Bay Networks Remote Annex, User Manual

Page 1: ...Part No 166 025 305 Rev A January 1997 User Guide Remote Annex Server Tools for Windows NT ...

Page 2: ...tates Government regarding its use reproduction and disclosure are as set forth in the Commercial Computer Software Restricted Rights clause at FAR 52 227 19 Trademarks of Bay Networks Inc Annex Remote Annex Annex Manager Remote Annex 2000 Remote Annex 4000 Remote Annex 6100 Remote Annex 6300 Remote Annex 5390 Async Remote Annex 5391 CT1 Remote Annex 5393 PRI Remote Access Concentrator 5399 BaySta...

Page 3: ...iii Remote Annex Server Tools for Windows NT User Guide Revision Level History Revision Description A Initial release ...

Page 4: ...Remote Annex Server Tools for Windows NT User Guide Revision Level History iv ...

Page 5: ...oting Logging Options 2 8 Using the Event Viewer 2 10 Configuring a RADIUS Server 2 13 Creating and Configuring a RADIUS Server 2 14 Modifying RADIUS Server Information 2 15 Deleting RADIUS Server Information 2 16 Displaying Version Information 2 17 Chapter 3 Understanding Erpcd Editing Files 3 2 Using the acp_userinfo File 3 2 Defining User Profiles 3 2 Using the acp_keys File 3 16 Creating Encry...

Page 6: ...ration 4 11 RADIUS Authentication 4 12 PPP and CHAP Support 4 12 Access Request Attributes 4 13 Access Accept and Access Reject Attributes 4 15 RADIUS Accounting 4 15 RADIUS Accounting Process 4 16 Accounting Request Attributes 4 16 RADIUS Configuration Management 4 17 Backup Security 4 21 RADIUS Dictionary File 4 22 Appendix A Browsing for Resources on a Microsoft Network Browser Definition A 1 L...

Page 7: ...99 Remote Access Concentrator RAC Module MicroCS Cabletron CSMIMII 3COM 6133C XS 3COM 6117C XS The Remote Annex Server Tools for Windows NT User Guide is intended for System Administrators or others who need to configure Remote Annex servers It assumes that you are familiar with network protocols and that you know the parameter values needed to configure Remote Annexes This guide is part of the co...

Page 8: ...ral features and behaviors that were ported from UNIX This chapter also lists minimum system requirements Chapter 2 Selecting Server Tools Options describes Windows NT Server security options and tells you how to set Remote Annex security parameters Chapter 3 Understanding Erpcd discusses the role of the expedited remote procedure call daemon or erpcd Erpcd is a Remote Annex software sub system th...

Page 9: ...ools for Windows NT User Guide conventions Convention Represents Italics chapter titles book titles and chapter headings special type defines samples in the na utility bold path names program names field names or file names one step procedures important information conditions that can have adverse effects on processing dangerous conditions ...

Page 10: ...Remote Annex Server Tools for Windows NT User Guide Preface x ...

Page 11: ...mmand line interface that lets you monitor and modify Remote Annex and 5399 RAC operating characteristics It allows you to Boot a Remote Annex 5399 RAC Reset a Remote Annex 5399 RAC Identify a Remote Annex 5399 RAC by its Internet address or host name Set and show values for all Remote Annex 5399 RAC configuration parameters Save current configuration parameter settings into script files Copy the ...

Page 12: ...mote Annex Administrator s GuideforUNIXortheModule5399RemoteAccessConcentratorNetwork Administrator s Guide and the Remote Annex 6300 Supplement to the Remote Annex Administrator s Guide for UNIX These guides provide reference procedure and feature descriptions for the Remote Annexes in a UNIX environment Be aware that minor differences exist between Windows NT based erpcd and UNIX based erpcd Thi...

Page 13: ...s For additional logging information refer to the numerous chapters in the Remote Annex Administrator s Guide for UNIX or the Module 5399 Remote Access Concentrator Network Administrator s Guide and the Remote Annex 6300 Supplement to the Remote Annex Administrator s Guide for UNIX Documentation Exceptions Some information in the Remote Annex Administrator s Guide for UNIX and the Module 5399 Remo...

Page 14: ...cp getty A 13 Printing from a BSD Host using aprint or rtelnet Printing from a System V Host using aprint or rtelnet A 14 Installing Software Using bfs IEN 116 Name Server Setting Up a Host for 4 3BSD Syslogging A 15 Configuring the acp_regime file Creating User Password Files Limiting Access to Hosts via acp_restrict Overview of Password History and Aging Enabling and Configuring Password Histori...

Page 15: ...51 or 4 0 configured to support the TCP IP protocol Administrative privileges on the server 15 MB free disk space on an NTFS drive One Windows NT Server client license per Annex A PC with an Intel Pentium or higher CPU or any fully compatible CPU 32 MB RAM CD ROM drive to install the product Book Chapter Topic B 2 TMux Specific Annex Parameters vs MIB Objects C 4 aprint rtelnet ...

Page 16: ...ide to UNIX for port numbers as profile attributes Model 5399 Remote Access Concentrator Network Administrator s Guide for port types as profile attributes Remote Annex 6300 Supplement to Remote Annex Administrator s Guide to UNIX for port types as profile attributes Topic Chapter erpcd A 4 acp_userinfo A 15 acp_keys A 15 acp_dialup A 15 na utility C 1 CLI commands C 3 port numbers as profile attr...

Page 17: ...ADIUS server and view information about your current Remote Annex Server Tools for Windows NT software version This chapter includes Selecting a Security Server and Group Authentication Selecting Booting Logging Options Configuring a RADIUS Server Displaying Version Information Selecting a Security Server TheSecuritytabdialogboxallowsyoutochooseasecurityregime select RADIUS Authentication and Acco...

Page 18: ...apter 2 Selecting Server Tools Options 2 2 Figure 2 1 The Server Tools Options Dialog Box To select options in the Security window Specify a Regime Select the protocol you desire from the Regime radio box Native NT default selection RADIUS Security SecurID ...

Page 19: ... you do not select it the system will authenticate user names and passwords only 3 If you select Native NT and want to create a default remote users group click the Create Remote Users Group check box If you want to create a new Remote Users Group see RADIUS Security on page 2 4 4 If you select Native NT choose an existing domain from the Domain field When you choose a domain the groups within tha...

Page 20: ...hentication Server and Accounting Server in the RADIUS Servers list box If the only options available in these two drop down lists are local and same as authentication server you need to create a list of servers from which to choose For more information on this procedure see Configuring a RADIUS Server on page 2 13 Additional information regarding RADIUS security can be found in Chapter 4 Third Pa...

Page 21: ...OK or Apply by selecting it and clicking on Remove or by deselecting the Create Remote Users Group check box To create a new Group 1 Click on the Administrative Tools icon in the Windows NT program group window The Administrative Tools window appears 2 Click on the User Manager for Domains icon The User Manager for Domains dialog box appears 3 Add the new Group and associated information For more ...

Page 22: ...lose the dialog box without saving or applying your changes Click on Apply to set your changes and leave the Server Tools Options window open on your desktop Use this option if you want to make changes in any of the other tabbed dialogs Creating a RADIUS Authentication and Accounting Server To create a RADIUS Authentication or Accounting server 1 From the Server Tools Options window click on the R...

Page 23: ...lick on Accept or Revert After Accept or Revert is chosen the fields become inactive To reactivate for editing these fields select the server then choose Modify 6 Click on OK to save your changes and close the dialog box Click on Cancel to close the dialog box without saving or applying your changes Click on Apply to set your changes and leave the Server Tools Options window open on your desktop U...

Page 24: ...logfiles tochoose locations for load and dump files and to choose directories time formats and network address formats for the log file To display this window choose the Booting Logging tab in the Server Tools Options window If you select Use NT Event Log your settings for time and network address formats appear in the acp_logfile and in the Detail window of the NT Event Log ...

Page 25: ... images to the new directory the Remote Annexes will be unable to boot 2 Click either Use NT Event Log Use acp_logfile or Use RADIUS Logging to choose a method for storing log messages You can log Remote Annex syslog messages and erpcd or RADIUS security messages If you select Use NT Event Log the system stores messages in the Applications portion of the standard Windows NT Event Log If you select...

Page 26: ... format from the Network Address Format box You can choose Use IP Address to place the Internet address of a Remote Annex that generates logging messages in the log files Use Host Name to include a Remote Annex name in the log files instead of the Remote Annex s Internet address The time and address formats you chose appear in the acp_logfile or RADIUS logging If you chose Use NT Event Log the for...

Page 27: ...ing Server Tools Options Remote Annex Server Tools for Windows NT User Guide To view Windows NT logs double click on the Event Viewer icon in Administrative Tools and select Application from the Log menu Figure 2 2 WARNING ...

Page 28: ...ccur Source lists the software that logged the event For syslog messages from a Remote Annex or from the network Annex_syslog appears For messages generated by erpcd the column displays Annex_syslog For security messages the log entry reads Annex_ACP Category classifies events Event displays the event number the Remote Annex generates a number to identify each event User displays N A Remote Annex ...

Page 29: ...rameters To view this information click on the RADIUS Servers tab of the Server Tools Options window Figure 2 3 The Radius Servers Dialog Box First Time Use When you open the RADIUS Servers dialog box for the first time after installation the information fields are blank and inactive You need to create and configure the RADIUS servers that you will be using Use the following procedures to create c...

Page 30: ...ncel your changes You can modify any of the fields before you click on Accept or Revert After Accept or Revert is chosen the fields become inactive To reactivate for editing these fields select the server then choose Modify 6 Click OK to save your changes and close the Server Tools Options window Click on Cancel to close the dialog box without saving or applying your changes Click on Apply to set ...

Page 31: ...or in the information field you wish to change and enter the new information 3 Click on Accept to save the modified information or Revert to cancel your changes You can modify any of the fields before you click on Accept or Revert After Accept or Revert is chosen the fields become inactive To reactivate these fields select the server then choose Modify 4 Click OK to save your changes and close the...

Page 32: ...k OK to delete the RADIUS Server or Cancel to exit the confirmation dialog box without deleting any server information The confirmation dialog box closes 3 Click OK to save your changes and close the Server Tools Options window Click on Cancel to close the dialog box without saving or applying your changes Click on Apply to set your changes and leave the Server Tools Options window open on your de...

Page 33: ...ide Displaying Version Information The Version tab window provides the company and product name version number and build number for the Remote Annex Server Tools for Windows NT To view this information click on the Version tab of the Server Tools Options window Figure 2 4 The Version Dialog Box ...

Page 34: ...Remote Annex Server Tools for Windows NT User Guide Chapter 2 Selecting Server Tools Options 2 18 ...

Page 35: ...k file server bfs program sends boot files to a Remote Annex and collects dump files from a Remote Annex The Access Control Protocol ACP program provides security when you define a Windows NT server as a security server See Document References on page 6 to find sources of additional information about erpcd the acp_userinfo acp_keys and acp_dialup files The Remote Annex Server Tools implements erpc...

Page 36: ...es are not case sensitive Using the acp_userinfo File The acp_userinfo file stores information about the Remote Annex commands and protocols available to users When a user logs into the server erpcd matches the login environment with acp_userinfo entries and controls user access based on these entries Defining User Profiles Defining user profiles is useful only when you want to restrict user privi...

Page 37: ...and examples using the na utility please refer to Document References on page 1 6 Some terminology differs from this book but keyword and attribute names and formats are identical in function User Profile Formats The acp_userinfo file stores user profiles in the user end block format This format includes User to begin the block One or more keywords that specify the user environment Entries must co...

Page 38: ...er you need to specify profiles in the order you want them to match Username and Group Keywords TheusernamekeywordspecifiesasingleWindowsNT user Thegroup keyword allows you to create a user profile for any member of a Windows NT group To use these keywords enter username or group followed by a user or group name If you do not enter a user or group name the profile applies to all users Use an aster...

Page 39: ... defaults to the 24 hour format protocol Keyword The protocol keyword defines a protocol by which a user can connect to a Remote Annex To define a protocol type protocol followed by slip ppp or cli You cannot enter more than one protocol on a line However you can repeat the protocol format and add a second or third profile annex and ports Keywords The annex and ports keywords specify the Remote An...

Page 40: ...ack port Before you can use the accesscode attribute you must define at least two modem pools one for dial in and one for dial out in the acp_userinfo file A modem pool groups asynchronous ports on one or more Remote Annexes Modem pool definitions appear at the end of the acp_userinfo file To define a modem pool 1 From the Bay Networks program group window double click on the appropriate icon to o...

Page 41: ...mber 3 Type in_pool followed by the name of an inbound modem pool e g in_pool inboundpool1 4 Type out_pool followed by the name of an outbound modem pool e g out_pool outboundpool1 5 Type job followed by one CLI command its arguments and end You do not need to enter a job specification 6 Type end clicmd The clicmd attribute lists CLI commands that erpcd will execute if the profile matches To use t...

Page 42: ...ame CLI command in the clicmd and climask entries climask The climask attribute limits the CLI commands users can execute To use this attribute 1 From the Bay Networks program group window double click on the appropriate icon to open the acp_userinfo file The acp_userinfo file opens in the Notepad editor 2 Find the area of the file where entry information resides and type climask 3 Enter the CLI c...

Page 43: ...dow double click on the appropriate icon to open the acp_userinfo file The acp_userinfo file opens in the Notepad editor 2 Find the area of the file where entry information resides and type deny following a user name or group name If you include additional attributes in a profile that uses deny the profile will not execute them When erpcd denies access to a Remote Annex it generates a message in t...

Page 44: ...e family criteria andactions Separateeachpartofthefilterdefinitionwithaspace Direction applies the filter to incoming or outgoing packets You can enter input or output To apply a filter to incoming as well as outgoing packets you must create two separate definitions Scope controls how erpcd matches the filter definition You can enter include to apply the filter to packets that match the definition...

Page 45: ...tween two addresses followed by two IP addresses Enter both addresses separated by a space on the same line If you use this keyword you cannot use dst_address or src_address port_pair for incoming or outgoing packets passing between two ports or services followed by a port number or service name If you use this keyword you cannot use dst_port or src_port protocol the transport protocol of the pack...

Page 46: ...iscards the packet no_start used with include in the Scope category specifies that packets defined as activity will not activate a dynamic dial out line but will keep the line up and will reset the net_inactivity timer parameter to 0 syslog logs the event in the log files route The route attribute defines the IP routes that a router makes available through a Remote Annex when it dials in Use this ...

Page 47: ...a number of hops or h 7 Type end at_zone The at_zone attribute lists AppleTalk zones on a network To use this attribute 1 From the Bay Networks program group window double click on the appropriate icon to open the acp_userinfo file The acp_userinfo file opens in the Notepad editor 2 Find the area of the file where entry information resides and type at_zone 3 Enter one or more zone names If you use...

Page 48: ...above example limits the session to twelve minutes at_nve_filter The at_nve_filter attribute allows you to include or exclude users from specific objects network numbers subzones and zones Specify one at_nve_filter attribute for each user in a profile To use this attribute 1 From the Bay Networks program group window double click on the appropriate icon to open the acp_userinfo file The acp_userin...

Page 49: ... 9 characters Include punctuation marks in the password If you use spaces and or hexadecimal values use the backslash preceding these characters If you want to allow AppleTalk guests access to the network you should use the na utility to set the at_guest parameter to Y You can however create an at_password attribute here using Guest case sensitive as a user name chap_secret The chap_secret attribu...

Page 50: ...unicate To create an entry in the acp_keys file 1 From the Bay Networks program group window double click on the appropriate icon to open the acp_keys file The acp_keys file opens in the Notepad editor 2 Find the area of the file where entry information resides and enter one or more Remote Annex names or IP addresses Use an asterisk wildcard for any part of an IP address If you list more than one ...

Page 51: ...efineencryptionkeysbysettingtheacp_keyparameterforeachRemote Annex If the key value is not the same in the acp_keys file and for the acp_key parameter the Remote Annex and the server cannot communicate In addition you must set the enable_security parameter to Y to use security features To set up encryption keys 1 From the Bay Networks program group window double click on the appropriate icon to op...

Page 52: ...ers dialing in to the network It denies access to users if it does not find a matching entry To use the information in acp_dialup you must set the address_origin parameter to ACP via the na utility This allows a Remote Annex to search the acp_dialup file for the remote client s user name and for local and remote addresses To create an entry in the acp_dialup file 1 From the Bay Networks program gr...

Page 53: ...Remote Annex uses those values If the acp_dialup file contains a matching user name and a remote address but not a local address the Remote Annex uses the remote address from the file and uses the Remote Annex s IP address for the local address If the file does not contain a matching user name the Remote Annex uses values from the local_address and remote_address parameters If both parameters cont...

Page 54: ...Remote Annex Server Tools for Windows NT User Guide Chapter 3 Understanding Erpcd 3 20 ...

Page 55: ...ion by selecting options in the Security dialog box Select Global Group Authentication Select a domain then select the groups whose members can be authenticated If you are using Global Group Authentication select Native NT as your Security Regime For more information on group authentication see Chapter 3 This chapter summarizes most security features and explains the relationship between Windows N...

Page 56: ...er name and password are valid the system determines whether the user is a member of any groups you select Support for Multiple Domains Remote Annex Server Tools for Windows NT can authenticate users from domains other than the default domain of the security server To facilitate this feature the Windows NT administrator must establish at least a one way trust relationship A trusting domain control...

Page 57: ...n s security accounts manager database Server Tools steps All Windows NT users who require authorization must use the Remote Annex Server Tools software to configure these services Those definitions are accomplished in the following steps 1 Add a valid entry s in the acp_userinfo file 2 If the caller requires a dial up address add a valid entry s in the acp_dialup file Thenameoftheusermustbedefine...

Page 58: ...e na utility to Set the enable_security parameter to Y Define one server as the primary security server by entering its address in the pref_secure1_host parameter Define a backup security server in the pref_secure2_host parameter If a Remote Annex queries the primary server and does not receive a response within the time defined in the network_turnaroundparameter theRemoteAnnexqueries the backup s...

Page 59: ... basedsecurityand examples using the na utility Use these sources for reference However some instructions and examples refer to the acp_regime acp_restrict acp_group and acp_password files Remote Annex ServerToolsforWindowsNT serversdoesnotusetheacp_regime acp_restrict acp_group or acp_password files You should skip the steps that discuss these files Types of Security Configure your system for sev...

Page 60: ...either end of the link authenticates their identities using PAP or CHAP security protocols PAP is a two way handshake in which hosts exchange user names and passwords in clear text CHAP is a three way handshake that uses a secret token defined in the acp_userinfo file to authenticate users To configure Windows NT security for PPP links you must set the ppp_security_protocol parameter If you set pp...

Page 61: ...racteristics and display statistics for the Remote Annex hosts and the network CLI provides superuser commands for network administration and management To configure server based security for CLI connections set the cli_security parameter to Y Virtual CLI Security Virtual CLI VCLI connections allow network users access to CLI commands When a user enters a telnet command to connect to a Remote Anne...

Page 62: ...connections set the port_server_security parameter to Y For VCLI connections set the vcli_security parameter to Y Third Party Security Types Remote Annex Server Tools for Windows NT supports ACE Server SecurID security Using ACE Server Security The ACE Server token is an access control security token used to identify users of computer systems and secure TCP IP networks Used in conjunction with the...

Page 63: ...NT offers support for ACE Server Release 2 1 1 and 2 2 ACE Server is supported using ACP For more information on configuring SecurID security using the graphical user interface see Chapter 2 Selecting Server Tools Options For more information resources on installing configuring and using ACE Server Software see Document References on page 1 6 Additional Security Types Remote Annex Server Tools for...

Page 64: ...ard between a Network Access Server NAS and a host based communication server RADIUS modes are as follows RADIUS Authentication includes authentication of the dial up user to the RADIUS server and authentication of the RADIUS server to the NAS RADIUS supports authentication modes PAP and CHAP Challenge Handshake Authentication Protocol RADIUS Accounting another IETF developed protocol defines a co...

Page 65: ... password are entered correctly ERPCD ACP sends a RADIUS Access Request packet to the RADIUS server this packet contains the normal RADIUS header and the Access Request attributes the Access Accept Access Reject or Access Challenge packet fails to arrive in the specified amount of time ERPCD ACP re sends the packet no response is received ERPCD ACP sends the Access Request packet to the backup RAD...

Page 66: ... in the Server Tools Options Security dialog box is set to off the ACP server validates against the chap_secret entry in the acp_userinfo file The Then Remote Annex sends the ACP server an ACP Authorization Request message containing the CHAP information the ACP server determines if RADIUS is to be used set in Server Tools Options dialog box and sends a request to the RADIUS server containing the ...

Page 67: ...minated ASCII string identical to the user name that ERPCD ACP retrieves via the user name prompt You can specify up to 31 alphanumeric characters User Password Specifies the user password that the RADIUS server will authenticate CHAP Password Specifies the response value of a CHAP user in response to the password challenge NAS IP Address Indicates the IP address of the Annex authenticating the us...

Page 68: ...te CHAP Challenge appears in the Authenticator of the RADIUS header Framed Protocol Specifies the link level protocol type allowable to the user Supported values are PPP SLIP Service Type Specifies the type of service the user will receive Supported types of service are Login Framed NAS Prompt Outbound Administrative n Description 0 Serial interface port 2 Virtual VCLI FTP 3 Dial out 4 Ethernet ou...

Page 69: ...Annex to display text sent in a Reply Message attribute as long as the user is a CLI or port server user RADIUS Accounting RADIUS Accounting defines a communication standard between a NAS and a host based accounting server It records duration of service packet throughput and raw throughput This section covers the following topics RADIUS Accounting Process Accounting Request Attributes To utilize R...

Page 70: ... ACP logout events Accounting on 7 ACP logging connection becomes active Accounting off 8 ACP audit logging connection becomes inactive When or If The the Remote Annex sends an ACP Audit log to the server security profile for the ACP Authorization Request must match the Security dialog box RADIUS Regime On Off radio button setting On RADIUS security active Off Native NT security active ERPCD ACP r...

Page 71: ...Acct Input Packets Specifies how many packets received during the session Acct Output Packets Specifies how many packets sent during the session Acct Session Time Specifies the elapsed session time as calculated in RADIUS Other Attributes All attributes that are included in the Access Request packet are also included in the Accounting Request packet RADIUS Configuration Management ConfiguringtheRA...

Page 72: ...is the host name of the RADIUS Accounting server If an Accounting server is not specified it defaults to the ACP server If a RADIUS server is not specified the RADIUS server defaults to the ACP server Secret Format The format for secret is an ASCII string or a hexadecimal string The hexadecimal string format always starts with 0x followed by a string of bytes with each two hexadecimal digits indic...

Page 73: ...Timeout and Number of Retries values are set in the RADIUS Servers dialog box Fail over occurs if the host is the original primary server This entry must be on one line timeout The number of seconds to wait for a response before sending a retry retries The number of times to retry before fail over to the backup server or authentication is discontinued ...

Page 74: ...ck on the RADIUS Servers tab 4 Click the Backup Server down arrow to select the backup RADIUS server or RADIUS accounting server IfNoneisdisplayedintheBackupServerdrop downlist see Configuring a RADIUS Server on page 2 13 for information on creating new RADIUS servers Fail over Algorithm Process The following table describes the fail over algorithm process for authentication and accounting continu...

Page 75: ...ion about back up security and settings for these parameters please refer to Document References on page 1 6 When or If The the maximum number of retries 10 by default is reached without a response from the server attempt to authenticate against the primary server fails and ERPCD ACP attempts to authenticate against the backup server if defined no response is received from the backup server user i...

Page 76: ... dictionaries with differences in the keyword names and may want to evaluate the impact to their databases and output reports The file we provide includes the latest IETF definitions of the RADIUS protocol at the time of release It includes all attributes and values that are needed to support our Remote Annex and erpcd implementation It isnotnecessarythatourdefinitionsbeuseddirectly butotherdictio...

Page 77: ... 7 integer ATTRIBUTE Framed IP Address 8 ipaddr Framed Protocols VALUE Framed Protocol PPP 1 VALUE Framed Protocol SLIP 2 VALUE Framed Protocol ARAP 3 VALUE Framed Protocol Gandalf SL MLP 4 VALUE Framed Protocol IPX SLIP 5 User Service Types VALUE Service Type Login User 1 VALUE Service Type Framed User 2 VALUE Service Type Callback Login User 3 VALUE Service Type Callback Framed User 4 VALUE Serv...

Page 78: ...Remote Annex Server Tools for Windows NT User Guide Chapter 4 Using Security Features 4 24 ...

Page 79: ...eensubnets IPXisnotaproblembecause the datagram location mechanisms used are not generally blocked by routers However in mixed protocol environments the browser will use TCP IP This discussion assumes a TCP IP only network Some points of location and discovery of Browsers are different for other protocols Microsoft now provides a Windows Internet Naming Service WINS for the Windows NT server that ...

Page 80: ...urces to identify themselves Resources are required to reply within 30 seconds New resources should announce their presence to the MB The MB also exchanges lists with the DMB This exchange is repeated every 15 minutes and when new resources announce themselves on the subnet Resources are removed from the list when they either announce their departure or they fail to respond 3 times to the 15 minut...

Page 81: ...ighted choice Locating Browsers The client station maintains a cache of IP addresses and important services and will first a check its cache for browsers If the cache does not contain any browsers the next step is to b generate a NetBIOS over an IP broadcast to try to locate a MB on its subnet If the subnet MB responds the client will send a directed query to the MB to get a list of browsers on th...

Page 82: ... a couple of special names with WINS These names consist of the domain name followed by characters 1B and 1D ex eng 1B and eng 1D These special names are associated with the IP address of the DMB When a client attempts to browse on a subnet with no MB the client first does a broadcast to locate the MB which fails The client also directs a NameQuery to WINS asking for the special version of the dom...

Page 83: ...disable the ability to be a browse master This will prevent the client from browsing except when the user asks for a browse list This reduces delays caused by broadcasting for the MB in the background For Windows 95 Control panel Networks File and Print Sharing for Microsoft Networks Properties Advanced BrowseMaster Disabled For WFW 3 11 system ini Network MaintainServerList No Note that this is o...

Page 84: ...day the subnet dialed into has several Windows 95 stations that can act as master browsers The PDC and other resources are on a different subnet When the client dials in during the day a broadcast finds one of the Windows 95 systems and browsing works as expected However it is company policy to shut down PCs at night so when everyone goes home all Windows 95 machines are shut down Now the remote c...

Page 85: ... will also be useful in this environment to assure reliable communication between all the browser components Additional Information Resolve a Name to an IP Address When a client tries to resolve a name to an IP address it follows the following steps 1 Checks internal cache of resolved names 2 Asks WINS if enabled 3 Broadcasts to resolve name 4 Checks LMHOSTS file Preload PDC Address Preloading the...

Page 86: ...ate the WINS query and or broadcast Workgroups and Domains Windows 95 allows specification of a workgroup name Control Panel Networks Identification Workgroup Users should be aware that workgroups and domains are very similar concepts Domain membership is used for authentication but resource visibility and access can be limited by workgroup membership If you log in to the domain but are specified ...

Page 87: ... 3 5 at_connect_time attribute 3 14 at_guest parameter 3 15 at_nve_filter attribute 3 14 at_password attribute 3 15 at_security parameter 4 7 at_zone attribute 3 13 attributes profile 3 6 to 3 15 B bfs directory 2 9 block file server See bfs directory browser definition A 1 browsing a Microsoft network browser definition A 1 required configuration details A 5 resolve a name to an IP address A 7 C ...

Page 88: ...ers A 2 modifying 2 15 multiple domains 4 2 authentication setup procedure 4 3 N na utility 3 3 3 15 3 18 4 1 features 1 1 using for security 4 4 name servers 1 3 NAS IP address attribute 4 13 NAS port attribute 4 14 NAS port type attribute 4 13 native NT security 2 3 net_inactivity timer parameter 3 12 network address format box 2 10 network_turnaround parameter 4 4 P PAP security protocol 4 6 pa...

Page 89: ... 12 S SecurID 4 8 4 9 security backup 4 21 features 4 1 to 4 21 protocols CHAP 4 6 PAP 4 6 requirements 4 4 server based 4 4 types of server based 4 5 AppleTalk security 4 7 CLI security 4 7 port server security 4 6 PPP security 4 6 virtual CLI security 4 8 using Windows NT domain 4 2 security regime 2 1 security server selection 2 17 security_broadcast parameter 4 4 selecting a security server 2 ...

Page 90: ...x 4 using ACE Server security 4 8 V vcli_security parameter 4 8 version information 2 1 version information displaying 2 17 virtual CLI security 4 7 W windows detail 2 12 server tools options 4 2 selecting server tools options window 2 1 workgroups and domains A 8 ...