Bay Networks NA Скачать руководство пользователя | Manualshive

Страница: 66 / 88

background image

Using Remote Access Concentrator Server Tools for Windows NT

Chapter 4 Using Security Features

4-6

PPP Security

Point-to-Point (PPP) provides a link between hosts that carry IP, IPX, and
ARA protocols. After PPP negotiates Link Control Protocol (LCP)
options, the hosts at either end of the link authenticate their identities
using PAP or CHAP security protocols.

•

PAP is a two-way handshake in which hosts exchange user
names and passwords in clear text.

•

CHAP is a three-way handshake that uses a secret token defined
in the acp_userinfo file to authenticate users.

▼

To configure Windows NT security for PPP links, you must set the
ppp_security_protocol parameter.

•

If you set ppp_security_protocol to pap, the system uses
Windows NT user names and passwords for authentication.

•

If you set ppp_security_protocol to chap–pap, the system first
requests CHAP security. If CHAP is not acknowledged, it
requests PAP.

CHAP does not authenticate Windows NT user names,
passwords, or remote access groups. It authenticates
based on user names from the acp_userinfo file and the
CHAP token.

▼

To log user access for PPP, set the slip_ppp_security parameter to

Y

.

If you want to set ppp_security_protocol and slip_ppp_security to
values other than the ones described here, the system will not use

Windows NT

user names and passwords for authentication.

«
...
64
65
66
67
68
...
»

Содержание NA

Страница 1: ...Part No 118358 A Rev A September 1997 Marketing Release 5 1 Remote Access Concentrator Software Server Tools for Windows NT Using ...

Страница 2: ...ited States Government is subject to restrictions as set forth in subparagraph c 1 ii of the Rights in Technical Data and Computer Software clause at DFARS 252 227 7013 Notwithstanding any other license agreement that may pertain to or accompany the delivery of this computer software the rights of the United States Government regarding its use reproduction and disclosure are as set forth in the Co...

Страница 3: ...IES INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE In addition the program and information contained herein are licensed only pursuant to a license agreement that contains restrictions on use and disclosure that may incorporate by reference certain limitations and notices imposed by third parties ...

Страница 4: ...its licensors retain all title and ownership in both the Software and user manuals including any revisions made by Bay Networks or its licensors The copyright notice must be reproduced and included with any copy of any portion of the Software or user manuals Licensee may not modify translate decompile disassemble use for any competitive analysis reverse engineer distribute or create derivative wor...

Страница 5: ...rks does not warrant a that the functions contained in the software will meet the Licensee s requirements b that the Software will operate in the hardware or software combinations that the Licensee may select c that the operation of the Software will be uninterrupted or error free or d that all defects in the operation of the Software will be corrected Bay Networks is not obligated to remedy any S...

Страница 6: ...clause of FAR 52 227 19 and the limitations set out in this license for civilian agencies and subparagraph c 1 ii of the Rights in Technical Data and Computer Software clause of DFARS 252 227 7013 for agencies of the Department of Defense or their successors whichever is applicable 6 Use of Software in the European Community This provision applies to all Software acquired for use within the Europe...

Страница 7: ...s and regulations or to any national or resident of such restricted or embargoed countries or ii provide the Software or related technical data or information to any military end user or for any military end use including the design development or production of any chemical nuclear or biological weapons 9 General If any provision of this Agreement is held to be invalid or unenforceable by a court ...

Страница 8: ...IONS LICENSEE FURTHER AGREES THAT THIS AGREEMENT IS THE ENTIRE AND EXCLUSIVE AGREEMENT BETWEEN BAY NETWORKS AND LICENSEE WHICH SUPERSEDES ALL PRIOR ORAL AND WRITTEN AGREEMENTS AND COMMUNICATIONS BETWEEN THE PARTIES PERTAINING TO THE SUBJECT MATTER OF THIS AGREEMENT NO DIFFERENT OR ADDITIONAL TERMS WILL BE ENFORCEABLE AGAINST BAY NETWORKS UNLESS BAY NETWORKS GIVES ITS EXPRESS WRITTEN CONSENT INCLUD...

Страница 9: ...3 Platform Requirements 1 4 Chapter 2 Selecting Server Tools Options Selecting a Security Server 2 1 Creating a RADIUS Authentication and Accounting Server 2 6 Selecting Booting Logging Options 2 8 Using the Event Viewer 2 10 Configuring a RADIUS Server 2 13 Creating and Configuring a RADIUS Server 2 14 Modifying RADIUS Server Information 2 15 Deleting RADIUS Server Information 2 16 Displaying Ver...

Страница 10: ...urity 4 7 Virtual CLI Security 4 7 AppleTalk Security 4 7 Port Server Security 4 8 Third Party Security Types 4 8 Using ACE Server Security 4 8 Additional Security Types 4 9 RADIUS Security 4 10 RADIUS and ACP Protocol Operation 4 11 RADIUS Authentication 4 12 PPP and CHAP Support 4 12 Access Request Attributes 4 13 Access Accept and Access Reject Attributes 4 15 RADIUS Accounting 4 15 RADIUS Acco...

Страница 11: ...ccess Concentrator Server Tools for Windows NT Figures Figure 2 1 The Server Tools Options Dialog Box 2 2 Figure 2 2 Event Viewer 2 11 Figure 2 3 The Radius Servers Dialog Box 2 13 Figure 2 4 The Version Dialog Box 2 17 ...

Страница 12: ...Using Remote Access Concentrator Server Tools for Windows NT Figures x ...

Страница 13: ...hat you know the parameter values needed to configure RACs This guide is part of the complete RAC documentation set You should refer to other manuals in the set for information not related to Remote Access Concentrator Server Tools for Windows NT Before You Begin Before using this guide you must Install the Remote Access Concentrator Install the Remote Access Concentrator Software for Windows and ...

Страница 14: ...talics In the context of commands and command syntax lowercase italics indicate variables for which the user supplies a value In command dialog square brackets indicate default values Pressing selects this value Square brackets appearing in command syntax indicate optional arguments In command syntax braces indicate that one and only one of the enclosed value must be entered In command syntax this...

Страница 15: ... Protocol CLI Command Line Interface erpcd expedited remote procedure daemon IP Internet Protocol IPX Internetwork Packet Exchange ISDN Integrated Services Digital Network NFS Network File Server PAP Authentication Protocol PPP Point to Point Protocol RAC Remote Access Concentrator SLIP Serial Line Internet Protocol TCP Transmission Control Protocol TFTP Trivial File Transfer Protocol UD User Data...

Страница 16: ...works com Library tpubs Bay Networks Customer Service You can purchase a support contract from your Bay Networks distributor or authorized reseller or directly from Bay Networks Services For information about or to purchase a Bay Networks service contract either call your local Bay Networks field sales office or one of the following numbers Information about customer service is also available on t...

Страница 17: ...aff for that distributor or reseller for assistance If you purchased a Bay Networks service program call one of the following Bay Networks Technical Solutions Centers Technical Solutions Center Telephone number Fax number Billerica MA 800 2LANWAN 508 916 3514 Santa Clara CA 800 2LANWAN 408 495 1188 Valbonne France 33 4 92 96 69 68 33 4 92 96 69 98 Sydney Australia 61 2 9927 8800 61 2 9927 8811 Tok...

Страница 18: ...Using Remote Access Concentrator Server Tools for Windows NT About This Guide xvi ...

Страница 19: ...addition the product takes advantage of Windows NT domains to authenticate and authorize users NA Utility Features ThenautilityletsyoumonitorandmodifyRACoperatingcharacteristics It allows you to Boot a RAC Reset a RAC Identify a RAC by its Internet address or host name Set and show values for all RAC configuration parameters Save current configuration parameter settings into script files Copy the ...

Страница 20: ...cumentation In addition to this manual you need the Managing Remote Access Concentrators Using Command Line Interfaces and Remote Access Concentrator Software Reference These guides provide reference procedure and feature descriptions Be aware that minor differences exist between Windows NT based erpcd and UNIX based erpcd This section lists these issues and guides you to the appropriate manuals U...

Страница 21: ...he standard RAC log destinations you can configure Remote Access Concentrator Server Tools for Windows NT to send Syslog and ACP log messages to the Windows NT Event Log See Chapter 3 in this guide for details For additional logging information refer to Managing Remote Access Concentrators Using Command Line Interfaces Documentation Exceptions Some information in Managing Remote Access Concentrato...

Страница 22: ... NT requires Windows NT Server version 3 51 or 4 0 configured to support the TCP IP protocol Administrative privileges on the server 15 MB free disk space on an NTFS drive One Windows NT Server client license per RAC A PC with an Intel Pentium or any fully compatible CPU or a DEC Alpha running Windows NT Server 4 0 32 MB RAM CD ROM drive to install the product ...

Страница 23: ...IUS server and view information about your current Remote Access Concentrator Server Tools for Windows NT software version This chapter includes Selecting a Security Server and Group Authentication Selecting Booting Logging Options Configuring a RADIUS Server Displaying Version Information Selecting a Security Server TheSecuritytabdialogboxallowsyoutochooseasecurityregime select RADIUS Authenticat...

Страница 24: ...T Chapter 2 Selecting Server Tools Options 2 2 Figure 2 1 The Server Tools Options Dialog Box To select options in the Security window Specify a Regime Select the protocol you desire from the Regime radio box Native NT default selection RADIUS Security SecurID ...

Страница 25: ... users If you do not select it the system will authenticate user names and passwords only 3 If you select Native NT and want to create a default remote users group click the Create Remote Users Group check box If you want to create a new Remote Users Group see RADIUS Security on page 2 4 4 If you select Native NT choose an existing domain from the Domain field When you choose a domain the groups w...

Страница 26: ...r security protocol select the Authentication Server and Accounting Server in the RADIUS Servers list box If the only options available in these two drop down lists are local and same as authentication server you need to create a list of servers from which to choose For more information on this procedure see Configuring a RADIUS Server on page 2 13 Chapter 4 provides additional information regardi...

Страница 27: ... on OK or Apply by selecting it and clicking on Remove or by deselecting the Create Remote Users Group check box To create a new Group 1 Click on the Administrative Tools icon in the Windows NT program group window The Administrative Tools window appears 2 Click on the User Manager for Domains icon The User Manager for Domains dialog box appears 3 Add the new Group and associated information For m...

Страница 28: ...to close the dialog box without saving or applying your changes Click on Apply to set your changes and leave the Server Tools Options window open on your desktop Use this option if you want to make changes in any of the other tabbed dialogs Creating a RADIUS Authentication and Accounting Server To create a RADIUS Authentication or Accounting server 1 From the Server Tools Options window click on t...

Страница 29: ...ou click on Accept or Revert After Accept or Revert is chosen the fields become inactive To reactivate for editing these fields select the server then choose Modify 6 Click on OK to save your changes and close the dialog box Click on Cancel to close the dialog box without saving or applying your changes Click on Apply to set your changes and leave the Server Tools Options window open on your deskt...

Страница 30: ...lectlogfiles tochoose locations for load and dump files and to choose directories time formats and network address formats for the log file To display this window choose the Booting Logging tab in the Server Tools Options window If you select Use NT Event Log your settings for time and network address formats appear in the acp_logfile and in the Detail window of the NT Event Log ...

Страница 31: ...e the images to the new directory the RACs will be unable to boot 2 Click either Use NT Event Log Use acp_logfile or Use RADIUS Logging to choose a method for storing log messages You can log RAC syslog messages and erpcd or RADIUS security messages If you select Use NT Event Log the system stores messages in the Applications portion of the standard Windows NT Event Log If you select Use acp_log f...

Страница 32: ... IP address or Host Name format from the Network Address Format box You can choose Use IP Address to place the Internet address of a RAC that generates logging messages in the log files UseHostNametoincludeaRACnameinthelogfilesinstead of the RAC s Internet address The time and address formats you choose appear in the acp_logfile or RADIUS logging If you choose Use NT Event Log the format appears i...

Страница 33: ...Tools Options Using Remote Access Concentrator Server Tools for Windows NT To view Windows NT logs double click on the Event Viewer icon in Administrative Tools and select Application from the Log menu Figure 2 2 Event Viewer WARNING ...

Страница 34: ... times events occur Source lists the software that logged the event For syslog messages from a RAC or from the network Annex_syslog appears For messages generated by erpcd the column displays Annex_syslog For security messages the log entry reads Annex_ACP Category classifies events Event displays the event number the RAC generates a number to identify each event User displays N A Remote Access Co...

Страница 35: ...at parameters To view this information click on the RADIUS Servers tab of the Server Tools Options window Figure 2 3 The Radius Servers Dialog Box First Time Use When you open the RADIUS Servers dialog box for the first time after installation the information fields are blank and inactive You need to create and configure the RADIUS servers that you will be using Use the following procedures to cre...

Страница 36: ...to cancel your changes You can modify any of the fields before you click on Accept or Revert After choosing Accept or Revert the fields become inactive To reactivate for editing these fields select the server then choose Modify 6 Click OK to save your changes and close the Server Tools Options window Click on Cancel to close the dialog box without saving or applying your changes Click on Apply to ...

Страница 37: ... cursor in the information field you wish to change and enter the new information 3 Click on Accept to save the modified information or Revert to cancel your changes You can modify any of the fields before you click on Accept or Revert After choosing Accept or Revert the fields become inactive To reactivate these fields select the server then choose Modify 4 Click OK to save your changes and close...

Страница 38: ...Click OK to delete the RADIUS Server or Cancel to exit the confirmation dialog box without deleting any server information The confirmation dialog box closes 3 Click OK to save your changes and close the Server Tools Options window Click on Cancel to close the dialog box without saving or applying your changes Click on Apply to set your changes and leave the Server Tools Options window open on you...

Страница 39: ...ndows NT Displaying Version Information The Version tab window provides the company and product name version number and build number for the Remote Access Concentrator Server Tools To view this information click on the Version tab of the Server Tools Options window Figure 2 4 The Version Dialog Box ...

Страница 40: ...Using Remote Access Concentrator Server Tools for Windows NT Chapter 2 Selecting Server Tools Options 2 18 ...

Страница 41: ...ices that erpcd provides Eservices includes controls for The block file server bfs program sends boot files to a RAC and collects dump files from a RAC The Access Control Protocol ACP program provides security when you define a Windows NT server as a security server The Remote Access Concentrator Server Tools implements erpcd differently because it uses Windows NT domain authentication This chapte...

Страница 42: ...group names are not case sensitive Using the acp_userinfo File The acp_userinfo file stores information about the RAC commands and protocols available to users When a user logs into the server erpcd matches the login environment with acp_userinfo entries and controls user access based on these entries Defining User Profiles Defining user profiles is useful only when you want to restrict user privi...

Страница 43: ...tions or attributes so that the RAC denies access to the user User Profile Formats The acp_userinfo file stores user profiles in the user end block format This format includes User to begin the block One or more keywords that specify the user environment Entries must contain A keyword an equal sign and a value without spaces For an explanation of these keywords refer to User Environment Keywords o...

Страница 44: ...you need to specify profiles in the order in which you want them to match Username and Group Keywords The username keyword specifies a single Windows NT user The group keyword allows you to create a user profile for any member of a Windows NT group To use these keywords enter username or group followed by a user or group name If you do not enter a user or group name the profile applies to all user...

Страница 45: ...you omit a m or p m the time defaults to the 24 hour format protocol Keyword The protocol keyword defines a protocol by which a user can connect to a RAC To define a protocol type protocol followed by slip ppp or cli You cannot enter more than one protocol on a line However you can repeat the protocol format and add a second or third profile annex and ports Keywords The annex and ports keywords sp...

Страница 46: ...al back port Before you can use the accesscode attribute you must define at least two modem pools one for dial in and one for dial out in the acp_userinfo file A modem pool groups asynchronous ports on one or more RACs Modem pool definitions appear at the end of the acp_userinfo file To define a modem pool 1 From the Bay Networks program group window double click on the appropriate icon to open th...

Страница 47: ...t that number 3 Type in_pool followed by the name of an inbound modem pool e g in_pool inboundpool1 4 Type out_pool followed by the name of an outbound modem pool e g out_pool outboundpool1 5 Type job followed by one CLI command its arguments and end You do not need to enter a job specification 6 Type end clicmd The clicmd attribute lists CLI commands that erpcd will execute if the profile matches...

Страница 48: ...clude the same CLI command in the clicmd and climask entries climask The climask attribute limits the CLI commands users can execute To use this attribute 1 From the Bay Networks program group window double click on the appropriate icon to open the acp_userinfo file The acp_userinfo file opens in the Notepad editor 2 Find the area of the file where entry information resides and type climask 3 Ente...

Страница 49: ...en the acp_userinfo file The acp_userinfo file opens in the Notepad editor 2 Find the area of the file where entry information resides and type deny following a user name or group name If you include additional attributes in a profile that uses deny the profile will not execute them When erpcd denies access to a RAC it generates a message in the log file For CLI users the message appears on the sc...

Страница 50: ... scope family criteria andactions Separateeachpartofthefilterdefinitionwithaspace Direction applies the filter to incoming or outgoing packets You can enter input or output To apply a filter to incoming as well as outgoing packets you must create two separate definitions Scope controls how erpcd matches the filter definition You can enter include to apply the filter to packets that match the defin...

Страница 51: ...eparated by a space on the same line If you use this keyword you cannot use dst_address or src_address port_pair for incoming or outgoing packets passing between two ports or services followed by a port number or service name If you use this keyword you cannot use dst_port or src_port protocol the transport protocol of the packet followed by a number from 1 to 65535 or by tcp udp or icmp To match ...

Страница 52: ...will not activate a dynamic dial out line but will keep the line up and will reset the net_inactivity timer parameter to zero syslog logs the event in the log files route The route attribute defines the IP routes that a router makes available through a RAC when it dials in Use this attribute when you do not want a router to incur overhead in running a routing protocol itself To use this attribute ...

Страница 53: ...mber of hops or h 7 Type end at_zone The at_zone attribute lists AppleTalk zones on a network To use this attribute 1 From the Bay Networks program group window double click on the appropriate icon to open the acp_userinfo file The acp_userinfo file opens in the Notepad editor 2 Find the area of the file where entry information resides and type at_zone 3 Enter one or more zone names If you use mor...

Страница 54: ...f minutes user john at_connect_time 12 end The above example limits the session to twelve minutes at_nve_filter The at_nve_filter attribute allows you to include or exclude users from specific objects network numbers subzones and zones Specify one at_nve_filter attribute for each user in a profile To use this attribute 1 From the Bay Networks program group window double click on the appropriate ic...

Страница 55: ...asswords to authenticate all AppleTalk users To use this attribute 1 From the Bay Networks program group window double click on the appropriate icon to open the acp_userinfo file The acp_userinfo file opens in the Notepad editor 2 Find the area of the file where entry information resides and type at_password followed by a password using 1 to 9 characters Include punctuation marks in the password I...

Страница 56: ...east 16 characters Using the acp_keys File The acp_keys file stores RAC names or IP addresses and corresponding encryption keys Erpcd uses the keys you define here to create encryption keys that the security server and a RAC use to exchange messages When the security server receives an encrypted message from a RAC it matches the key with an associated RAC in the acp_keys file If there is no match ...

Страница 57: ...searches entries that contain wildcards In either case erpcd uses the first key entry it finds Creating Encryption Keys Define encryption keys by setting the acp_key parameter for each RAC If the key value is not the same in the acp_keys file and for the acp_key parameter the RAC and the server cannot communicate In addition you must set the enable_security parameter to Y to use security features ...

Страница 58: ...u must set the address_origin parameter to ACP via the na utility This allows a RAC to search the acp_dialup file for the remote client s user name and for local and remote addresses To create an entry in the acp_dialup file 1 From the Bay Networks program group window double click on the appropriate icon to open the acp_dialup file The acp_dialup file opens in the Notepad editor 2 Go to the end o...

Страница 59: ... name and a remote address but not a local address the RAC uses the remote address from the file and uses the RAC s IP address for the local address If the file does not contain a matching user name the RAC uses values from the local_address and remote_address parameters If both parameters contain addresses the RAC uses these values If both parameters are set to 0 0 0 0 the RAC negotiates for both...

Страница 60: ...Using Remote Access Concentrator Server Tools for Windows NT Chapter 3 Understanding Erpcd 3 20 ...

Страница 61: ...electing options in the Security dialog box Select Global Group Authentication Select a domain then select the groups whose members can be authenticated If you are using Global Group Authentication select Native NT as your Security Regime For more information on group authentication see Chapter 3 This chapter summarizes most security features and explains the relationship between Windows NT domain...

Страница 62: ...f the user name and password are valid the system determines whether the user is a member of any groups you select Support for Multiple Domains Remote Access Concentrator Server Tools can authenticate users from domains other than the default domain of the security server To facilitate this feature the Windows NT administrator must establish at least a one way trust relationship A trusting domain ...

Страница 63: ...ed domain s security accounts manager database Server Tools Steps All Windows NT users who require authorization must use the Remote Access Concentrator Server Tools software to configure these services Those definitions are accomplished in the following steps 1 Add a valid entry s in the acp_userinfo file 2 If the caller requires a dial up address add a valid entry s in the acp_dialup file Thenam...

Страница 64: ...ty to Set the enable_security parameter to Y Define one server as the primary security server by entering its address in the pref_secure1_host parameter Define a backup security server in the pref_secure2_host parameter If a RAC queries the primary server and does not receive a response within the time defined in the network_turnaround parameter the RAC queries the backup server If the backup serv...

Страница 65: ...for several types of server based security by using the na utility to set security parameters Once these parameters are set Remote Access Concentrator Server Tools uses Windows NT user names and passwords to authenticate users This section describes the type of server based security that use Windows NT domain security It includes PPP Security CLI Security Virtual CLI Security AppleTalk Security Po...

Страница 66: ...To configure Windows NT security for PPP links you must set the ppp_security_protocol parameter If you set ppp_security_protocol to pap the system uses Windows NT user names and passwords for authentication If you set ppp_security_protocol to chap pap the system first requests CHAP security If CHAP is not acknowledged it requests PAP CHAP does not authenticate Windows NT user names passwords or re...

Страница 67: ...r CLI connections set the cli_security parameter to Y Virtual CLI Security Virtual CLI VCLI connections allow network users access to CLI commands When a user enters a telnet command to connect to a RAC and requests the CLI at the port server prompt the RAC s port server process creates a virtual CLI connection AppleTalk Security Remote Access Concentrator Server Tools authenticates AppleTalk user...

Страница 68: ...Y For VCLI connections set the vcli_security parameter to Y Third Party Security Types Remote Access Server Tools for Windows NT supports ACE Server SecurID security Using ACE Server Security The ACE Server token is an access control security token used to identify users of computer systems and secure TCP IP networks Used in conjunction with the SecurID card hardware or software access control mod...

Страница 69: ...security using the graphical user interface see Chapter 2 Additional Security Types Remote Access Concentrator Server Tools supports port server CLI VCLI and PPP security using Windows NT domain user names and passwords Remote Access Concentrator Server Tools supports Security Filters ARA and Dial back security defined in the acp_userinfo file Dial up security defined in the acp_dialup file Remote...

Страница 70: ... the RADIUS server and authentication of the RADIUS server to the NAS RADIUS supports authentication modes PAP and CHAP RADIUS Accounting another IETF developed protocol defines a communication standard between an NAS and a host based accounting server It records duration of service packet throughput and raw throughput RADIUS Authorization is not supported in this release but Authorization is addr...

Страница 71: ... password are entered correctly ERPCD ACP sends a RADIUS Access Request packet to the RADIUS server this packet contains the normal RADIUS header and the Access Request attributes the Access Accept Access Reject or Access Challenge packet fails to arrive in the specified amount of time ERPCD ACP re sends the packet no response is received ERPCD ACP sends the Access Request packet to the backup RAD...

Страница 72: ...f radio button in the Server Tools Options Security dialog box is set to off the ACP server validates against the chap_secret entry in the acp_userinfo file The Then RAC sends the ACP server an ACP Authorization Request message containing the CHAP information the ACP server determines if RADIUS is to be used set in Server Tools Options dialog box and sends a request to the RADIUS server containing...

Страница 73: ...minated ASCII string identical to the user name that ERPCD ACP retrieves via the user name prompt You can specify up to 31 alphanumeric characters User Password Specifies the user password that the RADIUS server will authenticate CHAP Password Specifies the response value of a CHAP user in response to the password challenge NAS IP Address Indicates the IP address of the RAC authenticating the user...

Страница 74: ...tribute CHAP Challenge appears in the Authenticator of the RADIUS header Framed Protocol Specifies the link level protocol type allowable to the user Supported values are PPP SLIP Service Type Specifies the type of service the user will receive Supported types of service are Login Framed NAS Prompt Outbound Administrative n Description 0 Serial interface port 2 Virtual VCLI FTP 3 Dial out 4 Ethern...

Страница 75: ...e RAC to display text sent in a Reply Message attribute as long as the user is a CLI or port server user RADIUS Accounting RADIUS Accounting defines a communication standard between a NAS and a host based accounting server It records duration of service packet throughput and raw throughput This section covers the following topics RADIUS Accounting Process Accounting Request Attributes To utilize R...

Страница 76: ...s Stop 2 ERPCD ACP logout events Accounting on 7 ACP logging connection becomes active Accounting off 8 ACP audit logging connection becomes inactive When or If The the RAC sends an ACP Audit log to the server security profile for the ACP Authorization Request must match the Security dialog box RADIUS Regime On Off radio button setting On RADIUS security active Off Native NT security active ERPCD ...

Страница 77: ...lways set to RADIUS Acct Input Packets Specifies how many packets received during the session Acct Output Packets Specifies how many packets sent during the session Acct Session Time Specifies the elapsed session time as calculated in RADIUS Other Attributes All attributes that are included in the Access Request packet are also included in the Accounting Request packet RADIUS Configuration Managem...

Страница 78: ...rver is the host name of the RADIUS Accounting server If an Accounting server is not specified it defaults to the ACP server If a RADIUS server is not specified the RADIUS server defaults to the ACP server Secret Format The format for secret is an ASCII string or a hexadecimal string The hexadecimal string format always starts with 0x followed by a string of bytes with each two hexadecimal digits ...

Страница 79: ...ptions dialog box click on the Security tab 2 Select the RADIUS radio button to enable the RADIUS security server If you do not select this option your security server will default to native Windows NT security 3 From the Server Tools Options dialog box click on the RADIUS Servers tab 4 Click the Backup Server down arrow to select the backup RADIUS server or RADIUS accounting server IfNoneisdispla...

Страница 80: ...RPCD ACP waits the specified timeout value 4 seconds by default for the response packet the time expires ERPCD ACP retries the request the maximum number of retries 10 by default is reached without a response from the server attempt to authenticate against the primary server fails and ERPCD ACP attempts to authenticate against the backup server if defined no response is received from the backup se...

Страница 81: ...s provided as documentation and a convenience This file defines keywords types and values for RADIUS attributes and their corresponding code points The file is in a format that is used as input by some RADIUS servers to parse messages and write text output files Customers might have existing dictionaries with differences in the keyword names and may want to evaluate the impact to their databases a...

Страница 82: ...iesandmake a decision on how to apply the differences The following is a partial example of the some of the dictionary contents ATTRIBUTE User Name 1 string ATTRIBUTE Password 2 string ATTRIBUTE CHAP Password 3 string ATTRIBUTE NAS IP Address 4 ipaddr ATTRIBUTE NAS Port 5 integer ATTRIBUTE Service Type 6 integer ATTRIBUTE Framed Protocol 7 integer ATTRIBUTE Framed IP Address 8 ipaddr Framed Protoc...

Страница 83: ...ervice Type Login User 1 VALUE Service Type Framed User 2 VALUE Service Type Callback Login User 3 VALUE Service Type Callback Framed User 4 VALUE Service Type Outbound User 5 VALUE Service Type Administrative User 6 VALUE Service Type NAS Prompt 7 VALUE Service Type Authenticate Only 8 VALUE Service Type Callback NAS Prompt 9 ...

Страница 84: ...Using Remote Access Concentrator Server Tools for Windows NT Chapter 4 Using Security Features 4 24 ...

Страница 85: ... 17 annex keyword 3 5 at_connect_time attribute 3 14 at_guest parameter 3 15 at_nve_filter attribute 3 14 at_password attribute 3 15 at_security parameter 4 7 at_zone attribute 3 13 attributes profile 3 6 to 3 16 B Bay Networks Press xiv bfs directory 2 9 block file server See bfs directory C CHAP security protocol 4 6 chap_secret attribute 3 16 CHAP password attribute 4 13 cli_security parameter ...

Страница 86: ...name servers 1 3 NAS IP address attribute 4 13 NAS port attribute 4 14 NAS port type attribute 4 13 native NT security 2 3 net_inactivity timer parameter 3 12 network address format box 2 10 network_turnaround parameter 4 4 P PAP security protocol 4 6 platform requirements 1 4 port_server_security parameter 4 8 ports keyword 3 5 ppp_security_protocol parameter 4 6 pref_secure1_host parameter 4 4 p...

Страница 87: ... 7 port server security 4 5 PPP security 4 6 virtual CLI security 4 8 using Windows NT domain 4 2 security regime 2 1 security server selection 2 17 security_broadcast parameter 4 4 selecting a security server 2 1 server tools options selecting booting and logging options 2 1 server tools options window 4 2 displaying version information in 2 17 selecting groups for authentication 2 5 selecting lo...

Страница 88: ...Index Using Remote Access Concentrator Server Tools for Windows NT Index 4 server tools options window 2 1 ...

Отзывы:

Нет отзывов

Похожие инструкции для NA

Бренд: Alphasmart Страницы: 4

FIREWORKS 2-USING FIREWORKS

Бренд: MACROMEDIA Страницы: 20

DSP/BIOS Real-Time Analysis

Бренд: Texas Instruments Страницы: 29

Portal Server ETV v4.1

Бренд: VBrick Systems Страницы: 140

Network HotSync

Бренд: 3Com Страницы: 38

Бренд: TerraTec Страницы: 20

Бренд: IBM Страницы: 388

Бренд: Native Instruments Страницы: 55

Бренд: Calyx Страницы: 537

141670 - DS 330 Digital Voice Recorder

Бренд: Olympus Страницы: 72

Бренд: EMC Страницы: 106

Бренд: Brother Страницы: 33

My Custom Design

Бренд: Brother Страницы: 49

Бренд: Brother Страницы: 55

BES Monogramming Suite

Бренд: Brother Страницы: 81

Бренд: Brother Страницы: 119

Бренд: Brother Страницы: 15

TELEPRESENCE CALL DETAIL RECORDS FILE FORMAT -

Бренд: Cisco Страницы: 26

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды