Using NDS (eDirectory) Authentication

Use the information in this section to understand, create, and use NDS authentication profiles.


How NDS (eDirectory) Authentication Works

Figure 55 illustrates how NDS authentication can be used to control access to proxy services

Figure 55


Platforms Supported

The following table summarizes the platforms supported for NDS authentication:


Table 16.

Network Component Software Requirements

Workstation

An SSL-capable Internet browser

(For NDS single sign-on, Windows 95, 98, NT, or 2000)

Cache Device

Excelerator 2.x

NDS Database

NetWare 5 or later

Preparing Your Network for NDS (eDirectory) Authentication

Figure 56 summarizes the configuration requirements for NDS authentication:

Figure 56


Setting Up NDS (eDirectory) Authentication

After you have completed the steps in Preparing Your Network for NDS (eDirectory) Authentication, you can set up an NDS authentication profile by completing the following procedure.

  1. In the browser-based management tool, click Cache > Authentication > Insert.

  2. Type a name for the profile in the Authentication Profile Name field.

    IMPORTANT:  Each profile name created on a cache device must be unique. Excelerator doesn't recognize case differences (MyProfile and myprofile are the same name to Excelerator) and it will overwrite and concatenate previously created profiles without warning if a duplicate name is used. For more information, see Authentication Dialog Box.

  3. Check NDS Authentication > click Options.

  4. In the NDS Server Address field, type the IP address of the eDirectory server (can be NetWare, Microsoft Windows 2000/NT, Linux, or Solaris) with the read/write or master NDS partition to which users will authenticate.

  5. In the Users' Default Context List, include the contexts for all users who will be authenticating by clicking Insert and typing the NDS Context and NDS tree for each context.

  6. When you have inserted all the contexts, click OK.

  7. Click OK > OK.

  8. Assign the profile to one or more proxy services as described in each service tab section in Using the Cache Panel.


Enabling NDS Single Sign-On for an NDS Authentication Profile

You can enable NDS single sign-on by completing the following steps:

  1. Complete the instructions in Setting Up and Enabling NDS (eDirectory) Single Sign-On, then return to this procedure.

  2. At the cache device's System prompt, enter the following commands:

    set authentication name nds tryndssinglesignon=yes

    set authentication name nds ndssinglesignonreplytime=seconds

    set authentication name nds ndssinglesignonnoresponsesettime=seconds

    where name is the name of the NDS profile and seconds represents the time the service will wait for responses from the Novell client and NDS server, respectively.

  3. At the command line, enter

    apply