Bay Networks NA, User Manual

Page 1: ...Part No 118358 A Rev A September 1997 Marketing Release 5 1 Remote Access Concentrator Software Server Tools for Windows NT Using ...

Page 2: ...ited States Government is subject to restrictions as set forth in subparagraph c 1 ii of the Rights in Technical Data and Computer Software clause at DFARS 252 227 7013 Notwithstanding any other license agreement that may pertain to or accompany the delivery of this computer software the rights of the United States Government regarding its use reproduction and disclosure are as set forth in the Co...

Page 3: ...IES INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE In addition the program and information contained herein are licensed only pursuant to a license agreement that contains restrictions on use and disclosure that may incorporate by reference certain limitations and notices imposed by third parties ...

Page 4: ...its licensors retain all title and ownership in both the Software and user manuals including any revisions made by Bay Networks or its licensors The copyright notice must be reproduced and included with any copy of any portion of the Software or user manuals Licensee may not modify translate decompile disassemble use for any competitive analysis reverse engineer distribute or create derivative wor...

Page 5: ...rks does not warrant a that the functions contained in the software will meet the Licensee s requirements b that the Software will operate in the hardware or software combinations that the Licensee may select c that the operation of the Software will be uninterrupted or error free or d that all defects in the operation of the Software will be corrected Bay Networks is not obligated to remedy any S...

Page 6: ...clause of FAR 52 227 19 and the limitations set out in this license for civilian agencies and subparagraph c 1 ii of the Rights in Technical Data and Computer Software clause of DFARS 252 227 7013 for agencies of the Department of Defense or their successors whichever is applicable 6 Use of Software in the European Community This provision applies to all Software acquired for use within the Europe...

Page 7: ...s and regulations or to any national or resident of such restricted or embargoed countries or ii provide the Software or related technical data or information to any military end user or for any military end use including the design development or production of any chemical nuclear or biological weapons 9 General If any provision of this Agreement is held to be invalid or unenforceable by a court ...

Page 8: ...IONS LICENSEE FURTHER AGREES THAT THIS AGREEMENT IS THE ENTIRE AND EXCLUSIVE AGREEMENT BETWEEN BAY NETWORKS AND LICENSEE WHICH SUPERSEDES ALL PRIOR ORAL AND WRITTEN AGREEMENTS AND COMMUNICATIONS BETWEEN THE PARTIES PERTAINING TO THE SUBJECT MATTER OF THIS AGREEMENT NO DIFFERENT OR ADDITIONAL TERMS WILL BE ENFORCEABLE AGAINST BAY NETWORKS UNLESS BAY NETWORKS GIVES ITS EXPRESS WRITTEN CONSENT INCLUD...

Page 9: ...3 Platform Requirements 1 4 Chapter 2 Selecting Server Tools Options Selecting a Security Server 2 1 Creating a RADIUS Authentication and Accounting Server 2 6 Selecting Booting Logging Options 2 8 Using the Event Viewer 2 10 Configuring a RADIUS Server 2 13 Creating and Configuring a RADIUS Server 2 14 Modifying RADIUS Server Information 2 15 Deleting RADIUS Server Information 2 16 Displaying Ver...

Page 10: ...urity 4 7 Virtual CLI Security 4 7 AppleTalk Security 4 7 Port Server Security 4 8 Third Party Security Types 4 8 Using ACE Server Security 4 8 Additional Security Types 4 9 RADIUS Security 4 10 RADIUS and ACP Protocol Operation 4 11 RADIUS Authentication 4 12 PPP and CHAP Support 4 12 Access Request Attributes 4 13 Access Accept and Access Reject Attributes 4 15 RADIUS Accounting 4 15 RADIUS Acco...

Page 11: ...ccess Concentrator Server Tools for Windows NT Figures Figure 2 1 The Server Tools Options Dialog Box 2 2 Figure 2 2 Event Viewer 2 11 Figure 2 3 The Radius Servers Dialog Box 2 13 Figure 2 4 The Version Dialog Box 2 17 ...

Page 12: ...Using Remote Access Concentrator Server Tools for Windows NT Figures x ...

Page 13: ...hat you know the parameter values needed to configure RACs This guide is part of the complete RAC documentation set You should refer to other manuals in the set for information not related to Remote Access Concentrator Server Tools for Windows NT Before You Begin Before using this guide you must Install the Remote Access Concentrator Install the Remote Access Concentrator Software for Windows and ...

Page 14: ...talics In the context of commands and command syntax lowercase italics indicate variables for which the user supplies a value In command dialog square brackets indicate default values Pressing selects this value Square brackets appearing in command syntax indicate optional arguments In command syntax braces indicate that one and only one of the enclosed value must be entered In command syntax this...

Page 15: ... Protocol CLI Command Line Interface erpcd expedited remote procedure daemon IP Internet Protocol IPX Internetwork Packet Exchange ISDN Integrated Services Digital Network NFS Network File Server PAP Authentication Protocol PPP Point to Point Protocol RAC Remote Access Concentrator SLIP Serial Line Internet Protocol TCP Transmission Control Protocol TFTP Trivial File Transfer Protocol UD User Data...

Page 16: ...works com Library tpubs Bay Networks Customer Service You can purchase a support contract from your Bay Networks distributor or authorized reseller or directly from Bay Networks Services For information about or to purchase a Bay Networks service contract either call your local Bay Networks field sales office or one of the following numbers Information about customer service is also available on t...

Page 17: ...aff for that distributor or reseller for assistance If you purchased a Bay Networks service program call one of the following Bay Networks Technical Solutions Centers Technical Solutions Center Telephone number Fax number Billerica MA 800 2LANWAN 508 916 3514 Santa Clara CA 800 2LANWAN 408 495 1188 Valbonne France 33 4 92 96 69 68 33 4 92 96 69 98 Sydney Australia 61 2 9927 8800 61 2 9927 8811 Tok...

Page 18: ...Using Remote Access Concentrator Server Tools for Windows NT About This Guide xvi ...

Page 19: ...addition the product takes advantage of Windows NT domains to authenticate and authorize users NA Utility Features ThenautilityletsyoumonitorandmodifyRACoperatingcharacteristics It allows you to Boot a RAC Reset a RAC Identify a RAC by its Internet address or host name Set and show values for all RAC configuration parameters Save current configuration parameter settings into script files Copy the ...

Page 20: ...cumentation In addition to this manual you need the Managing Remote Access Concentrators Using Command Line Interfaces and Remote Access Concentrator Software Reference These guides provide reference procedure and feature descriptions Be aware that minor differences exist between Windows NT based erpcd and UNIX based erpcd This section lists these issues and guides you to the appropriate manuals U...

Page 21: ...he standard RAC log destinations you can configure Remote Access Concentrator Server Tools for Windows NT to send Syslog and ACP log messages to the Windows NT Event Log See Chapter 3 in this guide for details For additional logging information refer to Managing Remote Access Concentrators Using Command Line Interfaces Documentation Exceptions Some information in Managing Remote Access Concentrato...

Page 22: ... NT requires Windows NT Server version 3 51 or 4 0 configured to support the TCP IP protocol Administrative privileges on the server 15 MB free disk space on an NTFS drive One Windows NT Server client license per RAC A PC with an Intel Pentium or any fully compatible CPU or a DEC Alpha running Windows NT Server 4 0 32 MB RAM CD ROM drive to install the product ...

Page 23: ...IUS server and view information about your current Remote Access Concentrator Server Tools for Windows NT software version This chapter includes Selecting a Security Server and Group Authentication Selecting Booting Logging Options Configuring a RADIUS Server Displaying Version Information Selecting a Security Server TheSecuritytabdialogboxallowsyoutochooseasecurityregime select RADIUS Authenticat...

Page 24: ...T Chapter 2 Selecting Server Tools Options 2 2 Figure 2 1 The Server Tools Options Dialog Box To select options in the Security window Specify a Regime Select the protocol you desire from the Regime radio box Native NT default selection RADIUS Security SecurID ...

Page 25: ... users If you do not select it the system will authenticate user names and passwords only 3 If you select Native NT and want to create a default remote users group click the Create Remote Users Group check box If you want to create a new Remote Users Group see RADIUS Security on page 2 4 4 If you select Native NT choose an existing domain from the Domain field When you choose a domain the groups w...

Page 26: ...r security protocol select the Authentication Server and Accounting Server in the RADIUS Servers list box If the only options available in these two drop down lists are local and same as authentication server you need to create a list of servers from which to choose For more information on this procedure see Configuring a RADIUS Server on page 2 13 Chapter 4 provides additional information regardi...

Page 27: ... on OK or Apply by selecting it and clicking on Remove or by deselecting the Create Remote Users Group check box To create a new Group 1 Click on the Administrative Tools icon in the Windows NT program group window The Administrative Tools window appears 2 Click on the User Manager for Domains icon The User Manager for Domains dialog box appears 3 Add the new Group and associated information For m...

Page 28: ...to close the dialog box without saving or applying your changes Click on Apply to set your changes and leave the Server Tools Options window open on your desktop Use this option if you want to make changes in any of the other tabbed dialogs Creating a RADIUS Authentication and Accounting Server To create a RADIUS Authentication or Accounting server 1 From the Server Tools Options window click on t...

Page 29: ...ou click on Accept or Revert After Accept or Revert is chosen the fields become inactive To reactivate for editing these fields select the server then choose Modify 6 Click on OK to save your changes and close the dialog box Click on Cancel to close the dialog box without saving or applying your changes Click on Apply to set your changes and leave the Server Tools Options window open on your deskt...

Page 30: ...lectlogfiles tochoose locations for load and dump files and to choose directories time formats and network address formats for the log file To display this window choose the Booting Logging tab in the Server Tools Options window If you select Use NT Event Log your settings for time and network address formats appear in the acp_logfile and in the Detail window of the NT Event Log ...

Page 31: ...e the images to the new directory the RACs will be unable to boot 2 Click either Use NT Event Log Use acp_logfile or Use RADIUS Logging to choose a method for storing log messages You can log RAC syslog messages and erpcd or RADIUS security messages If you select Use NT Event Log the system stores messages in the Applications portion of the standard Windows NT Event Log If you select Use acp_log f...

Page 32: ... IP address or Host Name format from the Network Address Format box You can choose Use IP Address to place the Internet address of a RAC that generates logging messages in the log files UseHostNametoincludeaRACnameinthelogfilesinstead of the RAC s Internet address The time and address formats you choose appear in the acp_logfile or RADIUS logging If you choose Use NT Event Log the format appears i...

Page 33: ...Tools Options Using Remote Access Concentrator Server Tools for Windows NT To view Windows NT logs double click on the Event Viewer icon in Administrative Tools and select Application from the Log menu Figure 2 2 Event Viewer WARNING ...

Page 34: ... times events occur Source lists the software that logged the event For syslog messages from a RAC or from the network Annex_syslog appears For messages generated by erpcd the column displays Annex_syslog For security messages the log entry reads Annex_ACP Category classifies events Event displays the event number the RAC generates a number to identify each event User displays N A Remote Access Co...

Page 35: ...at parameters To view this information click on the RADIUS Servers tab of the Server Tools Options window Figure 2 3 The Radius Servers Dialog Box First Time Use When you open the RADIUS Servers dialog box for the first time after installation the information fields are blank and inactive You need to create and configure the RADIUS servers that you will be using Use the following procedures to cre...

Page 36: ...to cancel your changes You can modify any of the fields before you click on Accept or Revert After choosing Accept or Revert the fields become inactive To reactivate for editing these fields select the server then choose Modify 6 Click OK to save your changes and close the Server Tools Options window Click on Cancel to close the dialog box without saving or applying your changes Click on Apply to ...

Page 37: ... cursor in the information field you wish to change and enter the new information 3 Click on Accept to save the modified information or Revert to cancel your changes You can modify any of the fields before you click on Accept or Revert After choosing Accept or Revert the fields become inactive To reactivate these fields select the server then choose Modify 4 Click OK to save your changes and close...

Page 38: ...Click OK to delete the RADIUS Server or Cancel to exit the confirmation dialog box without deleting any server information The confirmation dialog box closes 3 Click OK to save your changes and close the Server Tools Options window Click on Cancel to close the dialog box without saving or applying your changes Click on Apply to set your changes and leave the Server Tools Options window open on you...

Page 39: ...ndows NT Displaying Version Information The Version tab window provides the company and product name version number and build number for the Remote Access Concentrator Server Tools To view this information click on the Version tab of the Server Tools Options window Figure 2 4 The Version Dialog Box ...

Page 40: ...Using Remote Access Concentrator Server Tools for Windows NT Chapter 2 Selecting Server Tools Options 2 18 ...

Page 41: ...ices that erpcd provides Eservices includes controls for The block file server bfs program sends boot files to a RAC and collects dump files from a RAC The Access Control Protocol ACP program provides security when you define a Windows NT server as a security server The Remote Access Concentrator Server Tools implements erpcd differently because it uses Windows NT domain authentication This chapte...

Page 42: ...group names are not case sensitive Using the acp_userinfo File The acp_userinfo file stores information about the RAC commands and protocols available to users When a user logs into the server erpcd matches the login environment with acp_userinfo entries and controls user access based on these entries Defining User Profiles Defining user profiles is useful only when you want to restrict user privi...

Page 43: ...tions or attributes so that the RAC denies access to the user User Profile Formats The acp_userinfo file stores user profiles in the user end block format This format includes User to begin the block One or more keywords that specify the user environment Entries must contain A keyword an equal sign and a value without spaces For an explanation of these keywords refer to User Environment Keywords o...

Page 44: ...you need to specify profiles in the order in which you want them to match Username and Group Keywords The username keyword specifies a single Windows NT user The group keyword allows you to create a user profile for any member of a Windows NT group To use these keywords enter username or group followed by a user or group name If you do not enter a user or group name the profile applies to all user...

Page 45: ...you omit a m or p m the time defaults to the 24 hour format protocol Keyword The protocol keyword defines a protocol by which a user can connect to a RAC To define a protocol type protocol followed by slip ppp or cli You cannot enter more than one protocol on a line However you can repeat the protocol format and add a second or third profile annex and ports Keywords The annex and ports keywords sp...

Page 46: ...al back port Before you can use the accesscode attribute you must define at least two modem pools one for dial in and one for dial out in the acp_userinfo file A modem pool groups asynchronous ports on one or more RACs Modem pool definitions appear at the end of the acp_userinfo file To define a modem pool 1 From the Bay Networks program group window double click on the appropriate icon to open th...

Page 47: ...t that number 3 Type in_pool followed by the name of an inbound modem pool e g in_pool inboundpool1 4 Type out_pool followed by the name of an outbound modem pool e g out_pool outboundpool1 5 Type job followed by one CLI command its arguments and end You do not need to enter a job specification 6 Type end clicmd The clicmd attribute lists CLI commands that erpcd will execute if the profile matches...

Page 48: ...clude the same CLI command in the clicmd and climask entries climask The climask attribute limits the CLI commands users can execute To use this attribute 1 From the Bay Networks program group window double click on the appropriate icon to open the acp_userinfo file The acp_userinfo file opens in the Notepad editor 2 Find the area of the file where entry information resides and type climask 3 Ente...

Page 49: ...en the acp_userinfo file The acp_userinfo file opens in the Notepad editor 2 Find the area of the file where entry information resides and type deny following a user name or group name If you include additional attributes in a profile that uses deny the profile will not execute them When erpcd denies access to a RAC it generates a message in the log file For CLI users the message appears on the sc...

Page 50: ... scope family criteria andactions Separateeachpartofthefilterdefinitionwithaspace Direction applies the filter to incoming or outgoing packets You can enter input or output To apply a filter to incoming as well as outgoing packets you must create two separate definitions Scope controls how erpcd matches the filter definition You can enter include to apply the filter to packets that match the defin...

Page 51: ...eparated by a space on the same line If you use this keyword you cannot use dst_address or src_address port_pair for incoming or outgoing packets passing between two ports or services followed by a port number or service name If you use this keyword you cannot use dst_port or src_port protocol the transport protocol of the packet followed by a number from 1 to 65535 or by tcp udp or icmp To match ...

Page 52: ...will not activate a dynamic dial out line but will keep the line up and will reset the net_inactivity timer parameter to zero syslog logs the event in the log files route The route attribute defines the IP routes that a router makes available through a RAC when it dials in Use this attribute when you do not want a router to incur overhead in running a routing protocol itself To use this attribute ...

Page 53: ...mber of hops or h 7 Type end at_zone The at_zone attribute lists AppleTalk zones on a network To use this attribute 1 From the Bay Networks program group window double click on the appropriate icon to open the acp_userinfo file The acp_userinfo file opens in the Notepad editor 2 Find the area of the file where entry information resides and type at_zone 3 Enter one or more zone names If you use mor...

Page 54: ...f minutes user john at_connect_time 12 end The above example limits the session to twelve minutes at_nve_filter The at_nve_filter attribute allows you to include or exclude users from specific objects network numbers subzones and zones Specify one at_nve_filter attribute for each user in a profile To use this attribute 1 From the Bay Networks program group window double click on the appropriate ic...

Page 55: ...asswords to authenticate all AppleTalk users To use this attribute 1 From the Bay Networks program group window double click on the appropriate icon to open the acp_userinfo file The acp_userinfo file opens in the Notepad editor 2 Find the area of the file where entry information resides and type at_password followed by a password using 1 to 9 characters Include punctuation marks in the password I...

Page 56: ...east 16 characters Using the acp_keys File The acp_keys file stores RAC names or IP addresses and corresponding encryption keys Erpcd uses the keys you define here to create encryption keys that the security server and a RAC use to exchange messages When the security server receives an encrypted message from a RAC it matches the key with an associated RAC in the acp_keys file If there is no match ...

Page 57: ...searches entries that contain wildcards In either case erpcd uses the first key entry it finds Creating Encryption Keys Define encryption keys by setting the acp_key parameter for each RAC If the key value is not the same in the acp_keys file and for the acp_key parameter the RAC and the server cannot communicate In addition you must set the enable_security parameter to Y to use security features ...

Page 58: ...u must set the address_origin parameter to ACP via the na utility This allows a RAC to search the acp_dialup file for the remote client s user name and for local and remote addresses To create an entry in the acp_dialup file 1 From the Bay Networks program group window double click on the appropriate icon to open the acp_dialup file The acp_dialup file opens in the Notepad editor 2 Go to the end o...

Page 59: ... name and a remote address but not a local address the RAC uses the remote address from the file and uses the RAC s IP address for the local address If the file does not contain a matching user name the RAC uses values from the local_address and remote_address parameters If both parameters contain addresses the RAC uses these values If both parameters are set to 0 0 0 0 the RAC negotiates for both...

Page 60: ...Using Remote Access Concentrator Server Tools for Windows NT Chapter 3 Understanding Erpcd 3 20 ...

Page 61: ...electing options in the Security dialog box Select Global Group Authentication Select a domain then select the groups whose members can be authenticated If you are using Global Group Authentication select Native NT as your Security Regime For more information on group authentication see Chapter 3 This chapter summarizes most security features and explains the relationship between Windows NT domain...

Page 62: ...f the user name and password are valid the system determines whether the user is a member of any groups you select Support for Multiple Domains Remote Access Concentrator Server Tools can authenticate users from domains other than the default domain of the security server To facilitate this feature the Windows NT administrator must establish at least a one way trust relationship A trusting domain ...

Page 63: ...ed domain s security accounts manager database Server Tools Steps All Windows NT users who require authorization must use the Remote Access Concentrator Server Tools software to configure these services Those definitions are accomplished in the following steps 1 Add a valid entry s in the acp_userinfo file 2 If the caller requires a dial up address add a valid entry s in the acp_dialup file Thenam...

Page 64: ...ty to Set the enable_security parameter to Y Define one server as the primary security server by entering its address in the pref_secure1_host parameter Define a backup security server in the pref_secure2_host parameter If a RAC queries the primary server and does not receive a response within the time defined in the network_turnaround parameter the RAC queries the backup server If the backup serv...

Page 65: ...for several types of server based security by using the na utility to set security parameters Once these parameters are set Remote Access Concentrator Server Tools uses Windows NT user names and passwords to authenticate users This section describes the type of server based security that use Windows NT domain security It includes PPP Security CLI Security Virtual CLI Security AppleTalk Security Po...

Page 66: ...To configure Windows NT security for PPP links you must set the ppp_security_protocol parameter If you set ppp_security_protocol to pap the system uses Windows NT user names and passwords for authentication If you set ppp_security_protocol to chap pap the system first requests CHAP security If CHAP is not acknowledged it requests PAP CHAP does not authenticate Windows NT user names passwords or re...

Page 67: ...r CLI connections set the cli_security parameter to Y Virtual CLI Security Virtual CLI VCLI connections allow network users access to CLI commands When a user enters a telnet command to connect to a RAC and requests the CLI at the port server prompt the RAC s port server process creates a virtual CLI connection AppleTalk Security Remote Access Concentrator Server Tools authenticates AppleTalk user...

Page 68: ...Y For VCLI connections set the vcli_security parameter to Y Third Party Security Types Remote Access Server Tools for Windows NT supports ACE Server SecurID security Using ACE Server Security The ACE Server token is an access control security token used to identify users of computer systems and secure TCP IP networks Used in conjunction with the SecurID card hardware or software access control mod...

Page 69: ...security using the graphical user interface see Chapter 2 Additional Security Types Remote Access Concentrator Server Tools supports port server CLI VCLI and PPP security using Windows NT domain user names and passwords Remote Access Concentrator Server Tools supports Security Filters ARA and Dial back security defined in the acp_userinfo file Dial up security defined in the acp_dialup file Remote...

Page 70: ... the RADIUS server and authentication of the RADIUS server to the NAS RADIUS supports authentication modes PAP and CHAP RADIUS Accounting another IETF developed protocol defines a communication standard between an NAS and a host based accounting server It records duration of service packet throughput and raw throughput RADIUS Authorization is not supported in this release but Authorization is addr...

Page 71: ... password are entered correctly ERPCD ACP sends a RADIUS Access Request packet to the RADIUS server this packet contains the normal RADIUS header and the Access Request attributes the Access Accept Access Reject or Access Challenge packet fails to arrive in the specified amount of time ERPCD ACP re sends the packet no response is received ERPCD ACP sends the Access Request packet to the backup RAD...

Page 72: ...f radio button in the Server Tools Options Security dialog box is set to off the ACP server validates against the chap_secret entry in the acp_userinfo file The Then RAC sends the ACP server an ACP Authorization Request message containing the CHAP information the ACP server determines if RADIUS is to be used set in Server Tools Options dialog box and sends a request to the RADIUS server containing...

Page 73: ...minated ASCII string identical to the user name that ERPCD ACP retrieves via the user name prompt You can specify up to 31 alphanumeric characters User Password Specifies the user password that the RADIUS server will authenticate CHAP Password Specifies the response value of a CHAP user in response to the password challenge NAS IP Address Indicates the IP address of the RAC authenticating the user...

Page 74: ...tribute CHAP Challenge appears in the Authenticator of the RADIUS header Framed Protocol Specifies the link level protocol type allowable to the user Supported values are PPP SLIP Service Type Specifies the type of service the user will receive Supported types of service are Login Framed NAS Prompt Outbound Administrative n Description 0 Serial interface port 2 Virtual VCLI FTP 3 Dial out 4 Ethern...

Page 75: ...e RAC to display text sent in a Reply Message attribute as long as the user is a CLI or port server user RADIUS Accounting RADIUS Accounting defines a communication standard between a NAS and a host based accounting server It records duration of service packet throughput and raw throughput This section covers the following topics RADIUS Accounting Process Accounting Request Attributes To utilize R...

Page 76: ...s Stop 2 ERPCD ACP logout events Accounting on 7 ACP logging connection becomes active Accounting off 8 ACP audit logging connection becomes inactive When or If The the RAC sends an ACP Audit log to the server security profile for the ACP Authorization Request must match the Security dialog box RADIUS Regime On Off radio button setting On RADIUS security active Off Native NT security active ERPCD ...

Page 77: ...lways set to RADIUS Acct Input Packets Specifies how many packets received during the session Acct Output Packets Specifies how many packets sent during the session Acct Session Time Specifies the elapsed session time as calculated in RADIUS Other Attributes All attributes that are included in the Access Request packet are also included in the Accounting Request packet RADIUS Configuration Managem...

Page 78: ...rver is the host name of the RADIUS Accounting server If an Accounting server is not specified it defaults to the ACP server If a RADIUS server is not specified the RADIUS server defaults to the ACP server Secret Format The format for secret is an ASCII string or a hexadecimal string The hexadecimal string format always starts with 0x followed by a string of bytes with each two hexadecimal digits ...

Page 79: ...ptions dialog box click on the Security tab 2 Select the RADIUS radio button to enable the RADIUS security server If you do not select this option your security server will default to native Windows NT security 3 From the Server Tools Options dialog box click on the RADIUS Servers tab 4 Click the Backup Server down arrow to select the backup RADIUS server or RADIUS accounting server IfNoneisdispla...

Page 80: ...RPCD ACP waits the specified timeout value 4 seconds by default for the response packet the time expires ERPCD ACP retries the request the maximum number of retries 10 by default is reached without a response from the server attempt to authenticate against the primary server fails and ERPCD ACP attempts to authenticate against the backup server if defined no response is received from the backup se...

Page 81: ...s provided as documentation and a convenience This file defines keywords types and values for RADIUS attributes and their corresponding code points The file is in a format that is used as input by some RADIUS servers to parse messages and write text output files Customers might have existing dictionaries with differences in the keyword names and may want to evaluate the impact to their databases a...

Page 82: ...iesandmake a decision on how to apply the differences The following is a partial example of the some of the dictionary contents ATTRIBUTE User Name 1 string ATTRIBUTE Password 2 string ATTRIBUTE CHAP Password 3 string ATTRIBUTE NAS IP Address 4 ipaddr ATTRIBUTE NAS Port 5 integer ATTRIBUTE Service Type 6 integer ATTRIBUTE Framed Protocol 7 integer ATTRIBUTE Framed IP Address 8 ipaddr Framed Protoc...

Page 83: ...ervice Type Login User 1 VALUE Service Type Framed User 2 VALUE Service Type Callback Login User 3 VALUE Service Type Callback Framed User 4 VALUE Service Type Outbound User 5 VALUE Service Type Administrative User 6 VALUE Service Type NAS Prompt 7 VALUE Service Type Authenticate Only 8 VALUE Service Type Callback NAS Prompt 9 ...

Page 84: ...Using Remote Access Concentrator Server Tools for Windows NT Chapter 4 Using Security Features 4 24 ...

Page 85: ... 17 annex keyword 3 5 at_connect_time attribute 3 14 at_guest parameter 3 15 at_nve_filter attribute 3 14 at_password attribute 3 15 at_security parameter 4 7 at_zone attribute 3 13 attributes profile 3 6 to 3 16 B Bay Networks Press xiv bfs directory 2 9 block file server See bfs directory C CHAP security protocol 4 6 chap_secret attribute 3 16 CHAP password attribute 4 13 cli_security parameter ...

Page 86: ...name servers 1 3 NAS IP address attribute 4 13 NAS port attribute 4 14 NAS port type attribute 4 13 native NT security 2 3 net_inactivity timer parameter 3 12 network address format box 2 10 network_turnaround parameter 4 4 P PAP security protocol 4 6 platform requirements 1 4 port_server_security parameter 4 8 ports keyword 3 5 ppp_security_protocol parameter 4 6 pref_secure1_host parameter 4 4 p...

Page 87: ... 7 port server security 4 5 PPP security 4 6 virtual CLI security 4 8 using Windows NT domain 4 2 security regime 2 1 security server selection 2 17 security_broadcast parameter 4 4 selecting a security server 2 1 server tools options selecting booting and logging options 2 1 server tools options window 4 2 displaying version information in 2 17 selecting groups for authentication 2 5 selecting lo...

Page 88: ...Index Using Remote Access Concentrator Server Tools for Windows NT Index 4 server tools options window 2 1 ...