1. Manuals
  2. Brands
  3. Bay Networks Manuals
  4. Software
  5. NA
  6. User manual

Bay Networks NA User Manual

For windows nt
Hide thumbs Also See for NA:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Installation Manual
Remote Access
Using
Concentrator Software
Server Tools for
Windows NT
Marketing Release 5.1
Part No. 118358-A Rev. A
September 1997

Advertisement

Table of Contents
loading

Related Manuals for Bay Networks NA

Summary of Contents for Bay Networks NA

  • Page 1 Remote Access Using Concentrator Software Server Tools for Windows NT Marketing Release 5.1 Part No. 118358-A Rev. A September 1997...
  • Page 2 4401 Great America Parkway Santa Clara, CA 95054 Copyright © 1997 Bay Networks, Inc. Trademarks Restricted Rights Legend Statement of Conditions Using Remote Access Concentrator Server Tools for Windows NT All rights reserved. Printed in the USA. September 1997. The information in this document is subject to change without notice. The statements, configurations, technical data, and recommendations in this document are believed to be accurate and reliable, but are presented without express or implied warranty.
  • Page 3 SUCH PORTIONS OF THE SOFTWARE ARE PROVIDED “AS IS” AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. In addition, the program and information contained herein are licensed only pursuant to a license agreement that contains restrictions on use and disclosure (that may incorporate by reference certain limitations and notices imposed by third parties).
  • Page 4 Bay Networks, Inc. Software License Agreement NOTICE: Please carefully read this license agreement before copying or using the accompanying software or installing the hardware unit with pre-enabled software (each of which is referred to as “Software” in this Agreement). BY COPYING OR USING THE SOFTWARE, YOU ACCEPT ALL OF THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT.
  • Page 5 from the date Software is first shipped to Licensee. Bay Networks will replace defective media at no charge if it is returned to Bay Networks during the warranty period along with proof of the date of shipment. This warranty does not apply if the media has been damaged as a result of accident, misuse, or abuse.
  • Page 6 THE FOREGOING WARRANTIES AND LIMITATIONS ARE EXCLUSIVE REMEDIES AND ARE IN LIEU OF ALL OTHER WARRANTIES EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Licensee is responsible for the security of its own data and information and for maintaining adequate procedures apart from the Software to reconstruct lost or altered files, data, or programs.
  • Page 7 Remote Access Concentrator Software Server Tools for Windows NT foregoing, Licensee, on behalf of itself and its subsidiaries and affiliates, agrees that it will not, without first obtaining all export licenses and approvals required by the U.S. Government: (i) export, re-export, transfer, or divert any such Software or technical data, or any direct product thereof, to any country to which such exports or re-exports are restricted or embargoed under United States export control laws and regulations, or to any national or resident of such restricted or embargoed...
  • Page 8 Remote Access Concentrator Software Server Tools for Windows NT LICENSEE ACKNOWLEDGES THAT LICENSEE HAS READ THIS AGREEMENT, UNDERSTANDS IT, AND AGREES TO BE BOUND BY ITS TERMS AND CONDITIONS. LICENSEE FURTHER AGREES THAT THIS AGREEMENT IS THE ENTIRE AND EXCLUSIVE AGREEMENT BETWEEN BAY NETWORKS AND LICENSEE, WHICH SUPERSEDES ALL PRIOR ORAL AND WRITTEN AGREEMENTS AND COMMUNICATIONS BETWEEN THE PARTIES PERTAINING TO THE SUBJECT MATTER OF...

  • Page 9: Table Of Contents

    NA Utility Features ........
  • Page 10 Contents Chapter 4 Using Security Features Using Windows NT Domain Security ............4-2 Support for Multiple Domains .
  • Page 11 Figures Figure 2-1. The Server Tools Options Dialog Box ..........2-2 Figure 2-2.
  • Page 12 Figures Using Remote Access Concentrator Server Tools for Windows NT...

  • Page 13: About This Guide

    Using Bay Networks Microsoft Remote Access Concentrators (RACs) on a Windows NT network. This guide is intended for System Administrators or others who need to configure RAC servers. It assumes that you are familiar with network protocols and that you know the parameter values needed to configure RACs.

  • Page 14: Conventions

    About This Guide Conventions This manual uses the following printing conventions: Convention: special type special type Return bold italics Using Remote Access Concentrator Server Tools for Windows NT Represents: In examples, indicates system output. special type Bold indicates user input. special type In command examples, this notation indicates that pressing...

  • Page 15: Acronyms

    Acronyms ARAP CHAP erpcd ISDN SLIP TFTP VCLI Using Remote Access Concentrator Server Tools for Windows NT Access Control Protocol AppleTalk Remote Access AppleTalk Remote Access Protocol block file server Challenge Handshake Authentication Protocol Command Line Interface expedited remote procedure daemon Internet Protocol Internetwork Packet Exchange Integrated Services Digital Network...

  • Page 16: Ordering Bay Networks Publications

    About This Guide Ordering Bay Networks Publications To purchase additional copies of this document or other Bay Networks publications, order by part number from Bay Networks Press following numbers: The Bay Networks Press catalog is available on the World Wide Web at support.baynetworks.com/Library/GenMisc. Bay Networks publications are available on the World Wide Web at support.baynetworks.com/Library/tpubs.

  • Page 17: How To Get Help

    How to Get Help If you purchased a service contract for your Bay Networks product from a distributor or authorized reseller, contact the technical support staff for that distributor or reseller for assistance. If you purchased a Bay Networks service program, call one of the following Bay Networks Technical Solutions Centers: Technical Solutions Center Billerica, MA...
  • Page 18 About This Guide Using Remote Access Concentrator Server Tools for Windows NT...

  • Page 19: Introduction

    Remote Annexes and Remote Access Concentrators (RACs) on a Windows NT network. You can manage one or more RACs using the na utility. In addition, the product takes advantage of Windows NT domains to authenticate and authorize users.

  • Page 20: Windows Nt Server Access Security Features

    Chapter 1 Introduction Windows NT Server Access Security Features Remote Access Concentrator Server Tools for Windows NT works with a Windows NT Server to provide access security. You define user and group access parameters in Windows NT, and link the appropriate group definitions with the RAC using the Server Tools Options graphical user interface.

  • Page 21: Name Server Issues

    Chapter 1 Introduction Name Server Issues Remote Access Concentrator Server Tools for Windows NT supports DNS and IEN-116 name servers. Bay Networks does not ship IEN-116 for Windows NT. For more information, see Managing Remote Access Concentrators Using Command Line Interfaces Be aware that IEN-116 discussions do not apply to Remote Access Concentrator Server Tools for Windows NT.

  • Page 22: Platform Requirements

    Chapter 1 Introduction Platform Requirements Remote Access Concentrator Server Tools for Windows NT requires: Using Remote Access Concentrator Server Tools for Windows NT • Windows NT Server version 3.51 or 4.0 configured to support the TCP/IP protocol. • Administrative privileges on the server. •...

  • Page 23: Selecting Server Tools Options

    installation process. Double-click on the Options icon in the Bay Networks program group window. The Server Tools Options window has four tabbed dialog boxes that allow you to select a security server, select booting and logging options, choose and configure a RADIUS server, and view information about your current Remote Access Concentrator Server Tools for Windows NT software version.

  • Page 24: Figure 2-1. The Server Tools Options Dialog Box

    Chapter 2 Selecting Server Tools Options Figure 2-1. The Server Tools Options Dialog Box To select options in the Security window: Specify a Regime Select the protocol you desire from the Regime radio box. Using Remote Access Concentrator Server Tools for Windows NT •...
  • Page 25 Native NT Security Using Remote Access Concentrator Server Tools for Windows NT Chapter 2 If you select Native NT in the Regime radio box, the Directory for Annex security files field becomes active. Accept the default or enter a new destination drive and directory for the acp_logfile file.
  • Page 26 Chapter 2 Selecting Server Tools Options RADIUS Security Third Party Security Using Remote Access Concentrator Server Tools for Windows NT You can double-click on a group name from the Remote Access Groups list, to move it to the Groups list. If you want to change your selections, highlight the group from the Groups list box and click on Remove, or double-click the group name.
  • Page 27 You can add or remove a new Remote Users Group (on the Security tab window) within the Server Tools Options application. However, unless this new group already exists, you must first create the new group and its information via the Windows NT operating system. To add a new default group, click the Create Remote Users Group check box.

  • Page 28: Creating A Radius Authentication And Accounting Server

    Chapter 2 Selecting Server Tools Options Creating a RADIUS Authentication and Accounting Server To create a RADIUS Authentication or Accounting server: Using Remote Access Concentrator Server Tools for Windows NT Select the newly created Group from the Groups list box and click on Add.
  • Page 29 Tab to the IP Address text field and enter the IP Address that goes with the Host Name. Repeat step 4 to configure the Secret format, the Timeout period, and the number of Retries (for more details on Secret, Timeout, and Retries, see Click on Accept to apply the new server information or Revert to cancel your changes.

  • Page 30: Selecting Booting/Logging Options

    Chapter 2 Selecting Server Tools Options Selecting Booting/Logging Options The Booting/Logging tab window allows you to select log files, to choose locations for load and dump files, and to choose directories, time formats and network address formats for the log file. Using Remote Access Concentrator Server Tools for Windows NT To display this window, choose the Booting/Logging tab in the Server Tools Options window.
  • Page 31 To select options in the Booting/Logging window: In the Directory for load and dump files field, you can accept the default or enter a drive and directory for the RAC system images and dump files. This field automatically lists the drive on which the Remote Access Concentrator Server Tools is installed, and the bfs default directory, where the system stores load and dump files.

  • Page 32: Using The Event Viewer

    Chapter 2 Selecting Server Tools Options Using the Event Viewer Remote Access Concentrator Server Tools uses the standard Windows NT Event Viewer. If you select Use NT Event Log from the Booting/ Logging dialog box, the Windows NT Application Event Log includes syslog and security messages.

  • Page 33: Figure 2-2. Event Viewer

    Chapter 2 Selecting Server Tools Options To view Windows NT logs, double-click on the Event Viewer icon in Administrative Tools and select Application from the Log menu. ARNING Figure 2-2. Event Viewer Using Remote Access Concentrator Server Tools for Windows NT 2-11...
  • Page 34 Chapter 2 Selecting Server Tools Options The Windows NT Event Log stores information in the following columns: Using Remote Access Concentrator Server Tools for Windows NT 2-12 • An icon at the beginning of each line indicates the severity of the message.

  • Page 35: Configuring A Radius Server

    Configuring a RADIUS Server The RADIUS Servers tab dialog box allows you to create, modify, delete and configure a RADIUS server, and to set the IP Address and Secret format parameters. Figure 2-3. The Radius Servers Dialog Box First Time Use When you open the RADIUS Servers dialog box for the first time (after installation), the information fields are blank and inactive.

  • Page 36: Creating And Configuring A Radius Server

    Chapter 2 Selecting Server Tools Options Creating and Configuring a RADIUS Server To create and configure a new RADIUS Server: Using Remote Access Concentrator Server Tools for Windows NT 2-14 Click on New. All information fields become active. Enter the Host Name of the RADIUS Server you are creating in the text field.

  • Page 37: Modifying Radius Server Information

    Modifying RADIUS Server Information Select a desired RADIUS server from the RADIUS Servers list box. When you select a RADIUS server, the information fields on the right side of the dialog box automatically fill in with the appropriate information pertaining to the RADIUS server you chose.

  • Page 38: Deleting Radius Server Information

    Chapter 2 Selecting Server Tools Options Deleting RADIUS Server Information Using Remote Access Concentrator Server Tools for Windows NT 2-16 Select the RADIUS Server to be deleted and click on Delete. All information text fields remain inactive and a confirmation dialog box appears. Click OK to delete the RADIUS Server or Cancel to exit the confirmation dialog box without deleting any server information.

  • Page 39: Displaying Version Information

    Displaying Version Information The Version tab window provides the company and product name, version number, and build number for the Remote Access Concentrator Server Tools. Figure 2-4. The Version Dialog Box Using Remote Access Concentrator Server Tools for Windows NT To view this information, click on the Version tab of the Server Tools Options window.
  • Page 40 Chapter 2 Selecting Server Tools Options Using Remote Access Concentrator Server Tools for Windows NT 2-18...

  • Page 41: Understanding Erpcd

    emote Access Concentrator Server Tools uses the expedited remote procedure call daemon (erpcd) running on a Windows NT server. Erpcd responds to all RAC boot, dump, and ACP security requests. ACP’s eservices file, stored in the \etc directory, lists the services that erpcd provides.

  • Page 42: Editing Files

    Chapter 3 Understanding Erpcd Editing Files You can edit the acp_userinfo, acp_dialup, and acp_keys files from the Bay Networks program group window. There is an icon for each file in the program group window. The changes take effect immediately. User names and group names are not case-sensitive.
  • Page 43 For example, if a user who belongs to the Engineering group requests access to a RAC port on Monday morning at 10 a.m. and a profile excludes Engineering group members from using that RAC on Mondays between 9 and 11 a.m., the user cannot log in to the port. In this case, Remote Access Concentrator Server Tools authenticates the user’s Windows NT name and password, matches the current environment (the RAC, port, day and time) to an entry in acp_userinfo, and downloads instructions...
  • Page 44 Chapter 3 Understanding Erpcd Using Profile Environment Keywords User profiles contain one or more keywords that define user login conditions. Erpcd matches these conditions to environment conditions listed in a user profile. Username and Group The username keyword specifies a single Windows NT user. The group Keywords keyword allows you to create a user profile for any member of a Windows NT group.
  • Page 45 time Keyword The time keyword defines a period of time during which profile attributes apply. If you do not enter a day and/or a date, erpcd applies the start and end time every day of the week. If you omit to the 24-hour format.
  • Page 46 Chapter 3 Understanding Erpcd To combine the annex and port keywords in one line, separate keyword/ value entries with a semicolon (e.g., ports=1,3,6-22 more ports, the profile attributes apply to all RACs. Understanding Profile Attributes In each user profile, one or more attributes follow keywords and their values.
  • Page 47 The acp_userinfo file can store accesscode attributes in a user profile. To create an accesscode entry: clicmd The clicmd attribute lists CLI commands that erpcd will execute if the profile matches. To use this attribute: Using Remote Access Concentrator Server Tools for Windows NT Type followed by a code name.
  • Page 48 Chapter 3 Understanding Erpcd climask The climask attribute limits the CLI commands users can execute. To use this attribute: Using Remote Access Concentrator Server Tools for Windows NT Type Repeat the line you created in Steps 1-3 if you want to use more than one CLI command.
  • Page 49 When a user name and password match the profile, erpcd sends this list to the RAC, which prevents the user from executing the commands. deny The deny attribute prevents a user from connecting to a RAC. To use the command: When erpcd denies access to a RAC, it generates a message in the log file.
  • Page 50 Chapter 3 Understanding Erpcd Each filter definition includes categories for direction, scope, family, criteria, and actions. Separate each part of the filter definition with a space. Using Remote Access Concentrator Server Tools for Windows NT 3-10 Find the area of the file where entry information resides, and type filter Enter a filter definition.
  • Page 51 • Criteria includes the conditions for the filter. This section uses a keyword followed by a value. You can enter: • (the destination address of the packet) dst_address followed by an IP address. • (the destination port) followed by a port number dst_port from 1-65535 or by a service name.
  • Page 52 Chapter 3 Understanding Erpcd route The route attribute defines the IP routes that a router makes available through a RAC when it dials in. Use this attribute when you do not want a router to incur overhead in running a routing protocol itself. To use this attribute: Using Remote Access Concentrator Server Tools for Windows NT 3-12...
  • Page 53 at_zone The at_zone attribute lists AppleTalk zones on a network. To use this attribute: Using Remote Access Concentrator Server Tools for Windows NT Enter an IP address for the gateway that is the next hop for the route. If you enter an asterisk, the RAC uses the remote address of the port as the gateway.
  • Page 54 Chapter 3 Understanding Erpcd at_connect_time The at_connect_time attribute specifies the number of minutes that an ARA connection can remain open. To use this attribute: at_nve_filter The at_nve_filter attribute allows you to include or exclude users from specific objects, network numbers, subzones, and zones. Specify one at_nve_filter attribute for each user in a profile.
  • Page 55 (/) preceding these characters. If you want to allow AppleTalk guests access to the network, you should use the na utility to set the at_guest parameter to however, create an at_password attribute here using sensitive) as a user name.

  • Page 56: Using The Acp_Keys File

    Chapter 3 Understanding Erpcd chap_secret The chap_secret attribute defines the token used for authentication when you use the CHAP protocol for PPP links. CHAP authenticates users based on the user names in the acp_userinfo file. To create a token: Using the acp_keys File The acp_keys file stores RAC names or IP addresses and corresponding encryption keys.

  • Page 57: Creating Encryption Keys

    Type a colon to separate RAC names or addresses from the encryption key. Enter an encryption key that uses up to 15 characters. You cannot use spaces or tabs here. Encryption keys are case- sensitive. For additional information, refer to Encryption Keys on page 3-17.

  • Page 58: Using The Acp_Dialup File

    Enter one or more port numbers followed by @ and one or more RAC names or IP addresses. Separate port numbers with commas and/or enter a range of numbers with dashes (e.g., 1,3,6-10@Annex01) via the na utility. This allows a...

  • Page 59: Using Local And Remote Addresses

    Enter a remote address followed by a local address. Use an asterisk (wildcard) for any part of an IP address. You must use spaces to separate the user name, port number/RAC, Local Address, and Remote Address fields. Using Local and Remote Addresses If the acp_dialup file contains a matching user name and local and remote addresses exist in the file, the RAC uses those values.
  • Page 60 Chapter 3 Understanding Erpcd Using Remote Access Concentrator Server Tools for Windows NT 3-20...

  • Page 61: Using Security Features

    Use the Windows NT Administrative Tools/User Manager for Domains to create groups, user names, and passwords. • Use the na utility to set security parameters on the RAC for the types of security you want. Erpcd authentication is not case-sensitive. Group names cannot contain spaces.

  • Page 62: Using Windows Nt Domain Security

    Chapter 4 Using Security Features Using Windows NT Domain Security When a user logs on to a RAC, to one of its ports, or to a network, the system performs authentication based on the security parameters you enter. Once you set the parameters that enable a type of security: Support for Multiple Domains Remote Access Concentrator Server Tools can authenticate users from domains other than the default domain of the security server.

  • Page 63: Multiple Domain Authentication Setup Procedure

    Multiple Domain Authentication Setup Procedure Follow these Windows NT steps to facilitate support for multiple domain authentication: Windows NT Steps Server Tools Steps All Windows NT users who require authorization must use the Remote Access Concentrator Server Tools software to configure these services. Those definitions are accomplished in the following steps: The name of the user must be defined in the acp_userinfo and acp_dialup file in the format:...

  • Page 64: Setting Rac Security Parameters

    ACP software default settings or modify the software to create a customized security policy for your network. This section includes: Security Requirements Before you can use server-based security, you must use the na utility to: Using Remote Access Concentrator Server Tools for Windows NT •...

  • Page 65: Types Of Security

    Types of Security Configure your system for several types of server-based security by using the na utility to set security parameters. Once these parameters are set, Remote Access Concentrator Server Tools uses Windows NT user names and passwords to authenticate users. This section describes the type of server-based security that use Windows NT domain security.

  • Page 66: Ppp Security

    Chapter 4 Using Security Features PPP Security Point-to-Point (PPP) provides a link between hosts that carry IP, IPX, and ARA protocols. After PPP negotiates Link Control Protocol (LCP) options, the hosts at either end of the link authenticate their identities using PAP or CHAP security protocols.

  • Page 67: Cli Security

    CLI Security The Command Line Interpreter (CLI) of the RAC allows users to connect to hosts, move between established sessions, modify port characteristics, and display statistics for the RAC, hosts, and the network. CLI provides superuser commands for network administration and management. To configure server-based security for CLI connections, set the cli_security parameter to Virtual CLI Security...

  • Page 68: Port Server Security

    Chapter 4 Using Security Features Port Server Security The port server process of the RAC allows it to accept telnet or rlogin connection requests from network users, hosts, and applications. When a user connects to a RAC via telnet or rlogin and responds to the port prompt by entering a port or rotary number, the security server requires a Windows NT domain user name and password.

  • Page 69: Additional Security Types

    Creating a SecurID You must transfer a binary copy of the sd_conf.rec file from the SecurID Client for an NT server to the Windows NT root directory. Also the server must be Server: registered as a SecurID client. Supported ACE/ Remote Access Concentrator Server Tools offers support for ACE/Server Server Releases Release 2.1.1 and 2.2.

  • Page 70: Radius Security

    Chapter 4 Using Security Features RADIUS Security RADIUS is an IETF-developed protocol that defines a communication standard between a Network Access Server (NAS) and a host-based communication server. RADIUS modes are as follows: Using Remote Access Concentrator Server Tools for Windows NT 4-10 •...

  • Page 71: Radius And Acp Protocol Operation

    RADIUS and ACP Protocol Operation RADIUS and ACP servers work together to provide the user with a standard means of communication between a Network Access Server and a host-based server. When or If... the security profile matches the Server Tools Options dialog box RADIUS On/Off radio button, the user name and password are entered correctly,...

  • Page 72: Radius Authentication

    Chapter 4 Using Security Features RADIUS Authentication RADIUS authentication supports the authentication modes PAP and CHAP. This section covers the following topics: PPP and CHAP Support RADIUS requires PPP/CHAP enforcement to be in the RADIUS server. The... RAC sends the ACP server an ACP Authorization-Request message containing the CHAP information, RADIUS server validates the...

  • Page 73: Access-Request Attributes

    Access-Request Attributes ERPCD/ACP sends Access-Request packets which indicate how the user connects to the RAC. This information is used by the server as a hint or a restriction. The available access-request attributes are: User-Name Indicates the name of the user that the RADIUS server will authenticate. An unterminated ASCII string identical to the user name that ERPCD/ ACP retrieves via the user name prompt.
  • Page 74 Chapter 4 Using Security Features NAS-Port Specifies the current port number connection. NAS–Port number example: nxxx (decimal) Framed-Protocol Specifies the link level protocol type allowable to the user. Supported values are: Service-Type Specifies the type of service the user will receive. Supported types of service are: Using Remote Access Concentrator Server Tools for Windows NT 4-14...

  • Page 75: Access-Accept And Access-Reject Attributes

    Access-Accept and Access-Reject Attributes In this version, attributes included in the RADIUS Access-Accept and Access-Reject packets are ignored by ERPCD/ACP. However, ERPCD/ ACP does instruct the RAC to display text sent in a Reply-Message attribute as long as the user is a CLI or port server user. RADIUS Accounting RADIUS Accounting defines a communication standard between a NAS and a host-based accounting server.

  • Page 76: Radius Accounting Process

    Chapter 4 Using Security Features RADIUS Accounting Process The following table describes the RADIUS accounting process: When or If... the RAC sends an ACP Audit-log to the server, ERPCD/ACP receives a login or logout log request, The ERPCD/ACP server receives the RADIUS Accounting- Response, Accounting-Request Attributes...

  • Page 77: Radius Configuration Management

    Acct-Delay-Time Specifies the time (in seconds) the RADIUS client has been trying to send a specific Accounting packet. Acct-Input-Octets Specifies number of octets received during the session. Acct-Output-Octets Specifies number of octets sent during the session. Acct-Session-Id A numeric string identified with the session reported in the packet. Acct-Authentic Specifies how the user is authenticated.
  • Page 78 Chapter 4 Using Security Features Default Values If there is no configuration record for a RADIUS server, the following default values are used: Attribute Secret Timeout Retries Backup server RADIUS Authentication Server and Accounting Server Secret Format Using Remote Access Concentrator Server Tools for Windows NT 4-18 Value 4 seconds...
  • Page 79 Response Timeout and Number of Retries Format The Response Timeout and Number of Retries values are set in the RADIUS Servers dialog box. timeout The number of seconds to wait for a response before sending a retry. retries The number of times to retry before fail-over to the backup server, or authentication is discontinued.
  • Page 80 Chapter 4 Using Security Features Fail-over Algorithm Process The following table describes the fail-over algorithm process for authentication and accounting. When or If... a user is to be authenticated, an Access-Request packet is sent to the RADIUS server, the time expires, the maximum number of retries (10 by default) is reached without a response from the server,...

  • Page 81: Backup Security

    Backup Security If you configure port server, CLI, VCLI, and PPP security to use Windows NT domain names and passwords, and the ACP security server is not available, the RAC uses its locally stored password parameters to restrict user access. These parameters settings serve as backup security. To use backup security, you must set the parameters listed in the following table.
  • Page 82 Chapter 4 Using Security Features This file can be used as a reference to add or change existing RADIUS dictionaries as need be. Since it is in the format of some of the popular RADIUS servers, in some cases it may be used as a direct replacement. However, the network manager should review the dependencies and make a decision on how to apply the differences.
  • Page 83 User Service Types VALUE Service-Type VALUE Service-Type VALUE Service-Type VALUE Service-Type VALUE Service-Type VALUE Service-Type VALUE Service-Type VALUE Service-Type VALUE Service-Type <...> Using Remote Access Concentrator Server Tools for Windows NT Chapter 4 Using Security Features Login-User Framed-User Callback-Login-User Callback-Framed-User Outbound-User Administrative-User NAS-Prompt...
  • Page 84 Chapter 4 Using Security Features Using Remote Access Concentrator Server Tools for Windows NT 4-24...
  • Page 85 Access Control Protocol. See ACP access security features, for Windows NT server 1-2 accesscode attribute 3-6 acct-authentic attribute 4-17 acct-delay-time attributes 4-17 acct-input-octets attribute 4-17 acct-input-packets attribute 4-17 acct-output-octets attribute 4-17 acct-output-packets attribute 4-17 acct-session-id attribute 4-17 acct-session-time attribute 4-17 acct-status-type attribute 4-16 ACE/Server security 4-8 ACP 3-1, 4-21...
  • Page 86 2-1 to 2-10 modifying 2-15 multiple domains 4-2 authentication setup procedure 4-3 Using Remote Access Concentrator Server Tools for Windows NT Index-2 na utility 3-15, 3-18, 4-1 features 1-1 using for security 4-4 name servers 1-3 NAS-IP-address attribute 4-13 NAS-port attribute 4-14...
  • Page 87 dictionary file 4-21 PPP and CHAP support 4-12 RADIUS accounting 4-15 RADIUS authentication and accounting serv- creating 2-6 RADIUS configuration management authentication and accounting server 4- backup server 4-19 fail-over algorithm 4-20 response timeout and number of retries 4-19 secret format 4-18 RADIUS security 4-10 RADIUS server 2-15 creating 2-14...
  • Page 88 Index server tools options window 2-1 Using Remote Access Concentrator Server Tools for Windows NT Index-4...

This manual is also suitable for:

Remote access concentrator server tools

Table of Contents