 gt modvl 1 Current values associated with GROUP 1 1 are as follows 1 GROUP Number 1 1 2 Description Default GROUP 1 IP parameters 3 IP enabled Y 4 IP Network Address 192 168 10 1 Copyright 2001 Rainer Bemsel www bemsel com rainer bemsel com Page 18 of 24 CERETIFIEG This technical document has been created and evaluated by myself with the purpose to help friends Certified NOVELL to get into new technology and installations There is Novelle no financial interest however please respect the copyright CUBE 5 IP Subnet
22. ion 3 0 acl Directory Administrators Group allow all groupdn ldap ou Directory Administrators o xylan com aci targetattr version 3 0 acl SIE Group allow all groupdn ld ap cn slapd freebird cn Netscape Directory Server cn Server Group cn f reebird xylan com ou xylan com o NetscapeRoot modifiersname cn Directory Manager modifytimestamp 200008102321362 dn ou Directory Administrators o xylan com description Entities with administrative access to this directory server creatorsname cn Directory Manager createtimestamp 200008102321332 objectclass top objectclass organizationalunit objectclass groupofunigquenames ou Directory Administrators cn Directory Administrators modifiersname cn Directory Manager modifytimestamp 200008102321362 dn ou Groups o xylan com objectclass top objectclass organizationalunit ou Groups creatorsname cn Directory Manager modifiersname cn Directory Manager createtimestamp 200008102321362 modifytimestamp 200008102321362 dn ou People o xylan com objectclass top objectclass organizationalunit ou People aci targetattr userpassword telephonenumber facsimiletelephonenumber version 3 0 acl Allow self entry modification allow write userdn 1 dap self aci targetattr cn sn uid targetfilter ou Accounting version 3 0 acl Accounting Managers Group Permissions allow write groupdn ld ap c
23. ions There is Novelle no financial interest however please respect the copyright CUBE objectclass organizationalPerson objectclass inetOrgPerson objectclass xylanauthenticationperson cn Wesley Snipes uid WSnipes givenname Wesley sn Snipes userpassword blade numberofswitchgroups 1 creatorsname uid admin ou Administrators ou TopologyManagement o NetscapeRoot modifiersname uid admin ou Administrators ou TopologyManagement o NetscapeRoot createtimestamp 200008181638582Z modifytimestamp 200008181638582 dn uid MGibson ou People o xylan com objectclass top objectclass person objectclass organizationalPerson objectclass inetOrgPerson objectclass xylanauthenticationperson cn Mel Gibson uid MGibson givenname Mel sn Gibson userpassword payback numberofswitchgroups 1 creatorsname uid admin ou Administrators ou TopologyManagement o NetscapeRoot createtimestamp 200008181640212Z switchgroups 7 modifiersname uid admin ou Administrators ou TopologyManagement o NetscapeRoot modifytimestamp 200008181734522Z dn uid jwalsh ou People o xylan com switechqroups 6 objectclass top objectclass person objectclass organizationalPerson objectclass inetOrgPerson objectclass xylanauthenticationperson cn Joe Walsh uid jwalsh givenname Joe sn Walsh userpassword rocky numberofswitchgroups 1 creatorsname uid admin ou Administrator
24. ld be 2 2 Specify a range of interfaces and or a list as in 2 1 3 3 3 3 5 4 6 8 Initial Slot Interface Assignments 2 1 2 1 This interface is currently assigned to GROUP 1 Default GROUP 1 Do you wish to remove it from that GROUP and assign it with new configuration values to this GROUP y n c to Accept defaults n c Adding port 2 1 to GROUP 2 You may modify interfaces to this group using the addvp modvp and rmvp commands at a later date if you choose Configure Auto Activated LEC service y n y n Copyright 2001 Rainer Bemsel www bemsel com rainer bemsel com Page 19 of 24 EERTIFIEG This technical document has been created and evaluated by myself with the purpose to help friends Certified NOVELL to get into new technology and installations There is Novelle no financial interest however please respect the copyright CUBE Select Protocol for this group LP IPX DECNET APPLETALK Protocol specified by ether type in hex Protocol specified by DSAP and SSAP in hex Protocol specified by SNAP in hex 8 ALL PROTOCOLS Enter protocol type 1 8 YA OP WN EF Configure binding rules for this group y n y LDAPAUTH 1 gt Create your authenticated User Groups GROUP No 5 LDAPAUTH 1 gt LDAPAUTH 1 gt crgp GROUP Number 3 5 Description no quotes MOVIE DIRECTORS Enable WAN Routing n Enable ATM CIP n Enable IP y IP
25. n Accounting Managers ou groups o xylan com aci targetattr cn sn uid targetfilter ou Human Copyright 2001 Rainer Bemsel www bemsel com rainer bemsel com Page 15 of 24 CEERTIUFIEG This technical document has been created and evaluated by myself with the purpose to help friends ertifie e i novel to get into new technology and installations There is Novelle no financial interest however please respect the copyright CUBE Resources version 3 0 acl HR Group Permissions allow write groupdn ldap cn HR Managers ou groups o xylan com aci targetattr cn sn uid targetfilter ou Product Testing ver sion 3 0 acl QA Group Permissions allow write groupdn ldap cn QA M anagers ou groups o xylan com aci targetattr cn sn uid targetfilter ou Product Development version 3 0 acl Engineering Group Permissions allow write groupdn I dap cn PD Managers ou groups o xylan com creatorsname cn Directory Manager modifiersname cn Directory Manager createtimestamp 200008102321362 modifytimestamp 200008102321362 dn ou Special Users o xylan com objectclass top objectclass organizationalUnit ou Special Users description Special Administrative Accounts creatorsname cn Directory Manager modifiersname cn Directory Manager createtimestamp 200008102321362 modifytimestamp 200008102321367 dn uid JCarpenter
26. n yes select Netscape Servers Installation which is already default marked and click on yes Next windows let you choose from Express Typical Custom type installation where you should choose Custom Pe Faai H Coina Be a a1 8 Pek ee cd epee ac pH Tee ce ee Chee Bey ee ot cher pe peeks Fg ci Fl rE Ere Fr u ae n emmilia h Ee mrn ma s EPH Ha TE Ae I E i een i Oe Be ra m ain cant a ba semen a ta lle eee iii i l Ti U Dp Prades ll be ehej seh eet cd es ce eer gi Haea feed kya orcad ae A EESTILE oe Te Hace praa ee We pe fies d ee ee Jee sph m ama beni kap oo Lapa m ad Marlieri Rag itil aes pmm eee Agere ed ba eee ee sme pees cues me Copyright 2001 Rainer Bemsel www bemsel com rainer bemsel com Page 3 of 24 ECEETIFIE D This technical document has been created and evaluated by myself with the purpose to help friends to get into new technology and installations There is no financial interest however please respect the copyright Certified OVELL ENGINEERSM U ERPE E Now you can define the Installation Directory and Product Selections On Select Products you should have selected Netscape Server Products Core Components Netscape Directory Suite Administration Services If you want to check with change button the selected features are all pre selected and should remain like that Pale he ee ee ee hl cle a ec eos a we ote ri ell Pcie F HH Cateye ee ea
27. ou People o xylan com Switohgroupsi 5 mail objectclass top objectclass person objectclass organizationalPerson objectclass inetOrgPerson objectclass xylanauthenticationperson cn John Carpenter uid JCarpenter givenname John Sn Carpenter numberofswitchgroups 1 creatorsname uid admin ou Administrators ou TopologyManagement o NetscapeRoot createtimestamp 200008181636382Z userpassword snake modifiersname uid admin ou Administrators ou TopologyManagement o NetscapeRoo t modifytimestamp 20000818164945zZ dn uid rvzant ou People o xylan com switchgqroups 6 objectclass top objectclass person objectclass organizationalPerson objectclass inetOrgPerson objectclass xylanauthenticationperson cn Ronnie VanZant uidi rvzant givenname Ronnie sn VanZant userpassword freebird numberofswitchgroups 1 creatorsname uid admin ou Administrators ou TopologyManagement o NetscapeRoot modifiersname uid admin ou Administrators ou TopologyManagement o NetscapeRoo E createtimestamp 200008181637572Z modifytimestamp 200008181637572Z dn uid WSnipes ou People o xylan com switchgroups 7 objectclass top objectclass person Copyright 2001 Rainer Bemsel www bemsel com rainer bemsel com Page 16 of 24 CEERETIFIEG This technical document has been created and evaluated by myself with the purpose to help friends Certified NOVELL to get into new technology and installat
28. ri dh a T idle is sine rh bed GT T PEE ET eS 5 Once you have clicked on Schema the right part of the window has changed Click on Attributes and you will see an empty window at User defined Attributes Below that window there s a create button to add user defined attributes which are need for User Authentication using Omni Products ini Ehi ere ie m ine Fe Bpr eh nee en ee n ma o m e n Copyright 2001 Rainer Bemsel www bemsel com rainer bemsel com a i G Certified NOVELL ENGINEERSM kike mr Peers See a m Pole tet eo A gt Se i a FERFIT I TAEL 1 E Peed m nE k TTN l A ib hp eis ThT Core bra rg Came Freed Tr bbb t LET Care Erri frg eur gee Thery 1 Ue This technical document has been created and evaluated by myself with the purpose to help friends to get into new technology and installations There is no financial interest however please respect the copyright You will have to create each of below s attributes here Attribute OID doesn t need to be filled Following Attributes needs to be added in here Attribute Name Syntax IswitchGroups integer InumberOfSwitchGroups integer laccountFailTime Case Ignore String laccountStartTime Case Ignore String laccountStopTime Case Ignore String lswitchSerialNumber Case Ignore String IswitchSlotPort Case Ignore String IclientMACAddress Case Ignore String clienti PAddress Case Ignore String
29. s ou TopologyManagement o NetscapeRoot modifiersname uid admin ou Administrators ou TopologyManagement o NetscapeRoot createtimestamp 200008181643242Z modifytimestamp 20000818164324zZ dn uid JBruck ou People o xylan com swiitchgqroups 5 objectclass top objectclass person objectclass organizationalPerson objectclass inetOrgPerson objectclass xylanauthenticationperson cn Jerry Bruckheimer uig Jaruck givenname Jerry sn Bruckheimer userpassword conair numberofswitchgroups 1 Copyright 2001 Rainer Bemsel www bemsel com rainer bemsel com Page 17 of 24 EERTIFIEG This technical document has been created and evaluated by myself with the purpose to help friends Certified NOVELL to get into new technology and installations There is Novelle no financial interest however please respect the copyright CUBE creatorsname uid admin ou Administrators ou TopologyManagement o NetscapeRoot modifiersname uid admin ou Administrators ou TopologyManagement o NetscapeRoot createtimestamp 200008181647142Z modifytimestamp 200008181647142Z dn uid RBemsel o xylan com ob lectelass top objectclass person objectclass organizationalPerson objectclass inetOrgPerson cn Rainer Bemsel uid RBemsel givenname Rainer sn Bemsel userpassword malibu creatorsname uid admin ou Administrators ou TopologyManagement o NetscapeRoot modifiersname uid admin ou Adm
30. the user s interface of LDAP Database If you are using this document you may choose 15417 as this is the number personally always use and still remember without any template Gmbh See I Abc Ahero einn weh Ci Selecta Tht dhai Se a a eed ral a D paap an hep pia Th cece aana a fon be biatah 6 Laia Got aia ho bean chon E dier phe 5 vre lF abiri vou pant ip coniu fhe Aiei 9 ee bard ka pacik IP siba rather Han thes dll IP akbas cd fhe coset beet rea a Eha eba ddninainsion pat 117 TER DAN Mer PLA Fi wras by cle ig o Fe hee Con kie ii Dat Li hips Pera Faila piragi i EINE Biip a core PHT Esr diia then Gaderer ate See pal ears the Gabra Sencar The eee ce be eee heehee Sores Pk iniga pa feh F hee eb Cota hini sa cei cod dal b OE ema E Ome E _ cot Now you have done with custom setting and you may want to verify them You will get a Configuration Summary Window which have listed here CONFIGURATION SUMMARY Netscape Server Products Installation Directory Server Root F Netscape Server4 Copyright 2001 Rainer Bemsel www bemsel com rainer bemsel com Page 6 of 24 CEETIFIED This technical document has been created and evaluated by myself with the purpose to help friends to get into new technology and installations There is no financial interest however please respect the copyright Certified NOVELL ENGINEERSM Server Core Binaries Netscape Server Products Core
31. w technology and installations There is no financial interest however please respect the copyright GROUP No 6 LDAPAUTH 1 gt LDAPAUTH 1 gt crgp GROUP Number 2 6 Description no quotes ROCK STARS Enable WAN Routing n Enable ATM CIP n Enable IP y IP Address 192 168 6 1 IP Subnet Mask Oxffffff00 IP Broadcast Address 192 168 10 255 Description 30 chars max Configure as Loopback n Disable routing n Enable NHRP n IP RIP mode Deaf d Silent s Active a Inactive i s Default framing type Ethernet II e Ethernet 802 3 SNAP 8 e Enable IPX y n Enter a priority level 0 7 0 Enable Group Mobility on this Group y n n y Enable User Authentication for this Group y n n y Enable Spanning Tree for this group y n y Do you wish to configure the interface group for this Virtual LAN at this time y n Group 6 has been added to the system You may modify interfaces to this group using the addvp modvp and rmvp commands at a later date if you choose Configure Auto Activated LEC service y n y n Select Protocol for this group Le LE 2w LPX 3 DECNET 4 APPLETALK 5 Protocol specified by ether type in hex 6 Protocol specified by DSAP and SSAP in hex 7 Protocol specified by SNAP in hex 8 ALL PROTOCOLS Enter protocol type 1 8 Configure binding rules for this group y n y n LDAPAUTH 1 gt GROUP No 7
32. writable over LDAP The ObjectClasses in slapd oc conf are read only and may not be updated objectclass xylanauthenticationperson oid xylanauthenticationperson oid Superior top allows accountFailTime accountStartTime accountStopTime clientIPAddress clientMACAddress numberOfSwitchGroups SwitchGroups switchSerialNumber SwitchSlotPort Now it s time to get user s into your directory Getting User s into the database and define Group membership 9 Move forward to Directory tab highlight xylan com or the domain you are administering and click on right mouse button From here you can add The switch s RND to be used for avilschain on the switch with your directory ected epee Bebo ge Lee pe hell 10 have used my own name which will be also used in the switch configuration As password have used malibu as you will have to remember this when configuring the switch with avilschain when setting the value for RDN Copyright 2001 Rainer Bemsel www bemsel com rainer bemsel com Page 13 of 24 CERPTIRFRFIEG This technical document has been created and evaluated by myself with the purpose to help friends to get into new technology and installations There is no financial interest however please respect the copyright Certified NOVELL ENGINEERSM 11 Again get back to Directory Window and highlight People click on right mouse button and go to create new users These Users are the ones which have to aut

User Authentication with NetScape Directory Server 4.12

Contents

Download Pdf Manuals

Related Search

Related Contents