RADIUS Services for NDS

With RADIUS Services for NDS, you can use your own RADIUS-compliant network access server, or you can let an Internet service provider (ISP) maintain network access servers. In either case, you control access to your network through NDS. Installed as a NetWare Loadable Module, RADIUS Services for NDS includes a snap-in to the NetWare Administrator (NWAdmin) utility, so you can manage remote user accounts with the same administrative utility you use to manage your enterprise network. You can assign network access rights to a single user or an entire container.

Features

• Supports the RADIUS protocol
• Integrates with NDS for simplified user administration
• Includes RADIUS proxy services
• Works with RADIUS-compliant network access servers

Full Support for RADIUS
The RADIUS protocol is designed to carry authentication information between a network access server and a server that contains a database of user account information. Originally developed by Livingston Enterprises, Inc., the RADIUS protocol has become a de facto industry standard, and the Internet Engineering Task Force is establishing the RADIUS protocol as an official Internet standard. When you install RADIUS Services for NDS on an IntranetWare or NetWare server, that server becomes the authentication server--known as the RADIUS server--for your network. The RADIUS server authenticates each remote user through a series of communications with his or her workstation; these communications are relayed from the remote client to the RADIUS server through any third-party RADIUS-compliant network access server.

When a remote user dials in to your network access server, the server requests a user ID and password. Using a remote-link authentication protocol such as Password Authentication Protocol (PAP), the user’s client software passes the ID and password over the link to the network access server. (RADIUS Services for NDS also supports Challenge Handshake Authentication Protocol (CHAP), which uses a challenge-and-response mechanism to authenticate the user.) The network access server then uses the RADIUS protocol to encrypt the password and pass it and the user ID to the RADIUS server, requesting authentication for the user to access network resources. The RADIUS server decrypts the password and checks it and the user ID against the users’ user object. Based on the information in the user object, the RADIUS server tells the network access server to accept or reject the user’s access request. If the user’s request for access is accepted, the RADIUS server also sends the network access server configuration information detailing the type of connection service--such as the Point-to-Point Protocol--to deliver to the user.

Simplified User Administration With RADIUS Services for NDS, remote users have a single user identity, so you can manage everything relating to their accounts--such as rights to applications, rights to file and print services, and dial-in configuration information--through NDS, instead of having to use a separate database specifically for remote users. And if you have multiple RADIUS servers on your network, you won’t have to maintain multiple databases because NDS automatically replicates and synchronizes all user information across your entire network.

RADIUS Services for NDS includes a snap-in to NWAdmin, so you can manage RADIUS Services for NDS, remote user accounts, and users’ configuration information from a remote client or from any workstation on the network on which you install the snap-in.

RADIUS Proxy Services
With RADIUS proxy services, you can outsource the costly, time-consuming management of modems and network access servers to an ISP while retaining administrative control over remote user accounts through NDS. To access your network through the Internet, a remote user first dials in to an ISP’s access server, which requests a user ID and password. The ISP’s access server then forwards the user’s network access request to a RADIUS proxy server on the ISP’s network. The proxy server forwards the request to your company’s RADIUS server. (The RADIUS proxy server can forward the request over the public Internet; however, the request will travel over only the ISP’s private network if your company has a direct connection to the ISP.) Your company’s RADIUS server checks the information provided by the remote client against the information stored in NDS, then accepts or rejects the user’s request for access. If it accepts the request, the RADIUS server also returns configuration information detailing the type of connection service to deliver to the user.

Works With RADIUS-Compliant Network Access Servers
Because RADIUS is an industry standard, you can choose from a wide variety of third-party RADIUS-compliant network access server hardware and software to enable any number of remote users to dial in to your network.

Software Requirements

• IntranetWare intranet platform or NetWare 4.1 NOS or above
• TCP/IP protocol stack configured and loaded

Administration Workstation

• Windows 95 or Windows NT Workstation 4.0
• IntranetWare Client for Windows 95

Network Access Server

• RADIUS-compliant
• If you want to provide users with file and print services on your network, your network access server must use network access software that supports IPX

• Dial-in software
  Most dial-in software (for example, the dialer included with Windows 95) is supported.
• To access file and print services on your network, the remote client must use remote access software that supports IPX

Hardware Requirements

• 150KB of RAM
• 150KB of free disk space

• 2MB of free disk space

Ordering Information