During an IDM implementation I was told I needed to upgrade all my NW6.5 servers to SP8 and e-Dir 8.8. Another change around the same time is that a Bordermanager 3.9 server was loaded into the tree to prep for a switchover from our current Bordermanager 3.8 servers. After doing these things we found that we could not manage RADIUS clients through ConsoleOne anymore. There is now a RADIUS section in iManager but attempting any option within it tells me the schema must be updated. Attempting to update the schema gives:
Schema conflict detected. Conflict details: [ ObjectClass Name(OID): rADIUSProfile(2.16.840.1.113719.1.39.42.2.0.10) Conflicts with Freeradius Objectclass : radiusprofile(1.3.6.1.4.1.3317.4.3.2.1) ]
This message can be found in the knowledgebase or in Google searches but following those fixes do not work. Those fixes tell me to download files which are no longer available or read posts which are no longer available or reference pages which have downloads which do not contain the files that the TID says they should. For example,
Radius plug-in for iManager 2.7 unable to extend the schema
From my reading it sounds as though applying a fix to make this FreeRADIUS error go away might break my working-but-not-configurable BM 3.8 RADIUS implementation, but I am not certain about that. It is also not clear whether I can manage my current RADIUS servers which came with BM 3.8 using iManager even if I were able to make this error go away.
I need to know if I can get whatever Novell's recommended replacement for RADIUS (freeRADIUS?) running in the same tree with my old RADIUS servers so that I can begin configuring it to accept requests from client devices while the old system continues to run. I would also like to be able to enable/disable RADIUS access for users through iManager.
My environment is like this: I have a Bordermanager 3.8 with RADIUS at corporate headquarters and each of my remote sites. Each site also has its own Internet connection through a Cisco firewall which also provides client-to-site VPN. That VPN endpoint authenticates incoming users against the RADIUS server running at that same remote site.
I think FreeRADIUS only runs on Linux not Netware, so I have a problem if Novell says I must change all my servers to FreeRADIUS. I would have to change all my remote Bordermanager servers to run Linux. Some of those servers also run other services, tape backup software, etc. and it would require simultaneous trips to those locations, so that would be impossible.
However if I can get FreeRADIUS and the old BM 3.8 RADIUS running at the same time in the same tree then I can possibly work around the issue by configuring new client devices at all sites to use freeRADIUS and leave existing devices alone so they will continue to work with the old system until such time as they are replaced.
Can anyone answer the questions I posed above or provide helpful input on what to do in this situation?
BM 3.8 RADIUS and FreeRADIUS
Threaded Mode
