1. Manuals
  2. Brands
  3. Bay Networks Manuals
  4. Software
  5. Remote Annex
  6. User manual

Bay Networks Remote Annex User Manual

For windows nt
Hide thumbs Also See for Remote Annex:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Administrator's Manual, User Manual
Remote Annex
Server Tools for
®
Windows NT
User Guide
Part No. 166-024-379
Rev. A
December 1996

Advertisement

Table of Contents
loading

Related Manuals for Bay Networks Remote Annex

Summary of Contents for Bay Networks Remote Annex

  • Page 1 Remote Annex Server Tools for ® Windows NT User Guide Part No. 166-024-379 Rev. A December 1996...
  • Page 2 Computer Software-Restricted Rights clause at FAR 52.227-19. Trademarks of Bay Networks, Inc. Annex, Remote Annex, Annex Manager, Remote Annex 2000, Remote Annex 4000, Remote Annex 6100, Remote Annex 6300, Remote Annex 5390/Async, Remote Annex 5391/CT1, Remote Annex 5393/PRI, BayStack Remote Annex 2000 Server, Quick2Config, Bay Networks, Bay Networks Press, and the Bay Networks logo are trademarks of Bay Networks,...

  • Page 3: Table Of Contents

    Setting Remote Annex Security Parameters ........
  • Page 4 Remote Annex Example ........
  • Page 5 Remote Annexes. This guide is part of the complete Remote Annex documentation set. You should refer to other manuals in the set for information not related to Remote Annex Server Tools for Windows NT...

  • Page 6: Preface

    Preface About this Book This book documents Remote Annex Server Tools for Windows NT explains the product’s features and provides instructions for each of those features. The Remote Annex Server Tools the following chapters: Remote Annex Server Tools for Windows NT for Windows NT •...

  • Page 7: Documentation Conventions

    The following table lists the User Guide Convention: Italics special type bold Remote Annex Server Tools for Windows NT conventions: Represents: chapter titles, book titles, and chapter headings. defines samples in the na utility. commands, path names, program names, or file names.
  • Page 8 Preface ® viii Remote Annex Server Tools for Windows NT User Guide...

  • Page 9: Introduction

    Annex Server Tools for Windows NT • Boot a Remote Annex. • Reset a Remote Annex. • Identify a Remote Annex by its Internet address or host name. • Show and set values for all Remote Annex configuration parameters. •...

  • Page 10: Windows Nt ® Server Access Security Features

    Remote Annex through the Server Tools Options graphical user interface. Remote Annex Server Tools for Windows NT standard Remote Annex log file, a RADIUS server log file, and/or the Windows NT Using Remote Annex Documentation In addition to this manual, you need the for UNIX and the Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX...

  • Page 11: Name Server Issues

    Windows NT In addition, certain UNIX-based Annex features are not implemented in Remote Annex Server Tools for Windows NT as a guide to documentation that does not apply to Remote Annex Server ® Tools for Windows NT...
  • Page 12 A /4 A /13 A /14 A /15 (continued on next page) Remote Annex Server Tools for Windows NT UNIX Host-Originated Connections Using the Terminal Server TTY (TSTTY) Using the Transport Multiplexing (TMux) Protocol Terminal Server TTY How TSTTY Interacts with Annex Port Parameters Configuring the Annex for TSTTY...

  • Page 13: Platform Requirements

    Book/Chapter Topic B /2 C /4 Platform Requirements Remote Annex Server Tools for Windows NT TMux-Specific Annex Parameters vs. MIB Objects aprint rtelnet ® • Windows NT Server version 3.51 or 4.0 configured to support the TCP/IP protocol. • Administrative privileges on the server.
  • Page 14 Chapter 1 Introduction ® Remote Annex Server Tools for Windows NT User Guide...

  • Page 15: Selecting Server Tools Options

    RADIUS server, and view information about your current Remote Annex Server Tools for Windows NT Selecting a Security Server...
  • Page 16 In the Directory for security files field, accept the default or enter a new destination drive and directory for the acp_logfile file. This field lists the drive on which you installed Remote Annex ® Server Tools for Windows NT system stores the acp_dialup, acp_keys, and acp_userinfo files.
  • Page 17 If you selected Native NT, select a name from the Groups list box. Use Add to move the group you selected to the Remote Access Groups list box. Remote Annex Server Tools for Windows NT Chapter 2 Selecting Server Tools Options ®...

  • Page 18: Creating A Remote Users Group

    If you want to change your selections, select the group from the list box and use the use Remove. If you install Remote Annex Server Tools for Windows NT primary domain controller, the groups you select here must have local log on privileges to allow authentication.
  • Page 19 Click on the Domain pull–down menu. The list boxes Groups and Remote Access Groups become active and list the group (s) you created in the above steps. Remote Annex Server Tools for Windows NT Chapter 2 Selecting Server Tools Options ®...

  • Page 20: Creating A Radius Authentication And Accounting Server

    Creating a RADIUS Authentication and Accounting Server To create a RADIUS Authentication or Accounting server: Remote Annex Server Tools for Windows NT Select the newly created Group from the Groups list box and click on Add. The selected group appears in the Remote Access Groups list box.
  • Page 21 RADIUS servers. Once you create a second RADIUS server, the first RADIUS server created appears in the Backup Server drop- down list. Remote Annex Server Tools for Windows NT Chapter 2 Selecting Server Tools Options for more details on Secret, Chapter ®...

  • Page 22: Selecting Booting/Logging Options

    files, and to choose directories, time formats and network address formats for the log file. Remote Annex Server Tools for Windows NT To display this window, choose the Booting/Logging tab in the Server Tools Options window.
  • Page 23 Select Use NT Event Log, Use acp_logfile, or Use RADIUS Logging to choose a method for storing log messages. You can log syslog messages generated at the Remote Annex as well as security messages generated by erpcd or RADIUS: •...

  • Page 24: Using The Event Viewer

    Annex that generates logging messages in the log files. • Use Host Name to include a Remote Annex name in the log files instead of the Remote Annex’s Internet address. The time and address formats you choose will appear in the acp_logfile or RADIUS logging.
  • Page 25 Chapter 2 Selecting Server Tools Options ® Windows NT To see logs, double-click on the Event Viewer icon in Administrative Tools and select Application from the Log menu. ARNING ® 2-11 Remote Annex Server Tools for Windows NT User Guide...
  • Page 26 . The Event Log’s Detail window lists the time an event occurred. • Source lists the software that logged the event. • For syslog messages from a Remote Annex or from the network, Annex_syslog • For messages generated by erpcd, the column displays Annex_syslog •...

  • Page 27: Configuring A Radius Server

    RADIUS servers and associated parameters. To see this information, click on the Server Tools Options window’s RADIUS Servers tab. Remote Annex Server Tools for Windows NT Chapter 2 Selecting Server Tools Options ®...

  • Page 28: Creating And Configuring A Radius Server

    Selecting Server Tools Options Creating and Configuring a RADIUS Server To create and configure a new RADIUS Server: 2-14 Remote Annex Server Tools for Windows NT Click on New. All information fields become active. Enter the Host Name in the text field.

  • Page 29: Modifying Radius Server Information

    Click on Apply to set your changes and leave the Server Tools Options window open on your desktop. Use this option if you want to make changes in any of the other tabbed dialogs. Remote Annex Server Tools for Windows NT Chapter 2 Selecting Server Tools Options ®...

  • Page 30: Deleting Radius Server Information

    Chapter 2 Selecting Server Tools Options Deleting RADIUS Server Information 2-16 Remote Annex Server Tools for Windows NT Select the RADIUS Server to be deleted and click on Delete. All information text fields remain inactive and a confirmation dialog box appears.

  • Page 31: Displaying Version Information

    Displaying Version Information The Version tab window provides the company and product name, version number, and build number for the Remote Annex Server Tools for Windows NT ® To see this information, click on the Server Tools Options window’s Version tab.
  • Page 32 Chapter 2 Selecting Server Tools Options ® 2-18 Remote Annex Server Tools for Windows NT User Guide...

  • Page 33: Understanding Erpcd

    Annex Server Tools for Windows NT remote procedure call daemon (erpcd) running on a Windows NT server. Erpcd responds to all Remote Annex boot, dump, and ACP security requests. ACP’s eservices file, stored in the \etc directory, lists the services that erpcd provides. Eservices includes controls for: •...

  • Page 34: Editing Files

    Your changes take effect immediately. User names and group names are not case-sensitive. Using the acp_userinfo File The acp_userinfo file stores information about the Remote Annex commands and protocols that are available to users. When a user logs in to the server, erpcd matches the login environment with acp_userinfo entries and controls user access based on these entries.
  • Page 35 For example, if a user who belongs to the Engineering group requests access to a Remote Annex port on Monday morning at 10 a.m. and a profile excludes Engineering group members from using that Remote Annex on Mondays between 9 and 11 a.m., the user cannot log in to the port.
  • Page 36 If you do not enter a domain name, erpcd assumes the user is registered in the domain in which Remote Annex Server Tools for ® is installed. If you create a profile for a user or group...
  • Page 37 Remote Annex names or IP addresses and one or more port numbers, respectively. You can use an asterisk to specify a partial Remote Annex name or IP address. In addition, you can enter individual port numbers separated by commas or a range of port numbers using dashes (e.g.,...
  • Page 38 (e.g., annex= Annex 02, 245.132.88.22; ports=1,3,6-22 you omit Remote Annex names or addresses and list one or more ports, profile attributes will apply to all Remote Annexes. Open the acp_userinfo file from the Bay Networks program group window by double-clicking on the appropriate icon.
  • Page 39 Go to the area of the file where entry information resides and type clicmd Enter a single user or superuser CLI command or the name of an existing macro defined for a Remote Annex. Remote Annex Server Tools for Windows NT Chapter 3 Understanding Erpcd for the access code.
  • Page 40 The climask attribute limits the CLI commands a user can execute. To use this attribute: Remote Annex Server Tools for Windows NT Type You can repeat the line you created in Steps 1-3 if you want to use more than one CLI command. Erpcd executes CLI commands in the order in which they appear.
  • Page 41 The deny attribute prevents a user from connecting to a Remote Annex. To use the command: When erpcd denies access to a Remote Annex, it generates a message in the log file. For CLI users, the message appears on the screen.
  • Page 42 Each filter definition includes categories for direction, scope, family, criteria, and actions. You must separate each part of the filter definition with a space. 3-10 Remote Annex Server Tools for Windows NT Go to the area of the file where entry information resides and type filter Enter a filter definition.
  • Page 43 . For the port numbers that correspond to login these service names, refer to the Remote Annex Administrator’s Guide for UNIX. Remote Annex Server Tools for Windows NT Chapter 3 Understanding Erpcd , or icmp...
  • Page 44 The route attribute defines the IP routes that a router can make available through a Remote Annex when it dials in. You should use this attribute when you do not want a router to incur overhead in running a routing protocol itself.
  • Page 45 Enter an IP address for the gateway that is the next hop for the route. If you enter an asterisk, the Remote Annex uses the port’s remote address as the gateway. If necessary, you can enter a number from 1 to 15 to indicate the number of hops to the destination or the route is hardwired.
  • Page 46 You can specify one at_nve_filter attribute for each user in a profile. To use this attribute: 3-14 Remote Annex Server Tools for Windows NT Open the acp_userinfo file from the Bay Networks program group window by double-clicking on the appropriate icon.
  • Page 47 The at_password attribute stores a password for each registered AppleTalk user. Remote Annex Server Tools for Windows NT password to authenticate all AppleTalk users. To use this attribute: chap_secret The chap_secret attribute defines the token used for authentication when you use the CHAP protocol for PPP links.

  • Page 48: Using The Acp_Keys File

    When the security server receives an encrypted message from a Remote Annex, it matches the key with an associated Remote Annex in the acp_keys file. If there is no match, the Remote Annex and the server cannot communicate.

  • Page 49: Creating Encryption Keys

    Creating Encryption Keys You must define encryption keys by setting the acp_key parameter for each Remote Annex. If the key value is not the same in the acp_keys file and for the acp_key parameter, the Remote Annex and the server cannot communicate.

  • Page 50: Using The Acp_Dialup File

    To use the information in acp_dialup, you must set the dialup_addresses parameter to Remote Annex to search the acp_dialup file for the remote client’s user name and for local and remote addresses. Open the acp_dialup file from the Bay Networks program group window by double-clicking on the appropriate icon.

  • Page 51: Using Local And Remote Addresses

    Remote Annex uses the remote address from the file and the Remote Annex’s IP address for the local address. If the file does not contain a matching user name, the Remote Annex uses values from the local_address and remote_address parameters. •...
  • Page 52 Chapter 3 Understanding Erpcd ® 3-20 Remote Annex Server Tools for Windows NT User Guide...

  • Page 53: Using Security Features

    RADIUS for Windows NT implementation is significantly different from the UNIX implementation. Therefore to avoid confusion, all RADIUS for Windows NT information is included in this chapter. Remote Annex Server Tools for Windows NT Chapter 4 ® uses standard ®...

  • Page 54: Support For Multiple Domains

    Using Security Features Using Windows NT When a user logs on to a Remote Annex, to one of its ports, or to a network, the system performs authentication based on the security parameters you set. Once you set the parameters that enable a type of security:...

  • Page 55: Multiple Domain Authentication Setup Procedure

    ® Windows NT steps All Windows NT defined to the Remote Annex Server Tools software. Those definitions are accomplished in the following steps: Server Tools steps The user’s name must be defined in the acp_userinfo and acp_dialup file in the format:...

  • Page 56: Setting Remote Annex Security Parameters

    You can define a backup security server in the pref_secure2_host parameter. • If a Remote Annex queries the primary server and does not receive a response within the time defined in the network_turnaround parameter, it queries the backup server.

  • Page 57: Types Of Security

    You can customize security features by editing several ACP files. These files are maintained by the security server through Remote Annex Server Tools for Windows NT ® program window. • The acp_keys file includes encryption key information. • The acp_dialup file contains user names and addresses for dial-up connections.

  • Page 58: Ppp Security

    You need to set certain parameters to enable each type of security described here. Once you set parameters, each user will have to enter a user name and password. Remote Annex Server Tools for Windows ® will grant access only to those user names and passwords listed ®...

  • Page 59: Cli Security

    Virtual CLI (VCLI) connections allow network users access to CLI commands. When a user enters a telnet command to connect to a Remote Annex and requests the CLI at the port server prompt, the Remote Annex’s port server process creates a virtual CLI connection.

  • Page 60: Port Server Security

    The Remote Annex’s port server process allows it to accept telnet or rlogin connection requests from network users, hosts, and applications. When a user connects to a Remote Annex via telnet or rlogin and responds to the port prompt by entering a port or rotary number, the security server requires an Windows NT password.

  • Page 61: Radius Security

    Authorization is addressed by the Access Control Protocol (ACP). Authorization of the acp_userinfo, acp_restrict, and acp_dialup files still apply to users that are authenticated through RADIUS. Remote Annex Server Tools for Windows NT Chapter 4 Using Security Features ®...

  • Page 62: Radius And Acp Protocol Operation

    Reject or an unsupported Access- Challenge or the backup RADIUS server also fails to respond, 4-10 Remote Annex Server Tools for Windows NT The... expedited remote procedure call daemon (ERPCD)/ACP prompts the Remote Annex for the user name and password.

  • Page 63: Radius Authentication

    If the RADIUS on/off toggle switch in the Server Tools Options/ Security dialog box is set to off, the ACP server validates against the chap_secret entry in the acp_userinfo file. Remote Annex Server Tools for Windows NT Chapter 4 Using Security Features Then...

  • Page 64: Access-Request Attributes

    Indicates the IP address of the Annex authenticating the user or sending an Accounting packet. NAS-Port-Type Specifies the Remote Annex port handling the user session. This value corresponds to the physical port type. Supported port types: 4-12 Remote Annex Server Tools for Windows NT •...
  • Page 65 Although not an attribute, CHAP-Challenge appears in the Authenticator of the RADIUS header. • • SLIP • Login • Framed • NAS–Prompt • Outbound • Administrative Remote Annex Server Tools for Windows NT Chapter 4 Using Security Features ® 4-13 User Guide...

  • Page 66: Access-Accept And Access-Reject Attributes

    Attributes included in the RADIUS Access-Accept and Access-Reject packets are ignored by ERPCD/ACP in this version. However, ERPCD/ ACP does instruct the Remote Annex to display any text sent in a Reply- Message attribute as long as the user is a CLI or port server user.

  • Page 67: Radius Accounting Process

    • Accounting-on (7) - ACP logging connection becomes active • Accounting-off (8) - ACP audit logging connection becomes inactive Remote Annex Server Tools for Windows NT Chapter 4 Using Security Features The... security profile for the ACP Authorization-Request must match...

  • Page 68: Radius Configuration Management

    Configuring the RADIUS Authentication and Accounting server involves setting parameters to define the server’s operating and administrative attributes. This section covers the following topics: 4-16 Remote Annex Server Tools for Windows NT • The RADIUS Servers dialog box: • RADIUS Servers •...
  • Page 69 No white space can exist between the keyword and “=” or the value and “=”. Remote Annex Server Tools for Windows NT Chapter 4 Using Security Features ®...
  • Page 70 RADIUS Servers dialog box. timeout retries 4-18 Remote Annex Server Tools for Windows NT The number of seconds to wait for a response before sending a retry. The number of times to retry before fail-over to the backup server, or authentication is discontinued.
  • Page 71 When or If... a user is to be authenticated, an Access-Request packet is sent to the RADIUS server, the time expires, (continued on next page) Remote Annex Server Tools for Windows NT Chapter 4 Using Security Features security. ® The...

  • Page 72: Backup Security

    If you configure port server, CLI, VCLI, and PPP security to use Windows ® available, the Remote Annex can use its locally-stored password parameters to restrict user access. These parameters settings serve as backup security.To use backup security, you must set the parameters listed in the following table.

  • Page 73: Radius Dictionary File

    The file that we provide includes the latest IETF definitions of the RADIUS protocol at the time of release. It includes all attributes and values that are needed to support our Remote Annex and erpcd implementation. It is not necessary that our definitions be used directly, but other dictionaries may have to be extended to cover our usage.
  • Page 74 VALUE VALUE VALUE VALUE VALUE VALUE VALUE VALUE VALUE VALUE VALUE VALUE VALUE VALUE <...> 4-22 Remote Annex Server Tools for Windows NT User-Name Password CHAP- Password NAS-IP-Address NAS-Port Service-Type Framed-Protocol Framed-IP-Address Framed Protocols Framed-Protocol Framed-Protocol SLIP Framed-Protocol ARAP Framed-Protocol...

  • Page 75: Browser Definition

    Domain or workgroup. Microsoft now provides a Windows Internet Naming Service (WINS) for the Windows NT the problems with locating Browsers. Remote Annex Server Tools for Windows NT ® server that eliminates many of ®...
  • Page 76 The station caches the location of up to 3 browsers and accesses them in the future in a random pattern. The browse request load is thereby spread among the available browsers. Remote Annex Server Tools for Windows NT ® User Guide...

  • Page 77: Locating Browsers

    MB will be unable to browse the network. Appendix A Browsing for Resources on a Microsoft Network ). An election is held between all potential MBs Remote Annex Server Tools for Windows NT ® , Windows 95, ® User Guide...

  • Page 78: The Wins Solution

    DMB for the browse list for the domain. Clients The following clients can use the enhanced WINS browse capability (are WINS aware): Remote Annex Server Tools for Windows NT ® 3.5 or greater. WINS primary function is to provided name ®...
  • Page 79 Note that this is only necessary on clients that will encounter browsing problems because their broadcast queries will not be routed correctly. If a master browser exists on the subnet, the disabling will not be necessary. Remote Annex Server Tools for Windows NT ® server ®...

  • Page 80: Remote Annex Example

    Browsing for Resources on a Microsoft Network Remote Annex Example The Remote Annex forwards IP broadcasts from a remote access client to the network that the Annex is on. If that network is a subnet that has no PCs capable of being a master browser, the remote client must be configured to use WINS to be able to browse Microsoft resources.

  • Page 81: Additional Information

    Appendix A Browsing for Resources on a Microsoft Network Check internal cache of resolved names. Ask WINS (if enabled). Broadcast to resolve name. Check LMHOSTS file. servername Remote Annex Server Tools for Windows NT #PRE #DOM:dept #net ® User Guide...
  • Page 82 Remote Annex Server Tools for Windows NT • #DOM:dept indicates that server name is a domain controller for the dept domain •...
  • Page 83 3-9 Detail window 2-8, 2-12 dialup_addresses parameter 3-18 Directory for security file 2-2 documentation conventions vii documentation, using remote annex 1-2 to 1- list of documentation exceptions 1-3 logging issues 1-3 name server issues 1-3 user authentication issues 1-2...
  • Page 84 See security parameters platform requirements 1-5 port_server_security parameter 4-8 ports keyword 3-5 Index-2 Remote Annex Server Tools for Windows NT ppp_security_protocol parameter 4-6 pref_secure1_host parameter 4-4 pref_secure2_host parameter 4-4 Preload PDC Address A-7 profiles, defining user 3-2 to 3-15...
  • Page 85 4-8 Version Information 2-1 Version information, displaying 2-17 windows Detail 2-8, 2-12 Server Tools Options 4-2 selecting Server Tools Options window 2-1 Workgroups and Domains A-8 Remote Annex Server Tools for Windows NT Index ® User Guide Index-3...
  • Page 86 Index Index-4 ® Remote Annex Server Tools for Windows NT User Guide...

This manual is also suitable for:

Remote annex server tools

Table of Contents