Does anyone ever post in here just to say "Hi! I'm not having a problem
- everything's running just GREAT!"?

Nah, I didn't think so. <grovel> Volunteer sysops are the greatest, and
I appreciate the unpaid time you put into helping us poor slobs out.
</grovel>

I've set up a new container within eDirectory, and am trying to
configure RADIUS (3.28, March 6 2003 - I know, an old version... but
it's working great!) to allow users within that container to VPN in via
our Cisco VPN concentrators.

For my effort, Bordermanager's RADIUS screen tells me "Access rejected"
and "Unable to locate authentication rule".

In NWAdmin, I have done the following:

Gotten details on my new container and checked the "Enable Dial Access"
box in the "Dial Access Services"... uh, tab(?) and put the fully
qualified name (radius.ou.o) of my RADIUS service in the "Dial Access
System" field. Do I have to browse NDS to populate this field, or can I
just type it in?

Gotten details on [Root] -> Security -> Login Policy -> Rules and
modified my RADIUS service by adding my new container to the list.

Gotten details on my RADIUS service -> Username Resolution and added my
new context.

If memory serves, these are the three magic things I have to do for our
users to VPN in... but I still get the "Unable to locate authentication
rule" message.

Do I have to bounce my Bordermanager box for these changes to take effect?

Thanks for any help.

John