manualshive.com logo in svg

Raritan DOMINION SX -, Инструкция по установке и эксплуатации

Raritan DOMINION SX - это удобный и надежный устройство для удаленного управления серверами. У вас есть возможность загрузить бесплатное руководство по быстрой установке на нашем сайте. Убедитесь загрузить его с manualshive.com и начните использовать ваше устройство максимально эффективно.

Поделиться
Скачать
background image

A

PPENDIX 

D:

 

RADIUS

 

S

ERVER

 

107  

 

Appendix D: RADIUS Server 

Note

: This section has been provided for reference only. Please consult your local system administrator 

for exact implementation details. 

Overview 

The details of installing and configuring the RADIUS server software will depend on the Server you are 
using. This Appendix covers the installation and configuration of the 

Windows 2000 RADIUS Server

, but 

regardless of the implementation, there are several items you must configure:  
1.

 

A list of authorized clients and their shared secrets

: The RADIUS server must have the IP addresses 

of all authorized RADIUS clients. Along with each client's address is a secret. It is not critical what the 
secret is as long as this same secret is also configured into the client (

Dominion SX 

unit). The 

RADIUS client and server use the secret to encrypt parts of the packets they send to each other and to 
guarantee that the messages and replies are authentic. In Windows 2000 implementations, this file is 
called 

clients

. Please refer to 

Step D

. in the 

Install and Configure the RADIUS Server for Windows 

2000

 section that follows for more information.  

2.

 

A list of authorized users and their configuration information

: The RADIUS server must know 

passwords, users, what these users are authorized to do after they log in. In Windows 2000 
implementations, Administrators can use 

Active Users 

and 

Directory or Local Authentication

 to add 

users. Information about the user is stored as a list of RADIUS protocol attributes and associated 
values. These translate directly into the authentication reply the server will send back to the client. 

3.

 

Reply items used by Dominion SX Products

: The following attributes are used by 

Dominion SX

 

products: 

 

Vendor-Specific

: This Attribute is available to allow Raritan to support more detailed resource control. 

To control the number of ports being accessed by a particular user, a new Vendor code is added for 
Raritan Systems. The Vendor code takes a value of 

8267

 and the String to be entered should follow 

this format: 

 

IP Address of the Dominion SX unit separated by a ‘:’ 

 

Privileges to be given to the user, separated by a ‘:’  Privileges should take one of the following 
values:  

A for Administrator: has Read and Write access to the console window; can modify the configuration of the 
unit. 
O for Operator: has Read and Write access to the console window; cannot modify the configuration of the 
unit. 
OB for Observer: has Read-only access to the console window; cannot modify the configuration of the unit. 

 

Port number access, taking a value of: 

‘*’ indicating access to all the ports

 

‘1:2:3’ indicating access to ports 1, 2 and 3 only

Note

: For more information and examples, please see 

Step E

. in the 

Install and Configure the RADIUS 

Server for Windows 2000

 section that follows.  

 

Service-Type

: You must specify characteristics of the service provided to the user by specifying the 

desired Service-Type in each user profile. The reply items in each user profile determine how the user's 
session is configured on the Dominion SX unit. 

Содержание DOMINION SX -

Страница 1: ...3 Fax 886 2 8919 1338 E mail sales asia raritan com http www raritan com tw Raritan Computer France 120 Rue Jean Jaures 93200 Levallois Perret France Tel 33 14 756 2039 Fax 33 14 756 2061 E mail sales...

Страница 2: ......

Страница 3: ...osoft Corporation Netscape and Netscape Navigator are registered trademarks of Netscape Communication Corporation Mozilla is a registered trademark of the Mozilla Foundation RC4 is a registered tradem...

Страница 4: ...This page intentionally left blank...

Страница 5: ...plorer 13 Netscape Navigator 14 Sending a Break Null 14 Chapter 4 Console Features 15 Emulator 15 Settings 15 History 16 Write Access 17 Sending a Break Null 18 User List 19 Close 20 Edit 21 Tools 22...

Страница 6: ...me 83 Description 83 Name 84 Description 84 Service Telnet and SSH Configuration 84 Name 84 Description 84 Chapter 11 Firmware Upgrade Instructions 87 Firmware Image Upgrade Instructions for DSX16 DSX...

Страница 7: ...Target System 133 Boot Script Support 135 File System 135 File Directory Structure 135 File System API through TCL 135 TCL Commands 136 Accessing TCL Window 137 Resetting TCL Interpreter 137 Editing...

Страница 8: ...Logging Command 23 Figure 27 Script Shell Command 24 Figure 28 SecureChat Command and User Chat Window 25 Figure 29 Help Topics Command and Help File Window 26 Figure 30 Sample of About RaritanConsole...

Страница 9: ...Wizard Completion Page 98 Figure 80 Internet Options Display 99 Figure 81 Certificate Manager Display 99 Figure 82 Netscape New Site Certificate Window 100 Figure 83 Netscape New Site Certificate Acce...

Страница 10: ...New Connection Complete 128 Figure 114 Connect to Window 128 Figure 115 Windows 2000 Network and Dialup Connections 129 Figure 116 Welcome to the Network Connection Wizard 129 Figure 117 Network Conn...

Страница 11: ...oubleshoot up to 32 target devices depending on model from any SSH client Web browser while consuming only one IP address Scripting Create store and execute scripts either on demand or on a continuous...

Страница 12: ...scheme serial port adapters are available from Raritan Local Access for crash cart applications Simplified User Experience SSH Browser based Interface Graphical User Interface provides intuitive acces...

Страница 13: ...lete the configuration of the Dominion SX Obtain all required configuration information prior to performing the configuration steps outlined below If you are uncertain of any information contact your...

Страница 14: ...e command line interface of the installation computer enter the command route print b If 192 168 0 192 is on the gateway list proceed to the next step Otherwise add 192 168 0 192 to the gateway list t...

Страница 15: ...16 characters in length no spaces The first six characters of the password must contain at least two alpha and one numeric character the first four characters cannot be the same as the user name Conf...

Страница 16: ...ser Configuration Window appears enter the information for the first user for Dominion SX By default the first user will have Administrator privileges All fields except for the Information field are r...

Страница 17: ...s unit will reside IP Gateway Default gateway for this unit Port Address Default application communication port if accessing the unit through a firewall the TCP port specified during installation must...

Страница 18: ...of the certificate Additionally the Syslog and NFS logging features also use the system time for time stamping log entries Figure 9 Time Configuration Display Configuration 1 Set the Current Date and...

Страница 19: ...number for this line as it will be necessary later when the user configures a client for dialup networking 7 Connect the male end of the external power cord to the power supply outlet and power ON the...

Страница 20: ...10 DOMINION SX INSTALLATION AND OPERATIONS MANUAL...

Страница 21: ...he target device programmatically Note For the purpose of illustration all discussion in this manual is based on using Internet Explorer as the browser Browser Based Access 1 Using a browser such as I...

Страница 22: ...login screen appears enter your Login Name and Password and click on the Login button Figure 12 Login Display 4 When the main display page appears click on the desired Port button to launch that port...

Страница 23: ...ialog indicates that the authenticity of the signer Raritan has been verified by VeriSign Inc and it specifies the permissions requested from the user Figure 14 Security Dialog in Internet Explorer Cl...

Страница 24: ...being asked for permissions every new session Once the Security screens are completed the console window appears and the user can begin working with the remote target system Figure 17 Console Window S...

Страница 25: ...ow Currently the unit supports Terminal Type VT100 ANSI which cannot be changed The Cursor Type can be either Line or Block depending on your preference The default cursor is Line type but can be chan...

Страница 26: ...essage history allowing a user to see target device events over time When the size limit is reached the text will wrap overwriting the oldest data with the newest History information can be useful whe...

Страница 27: ...in menu 2 Select Get Write Access from the drop down menu Figure 20 Get Write Access Command 3 You now have Write Access to the target device as indicated by the green block located before Write Acces...

Страница 28: ...n keyboard Only users with Operator and Administrator privileges can send a break users who are Observers cannot send a break To send an intentional break to a Sun Solaris server 1 Verify that you hav...

Страница 29: ...re accessing the same port An asterisk appears before the user who has Write Access to the console To View the User List 1 Click on Emulator in the main menu 2 Select User List from the drop down menu...

Страница 30: ...20 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Close To Close RaritanConsole 1 Click on Emulator in the main menu 2 Select Close from the drop down menu Figure 23 Close Command...

Страница 31: ...the drop down menu 5 Position the cursor at the location you wish to paste the text and click once to make that location active 6 Click on Edit in the main menu 7 Select Paste from the drop down menu...

Страница 32: ...the main menu 2 Select Start Logging from the drop down menu 3 Choose an existing file or provide a new file name in the File Dialog box When an existing file is selected for logging data gets append...

Страница 33: ...ER 4 CONSOLE FEATURES 23 Stop Logging 1 Click on Tools in the main menu 2 Select Stop Logging from the drop down menu Figure 26 Stop Logging Command Logging is On until the Stop Logging command is exe...

Страница 34: ...ole also comes with User Definable Events that can be generated by TCL scripts Raritan has introduced an extension library to provide an API to the RaritanConsole s functions Additionally the unit com...

Страница 35: ...length of a chat message is 80 characters To use SecureChat 1 Click on Chat in the main menu 2 Select User Chat from the drop down menu Figure 28 SecureChat Command and User Chat Window 3 Type a messa...

Страница 36: ...lease information about RaritanConsole Help Topics To Access Help Topics 1 Click on Help in the main menu 2 Select Help Topics from the drop down menu Figure 29 Help Topics Command and Help File Windo...

Страница 37: ...nformation When contacting Raritan for technical support when performing a software upgrade etc you may be asked for this information To Access About Information 1 Click on Help in the main menu 2 Sel...

Страница 38: ...Port number for which a console is required Example For Internet Explorer and Mozilla 1 6 with supported Java version the following command line or entry into the URL field will connect the user to Po...

Страница 39: ...on the Login button 4 When the security warning appears only once for the session click on the Yes button 5 The console display will appear Figure 33 Direct Port Access Display To exit the application...

Страница 40: ...ominion SX window to exit Dominion SX If changes to the configuration have been made but not saved a screen will prompt you to save changes and log out of the unit Click on the Yes button to save chan...

Страница 41: ...been saved already the unit will confirm the request to exit Click on the OK button to log out of the unit Figure 36 Exit Confirmation Display A confirmation screen will indicate disconnection from t...

Страница 42: ...te Install custom applications per port In each case dedicated displays are provided to allow the adjustment and configuration of the various parameters Display The display structure is divided into a...

Страница 43: ...s have to make modifications to the device Update Many of the Configuration tab screens feature an Update button A user would click on the Update button to notify the system that changes have been mad...

Страница 44: ...on button in the left panel 2 Click on the tab s for the screens in which you want to make configuration changes 3 When the status bar displays the Configuration locked message other users cannot modi...

Страница 45: ...has been configured which can be useful if debugging or troubleshooting System time and date Ethernet address Network configuration IP address subnet mask and gateway Modem configuration Certificate...

Страница 46: ...st be connected 2 The modem PPP connection settings must be configured 3 The dial up networking software on the user s personal computer must be configured to establish a PPP connection from the clien...

Страница 47: ...ped The modem is not operational The Initialize Modem button can be used to reset the modem if it is running but not operating properly Note Be sure to verify the above information with your Network A...

Страница 48: ...of the phone line connection speed will vary The modem that is installed in the unit is a 56Kbps device generally the connection speed will be approximately 33Kbps At this speed there is a possibilit...

Страница 49: ...onal applications Baud rate Baud rate of the serial port should match that of the target device connected to the port valid choices are 1200 1800 2400 4800 9600 19200 28800 38400 57600 115200 Parity D...

Страница 50: ...lect an entry to modify 2 Click on the Edit button 3 The selected entry appears in the lower half of the screen 4 Make changes to the fields as needed 5 Click on the Update button to load the changes...

Страница 51: ...N CONTROL REMOTE TARGET UPGRADE RESET Administrator All Yes Yes Yes Operator Edit own user record Yes No No Observer Edit own user record No No No Figure 44 Users Tab Display Local Users The unit can...

Страница 52: ...an change their passwords after the first time they log on Figure 45 New User Creation To Add a New User 1 Click on the New button 2 Enter the User Name Login Name User Type and Password 3 Retype the...

Страница 53: ...Information 1 Click on the User Name to modify that user s information 2 Click on the Edit button 3 Update the desired fields only those fields that you are allowed to change based on your user type a...

Страница 54: ...ed and knowledge of the concepts of Access Control Lists ACL is a prerequisite for configuring and administering the Dominion SX IP ACL feature Explaining IPTables is beyond the scope of this document...

Страница 55: ...he following figures The user interface provides a front end to the IPTables Once again we suggest the following link for IPTables familiarity http iptables tutorial frozentux net iptables tutorial ht...

Страница 56: ...e the IP ACL configuration to the non volatile memory of the Dominion SX This rule allows connections from this address and attempts to connect from all other IP addresses will be denied Please note w...

Страница 57: ...sts ipacl status Display the enable disable status Display all configured IPACL rules ipacl enable disable Depending on the parameter enable or disable ipacl USAGE EXAMPLE admin Command ipacl status i...

Страница 58: ...If you wish to allow or deny a specific IP address just set the starting and ending IP to that particular address USAGE EXAMPLE admin Command aclcfg add 1 2 3 4 1 2 3 4 0 0 add a rule allowing IP 1 2...

Страница 59: ...event the security alert window from appearing After the configuration is completed the unit reboots The server certificate is generated once again this time for the new IP address assigned to the uni...

Страница 60: ...ns are available at the bottom of the Certificate screen 1 Generate Default Certificate Click on this button to regenerate the certificate provided by Raritan Please note that generating the certifica...

Страница 61: ...te generated may not be valid 3 The unit will reboot Note If you factory reset the unit and there is no user installed certificate in the unit the server Certificate is regenerated for the IP address...

Страница 62: ...d to obtain a user certificate to be installed in the unit from a trusted third party source Bit strengths of 512 1024 and 2048 are supported If a user installed certificate is active a CSR cannot be...

Страница 63: ...ntry name State province name Locality Organization Organization unit Email address Click on the Generate CSR button to generate and display the request Cut and paste the result into a text file and u...

Страница 64: ...er Certificate 1 Open the certificate and the private key file in a text editor If the certificate was generated using CSR only the certificate will be available 2 Under the Certificate Tab click on t...

Страница 65: ...lled in the browser Figure 58 Schematic of External Certificate Utilization External Certificate Authority Browser Dominion SX Unit Server Certificate issued by the External Certifying Authority Priva...

Страница 66: ...Mechanism RADIUS Authentication occurs when a user tries to log on to the RADIUS client After prompting the user for login name and password the client checks to see if the user is already present in...

Страница 67: ...it can store as many users as its disk storage permits If you are using many Dominion SX units you do not have to configure all users on each of the units Configure a user once on your RADIUS server t...

Страница 68: ...ned default port number for RADIUS is 1812 6 The Information for the Secondary RADIUS Server is optional This is a mirrored image of the Primary RADIUS Server and it is used only in case the Primary R...

Страница 69: ...r and a RADIUS user Only non RADIUS users are listed in the user list on the Users configuration screen under the Users tab This is because every time a RADIUS user logs in authentication comes from t...

Страница 70: ...t are based on events that occur within the unit It is also possible to have user defined events sent out as email messages User defined events are defined using the scripting capability Figure 64 Not...

Страница 71: ...predefined by Raritan To subscribe to a user defined event type the user defined event name Note This name must match exactly with the event name that has been used when the script was generated 3 Sp...

Страница 72: ...es to the entry in the fields that appear in the lower portion of the screen 4 Click on the Update button 5 Click on the Save button Figure 66 Edit Notification Destination Delete a Notification Entry...

Страница 73: ...onfig datacom Datacom configuration has been modified event amp notice config users User configuration has been modified event amp notice config ipacl IP address based access control list has been mod...

Страница 74: ...he upgrade and a pop up window will notify the user once the upgrade procedure is complete Figure 67 Upgrade Display Upgrades can be done of the complete software AmpAdmin package and the various appl...

Страница 75: ...are application package is located 3 Specify the Path to the software package for example pub Dominion AmpApp 4 Enter the Username and Password if required 5 Click on the Upgrade button 6 The unit wil...

Страница 76: ...st of logged in users who will be logged out upon reset will be displayed The soft reset is useful when an Administrator wishes to disconnect all users from the unit Figure 68 Confirmation for Reset F...

Страница 77: ...or SX4 SX8 and other models with a RESET switch please see the paragraph that follows 1 Power OFF the Dominion SX unit 2 Attach the supplied Factory Reset Connector serial DB9 female to the serial DB9...

Страница 78: ...68 DOMINION SX INSTALLATION AND OPERATIONS MANUAL...

Страница 79: ...ter and CAT5 cable Cisco Catalyst RJ45 CRLVR 15 cable Cisco Router DB25F ASCSDB25M adapter and CAT5 cable Hewlett Packard Unix Server DB9M ASCSDB9F adapter and CAT5 cable Silicon Graphics Origin DB9M...

Страница 80: ...70 DOMINION SX INSTALLATION AND OPERATIONS MANUAL...

Страница 81: ...set on the Dominion SSH server does not conflict with a key sequence required by either the SSH client or the host operating system The Escape key sequence is user configurable A Secure Shell hereina...

Страница 82: ...e user has connected to a serial target at port 2 using console_cmd 2 then the escape character can be used to come back to menu prompt RaritanCommand Default Escape Character is CTRL i e Press CTRL k...

Страница 83: ...er Type Administrator UserName admin Number Of Accessible Ports 6 Port PortName 1 Port1 2 Port2 SUN 3 Port3 4 Port4 5 Port5 6 Port6 Serial Port 2 Connected Escape characer is Ctrl User admin Is Now Ma...

Страница 84: ...target session and come back to Command prompt for an interactive session Figure 71 Sample SSH Session Screen Port Sharing Using SSH It is possible for SSH users to share ports with other authenticate...

Страница 85: ...DAP uses TCP port 389 and LDAP S uses TCP port 636 Secret This is the root password to access the directory server manager The name for this field depends on the Directory Server The SUN iPlanet direc...

Страница 86: ...ministrator Operator and Observer For Dominion SX both per port Authentication and Authorization are possible with TACACS Cisco Freeware Daemon This daemon is freely available from Cisco at http cisco...

Страница 87: ...html 12231 1 Allow new services a Select Interface Configuration b Select TACACS Cisco IOS c Add dominionsx service under the heading New Services 2 When adding or editing a user or group the dominio...

Страница 88: ...78 DOMINION SX INSTALLATION AND OPERATIONS MANUAL...

Страница 89: ...epended to each of the port log files SIZE the maximum size for a log file before a new file is created IP1 the IP address of the NFS shared directory DIR1 the directory on the NFS server to write to...

Страница 90: ...port log files Example etc exports entry nfs domlogging 192 168 0 0 16 rw no_root_squash 2 Force all accesses to a certain UID GID Example etc exports entry nfs domlogging 192 168 0 0 16 rw all_squas...

Страница 91: ...IP address with an optional space separated port number If a recipient with a port number is to be removed include the port number in the delete command Traps may be sent to multiple ports with the s...

Страница 92: ...tion changes require rebooting to take effect TANAKA Command snmp Enabled N Community public Trap Destinations 10 0 0 125 6 6 6 6 TANAKA Command snmp enable Any SNMP configuration changes require rebo...

Страница 93: ...local port access usage The modem must be disabled before LPA can be enabled and vice versa Newer SX 4 and SX 8 units may have two serial ports with firmware release 2 2 the port labeled MODEM has to...

Страница 94: ...bling Telnet For Dominion SX units that are already running firmware version 2 2 4 or higher the default port is 51000 and telnet can be enabled at any time Note The Dominion SX system must be restart...

Страница 95: ...led No SSH Enabled Yes TANAKA Command service telnet enable The system will need to be rebooted for changes to take effect TANAKA Command service ssh disable The system will need to be rebooted for ch...

Страница 96: ...86 DOMINION SX INSTALLATION AND OPERATIONS MANUAL...

Страница 97: ...ove the DOM disk 9 Plug the DOM disk into the Dominion SX unit reconnect the power cable to the DOM close the unit cover install the screws and power ON the unit 10 The Dominion SX unit can be accesse...

Страница 98: ...88 DOMINION SX INSTALLATION AND OPERATIONS MANUAL...

Страница 99: ...ature 32 to 104 C 0 to 40 F Operating Humidity 20 85 RH Remote Connection Network One 1 or two 2 10 100 Ethernet Base T RJ 45 connection Modem 4 8 Dedicated Modem DB9M Port 16 32 48 Integrated 56K V 9...

Страница 100: ...90 DOMINION SX INSTALLATION AND OPERATIONS MANUAL...

Страница 101: ...NTP Disabled Local Port Access Disabled Syslog Disabled Telnet Disabled SSH Enabled SNMP Disabled Logging to NFS Disabled SERIAL DISABLED PORTS Baud Rate 9600 Parity None To initiate access using htt...

Страница 102: ...92 DOMINION SX INSTALLATION AND OPERATIONS MANUAL...

Страница 103: ...certificate authority that issued the certificate and holds administrative information for the CA s use such as version number serial number issuer name etc To View the Certificate 1 Click on File in...

Страница 104: ...rust certificates signed by the CA s private key For additional information please see http www cren net ca Figure 73 Hierarchies of Certificate Authorities Root CA USA CA INDIA CA Marketing CA Engn C...

Страница 105: ...n its CA list which indicates signed Server Certificates If the verification is successful the Security Alert will not appear Figure 74 Schematic Diagram of Certificate Authentication Scheme Dominion...

Страница 106: ...it s IP address The Security Alert window will appear 2 Click on the View Certificate button and the Certificate window will appear Figure 75 Install Session Based Certificate 3 Click on the Install C...

Страница 107: ...file by double clicking on it This will open the certificate Figure 76 View of CA_ROOT cer 7 Click on the Install Certificate button to start the Certificate Manager Import wizard Figure 77 Certificat...

Страница 108: ...he following store radio button and click on the Browse button to choose a file you prefer Figure 78 Import Wizard Select a Certificate Page 10 Click on the Next button 11 Click on the Finish button F...

Страница 109: ...n IE and select Tools Internet Options from the main menu The Internet Options window will appear Figure 80 Internet Options Display 2 Click on the Content tab and click on the Certificates button The...

Страница 110: ...ach Dominion SX unit you wish to access To eliminate the appearance of this window for every Dominion SX unit with a particular certificate you must install the root certificate in your browser descri...

Страница 111: ...n the Certificate text field 4 Select the text in the Base64 Certificate field and copy it by selecting Edit Copy from the main menu 5 Open Notepad or another text editor and paste the text you have c...

Страница 112: ...aved in Step 6 and drag it into an open Netscape Navigator window The New Certificate Authority window should appear 11 Click on the Next button 12 Click on the Next button once more 13 The Certificat...

Страница 113: ...ape Navigator and click on either the Security button or on the lock icon in the lower left of the window The Security Info window will appear 2 On the left side of this window locate Certificates and...

Страница 114: ...this occurs select the root certificate code copy it and follow the steps outlined in the section Install the Raritan Root Certificate then follow the steps outlined below If the root certificate has...

Страница 115: ...n 7 The Certificate Fingerprint will appear providing information about the CA and the root certificate you are downloading It will look similar to the window below Record the Signed by information an...

Страница 116: ...106 DOMINION SX INSTALLATION AND OPERATIONS MANUAL...

Страница 117: ...add users Information about the user is stored as a list of RADIUS protocol attributes and associated values These translate directly into the authentication reply the server will send back to the cl...

Страница 118: ...Authentication Service check box and click on the OK button 5 Click on the Next button B Configure IAS Port Information 1 To configure a remote IAS server you must have administrative privileges on th...

Страница 119: ...or MS CHAP do not click this option Notes If IAS receives an access request from a RADIUS proxy server IAS cannot detect the manufacturer of the NAS that originated the request This can cause problems...

Страница 120: ...ring following the format outlined above must be provided for every Dominion SX box contacting the RADIUS server or else the box will take a default value If the RADIUS Server is not configured for Ve...

Страница 121: ...cies Right click the policy for which interim accounting requests are to be generated and select Properties from the drop down menu On the Settings tab click Edit profile On the Advanced tab click Add...

Страница 122: ...Routing and Remote Access 2 Right click on the server name for which you want to configure RADIUS authentication and select Properties from the drop down menu 3 Click on the Security tab and under Aut...

Страница 123: ...oes not automatically assume the permissions and memberships of the previously deleted account because the security descriptor for each account is unique All permissions and memberships must be manual...

Страница 124: ...e Add button h Click on the appropriate group and click on the OK button After these steps are executed a new user can connect to the NAS device and IAS will look at the user name find the group in wh...

Страница 125: ...alidated however other versions of the RADIUS server should operate with the unit Only the user s role can be controlled on the unit using the RADIUS IETF option Note Access restrictions to specific p...

Страница 126: ...Click on the RADIUS IETF link to edit properties Under the User heading click on the check boxes before Service Type and Framed Protocol Click on the Submit button Figure 94 RADIUS Properties Display...

Страница 127: ...RADIUS IETF section Figure 96 User Properties Display 8 Click on the Service Type check box and select the appropriate service type from the drop down menu Administrative User with this Service type w...

Страница 128: ...118 DOMINION SX INSTALLATION AND OPERATIONS MANUAL...

Страница 129: ...dures for the ACE server but assumes that the administrator is familiar with the ACE server and has the ability to set up and configure the application Guidelines are provided to allow SecureID to be...

Страница 130: ...option for Dominion SX units e Encryption Type Select DES radio button for Dominion SX units f Open to All Locally Known Users Checking this box makes the Agent Host an open Agent Host which needs no...

Страница 131: ...ice Type Profiles and corresponding user roles are as follows Administrative User Users with this profile will have Administrator privileges on the unit they will have read write access to all ports a...

Страница 132: ...return to the main menu Figure 103 Add Attribute Display Note Only the user s Role can be controlled on the Dominion SX units using specific Service Type profiles Access restriction to specific ports...

Страница 133: ...it Selection Display per User 11 To configure the Dominion SX device to use RSA ACE Server as the RADIUS authentication server log on to the unit with the local administrative account click on the Con...

Страница 134: ...formation required to communicate with it check with your LDAP server administrator We recommend you obtain this information before you start configuring LDAP on the Dominion SX 3 Click on the Enable...

Страница 135: ...work as the Dominion SX After the dial up connection is established connecting to a Dominion SX is achieved by pointing the web browser to the PPP Server IP Modem installation guidelines are provided...

Страница 136: ...modem installed in your workstation Figure 109 New Phone Entry Display 4 Click on the Security tab The Security section allows you to specify the level of security to use with the modem connection Whe...

Страница 137: ...Configuring Windows 98 Dialup Networking Figure 112 Make New Connection Connection Name 3 In the Make New Connection window enter a Name Name for the Dominion SX unit you are dialing b Device Device...

Страница 138: ...con and in the Connect To window that appears click on the Connect button to establish the connection with the Dominion SX unit No username or password is required for connection as the security is pr...

Страница 139: ...p Connections 2 When the Network and Dial Up Connections window appears double click on the Make New Connection icon Figure 115 Windows 2000 Network and Dialup Connections 3 Follow the steps in the Ne...

Страница 140: ...Dial up to private network radio button and click on the Next button Figure 117 Network Connection Type 5 Click on the check box before the modem that you want to use to connect to the Dominion SX un...

Страница 141: ...box and enter the Area code and Phone number you wish to dial in the fields Click on the Next button Figure 119 Phone Number to Dial 7 In the Connection Availability screen click on the Only for mysel...

Страница 142: ...the Dial up connection Figure 121 Network Connection Wizard Completion 9 Click on the Finish button 10 To connect to the remote machine when the Dial Window appears click on the Dial button A window...

Страница 143: ...used to audit track and trace the conditions of and modifications to the unit itself This appendix describes the architecture and features of the TCL script engine and provides information to help yo...

Страница 144: ...should be affected amplock ampunlock port TCL engine locks the write access for this port GUI users using the Java Console cannot supersede TCL and force TCL unlock by the issuing the Get Write Acces...

Страница 145: ...oot scr The boot script can access the RS 232 ports but the user must insure that the write locks are released otherwise no user will be able to get write access to the console of the remote target de...

Страница 146: ...orated supports TCL 7 0 All built in TCL commands for TCL 7 0 are supported except exec interp library and TCLvars The following TCL commands are supported append glob pwd array global read break hist...

Страница 147: ...button Therefore full software reset from the GUI may be necessary to restart the interpreter When a Reset has been issued to the TCL Interpreter the BOOT SCR will NOT be executed This will prevent e...

Страница 148: ...ake input if the script is designed to accept them Automatic Execution of a TCL Script upon Power Up For a TCL script to be executed automatically upon each reboot or power cycle of the unit the scrip...

Страница 149: ...port_num 1 ampclear port_num amplock port_num set output pstat httpd port_num ampunlock port_num if output 0 puts HTTP_SERVER_OK port_num amptriggerevent event user httpProcess HTTP service is up and...

Страница 150: ...on ampgetconfiguration network modem datacom smtp radius If a specific category is specified then the data for that category will be displayed Usage ampgetconfiguration category port_number Category c...

Страница 151: ...listing all the currently configured users and their user account parameters Usage ampgetuser ampgetuser Users Steve Gaumer John Smith Michael White Fredrick Jones Note The names are not shown with an...

Страница 152: ...Wright pass1285 1 2 3 4 Unix System Administrator in Training user pwright set ampsave save complete ampgetuser Users Steve Gaumer John Smith Michael White Fredrick Jones Patrick Wright ampgetuser Pat...

Страница 153: ...ampupgrade ip_address file_path login password port_number Ip_address location of the files that are to be used in the upgrade File_path location where the files are stored Login optional ampgetversi...

Страница 154: ...pacl Either turns on or turns off access based on source IP address Usage ampsetipacl enable disable Enable turns on ip acl Disable turns off ip acl ampsetipacl enable set IP acl successful ampsave sa...

Страница 155: ...ing representing the next chunk of console data up to and including the terminator or the end of the data stream when a timeout occurs in seconds whichever comes first Note Issue an ampclear command t...

Страница 156: ...to be read by the interpreter calls exec on the input and returns the resulting string to the client ampsave Saves any changes to the system configuration In order for changes network to take effect t...

Страница 157: ...0 TCL_OK No message returned 1 TCL_ERROR wrong args should be ampwritesocket socketDescriptor message Command failed Invalid Socket Descriptor s write socket failed ampclosesocket socket_id Closes the...

Страница 158: ...ore starting any new operations ampgetmacaddress Returns the Ethernet MAC address of the unit ampsetconfig datacom checkparity value Enables the parity bit if value is 1 disables the parity bit if val...

Страница 159: ...nts amplisten checks to see if there is a new command from any client Puts will push back the response to the output buffer ampresponse will push the previous response back to the EXACT client who sen...

Страница 160: ...terval Interval at which the TCL script has to do checking To quit out of the script type QUIT and hit enter Default threshold is 2 set thr 2 Default interval is 10 seconds set intr 10 change this mai...

Страница 161: ...nt if user process utilization has gone beyond threshold if us thr amptriggerevent event alarm cpu User Process CPU utilization goes beyond threshold thr on port port listen to command inputs from use...

Страница 162: ...points Use ampclear to remove all history information for a port Use ampread with n as terminator since the script has to read each line to find out the user process utilization that is on the 10th li...

Страница 163: ...lay 10 amplock 1 puts Lock Acquired ampresponse elseif s QUIT amppermission on ampunlock 1 puts Exiting script ampresponse break else Allow observers and operators to issue commands to this TCL Servic...

Страница 164: ...INSTALLATION AND OPERATIONS MANUAL puts A TCL script is running rInputs accepted are DATA READ1 READ2 READ3 CONSOLE QUIT ampresponse Input received is not as per expectation Remind user what the expe...

Страница 165: ...ing a DNS error and reading that the server is unreachable Remove any installed Dominion SX certificates and restart the browser Unsupported Encryption The unit supports only 128 bit SSL encryption In...

Страница 166: ...security warning This is normal behavior The warning message does not affect operation of the unit Login PROBLEM SOLUTION Login Failure To provide additional security the unit login screen expires aft...

Страница 167: ...r until a timeout occurs Please wait and allow the FTP Server Unreachable message to appear FTP File Not Found The unit requires a package of upgrade files to be in the directory specified by the upgr...

Страница 168: ...158 DOMINION SX INSTALLATION AND OPERATIONS MANUAL...

Страница 169: ...set sequence consists of the following A solid green light for about 5 seconds then no light for about 15 20 seconds then another solid green light for about 5 seconds and then 3 green flashes about 1...

Страница 170: ...Main Menu screen click Upgrade and then follow the prompts You will need to enter the IP Address and File Path to perform the upgrade What if I forget or lose my password Any Administrator can assign...

Страница 171: ...APPENDIX J TECHNICAL FAQS 161...

Страница 172: ...162 DOMINION SX INSTALLATION AND OPERATIONS MANUAL 255 60 2000...

Отзывы:

Нет отзывов

Похожие инструкции для DOMINION SX -

Supero SUPERO SuperServer 6026TT-GIBQRF User Manual preview
SUPERO SuperServer 6026TT-GIBQRF
Бренд: Supero Страницы: 104
IBM x3800 - System - 8865 User Manual preview
x3800 - System - 8865
Бренд: IBM Страницы: 104
Sercomm NV842 User Manual preview
NV842
Бренд: Sercomm Страницы: 75
IBM Bull Escala E5-700 Manual preview
Bull Escala E5-700
Бренд: IBM Страницы: 116
Quantum Snap! Server 4000 Quick Start Manual preview
Snap! Server 4000
Бренд: Quantum Страницы: 8
xFusion Digital Technologies FusionServer 2288 V5 Manual preview
FusionServer 2288 V5
Бренд: xFusion Digital Technologies Страницы: 86
Buffalo TeraStation WSS WS5020N6 User Manual preview
TeraStation WSS WS5020N6
Бренд: Buffalo Страницы: 115
IBM 88643RU - System x3850 - 8864 Service Manual preview
88643RU - System x3850 - 8864
Бренд: IBM Страницы: 192
Sun Microsystems iPlanet Web Server Installation Manual preview
iPlanet Web Server
Бренд: Sun Microsystems Страницы: 62
Kontron Embedded Computers PxV206 User Manual preview
PxV206
Бренд: Kontron Embedded Computers Страницы: 46
Meridian Sooloos Ensemble Quick Start Manual preview
Sooloos Ensemble
Бренд: Meridian Страницы: 2
JIEYUN TECHNOLOGY J60 User Manual preview
J60
Бренд: JIEYUN TECHNOLOGY Страницы: 25
Kontron MBx406 User Manual preview
MBx406
Бренд: Kontron Страницы: 42
Advantech EKI-1511X User Manual preview
EKI-1511X
Бренд: Advantech Страницы: 76
Advantech ASMB-781 User Manual preview
ASMB-781
Бренд: Advantech Страницы: 92
Viavi G4-Apex-ENT-80T Manual preview
G4-Apex-ENT-80T
Бренд: Viavi Страницы: 11
C-MOR GP User Manual preview
GP
Бренд: C-MOR Страницы: 43
Silicon Graphics International SGI UV 30 User Manual preview
SGI UV 30
Бренд: Silicon Graphics International Страницы: 68

Бренды по названию

Популярные бренды

Загрузить еще бренды