I get "login failed" messages on the iChain 2.3 login page.
Articles and Tips: qna
09 Dec 2004
Q.
I have two iChain appliances, one running iChain 2.2 and the other running version 2.3. Both are configured with a SecurID authentication profile which uses a Novell RADIUS server (NetWare 6.5 Support Pack 1) to forward tokens to our ACE server. This works perfectly from the iChain 2.2 server but not from the 2.3 server. Both are configured identically, and I see "access accepted" on the RADIUS screen for both iChain servers, but on the iChain 2.3 login page, I get "login failed" messages.
A.
The Radius server returns an ACCEPT to the iChain box, but Radius doesn't return an FDN, just a CN of the user.
You need to configure the iChain box to search for the user's FDN in the Authentication tree through LDAP. Try the following on the iChain Proxy Server screen:
SET AUTHENTICATION ACLCHECK LDAP BINDANONYMOUS = NO ADD AUTHENTICATION ACLCHECK LDAP SEARCHBASE = O=<yourbase O in eDir> or ADD AUTHENTICATION ACLCHECK LDAP SEARCHBASE = OU=<yourbase OU in eDir> APPLY
* Originally published in Novell Connection Magazine
Disclaimer
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.