Novell is now a part of Micro Focus

I get "login failed" messages on the iChain 2.3 login page.

Articles and Tips: qna

09 Dec 2004


Q.

I have two iChain appliances, one running iChain 2.2 and the other running version 2.3. Both are configured with a SecurID authentication profile which uses a Novell RADIUS server (NetWare 6.5 Support Pack 1) to forward tokens to our ACE server. This works perfectly from the iChain 2.2 server but not from the 2.3 server. Both are configured identically, and I see "access accepted" on the RADIUS screen for both iChain servers, but on the iChain 2.3 login page, I get "login failed" messages.

A.

The Radius server returns an ACCEPT to the iChain box, but Radius doesn't return an FDN, just a CN of the user.

You need to configure the iChain box to search for the user's FDN in the Authentication tree through LDAP. Try the following on the iChain Proxy Server screen:

SET AUTHENTICATION ACLCHECK
LDAP BINDANONYMOUS = NO
ADD AUTHENTICATION ACLCHECK
LDAP SEARCHBASE = O=<yourbase O in eDir>
or
ADD AUTHENTICATION ACLCHECK
LDAP SEARCHBASE = OU=<yourbase OU in eDir>
APPLY

* Originally published in Novell Connection Magazine


Disclaimer

The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.

© Copyright Micro Focus or one of its affiliates