1. Manuals
  2. Brands
  3. Bay Networks Manuals
  4. Software
  5. Remote Annex
  6. User manual

Bay Networks Remote Annex User Manual

For windows nt
Hide thumbs Also See for Remote Annex:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Administrator's Manual, Installation Manual
Remote Annex
Server Tools for
®
Windows NT
User Guide
Part No. 166-025-305 Rev. A
January 1997

Advertisement

Table of Contents
loading

Related Manuals for Bay Networks Remote Annex

Summary of Contents for Bay Networks Remote Annex

  • Page 1 Remote Annex Server Tools for ® Windows NT User Guide Part No. 166-025-305 Rev. A January 1997...
  • Page 2 Computer Software-Restricted Rights clause at FAR 52.227-19. Trademarks of Bay Networks, Inc. Annex, Remote Annex, Annex Manager, Remote Annex 2000, Remote Annex 4000, Remote Annex 6100, Remote Annex 6300, Remote Annex 5390/Async, Remote Annex 5391/CT1, Remote Annex 5393/PRI, Remote Access Concentrator 5399,BayStack Remote Annex 2000 Server, Quick2Config, Bay Networks,...
  • Page 3 Revision Level History Revision Description Initial release. Remote Annex Server Tools for Windows NT ® User Guide...
  • Page 4 Revision Level History ® Remote Annex Server Tools for Windows NT User Guide...

  • Page 5: Table Of Contents

    Setting Remote Annex Security Parameters ........
  • Page 6 Remote Annex Example ........
  • Page 7 Remote Annexes. This guide is part of the complete Remote Annex documentation set. You should refer to other manuals in the set for information not related to Remote Annex Server Tools for Windows NT...

  • Page 8: Preface

    Preface About This Book This book documents Remote Annex Server Tools for Windows NT explains the product’s features and provides instructions for each of those features. The Remote Annex Server Tools the following chapters: viii Remote Annex Server Tools for Windows NT for Windows NT •...

  • Page 9: Documentation Conventions

    The following table lists the User Guide Convention: Italics special type bold Remote Annex Server Tools for Windows NT conventions: Represents: chapter titles, book titles, and chapter headings. defines samples in the na utility. path names, program names, field names, or file names.
  • Page 10 Preface ® Remote Annex Server Tools for Windows NT User Guide...

  • Page 11: Introduction

    Remote Annex/5399 RAC to another. • Create new site defaults. For the remainder of this manual, the term ‘Remote Annex’ is substituted for Model 5399 Remote Access Concentrator Module. Remote Annex Server Tools for Windows NT...

  • Page 12: Windows Nt ® Server Access Security Features

    Remote Annex using the Server Tools Options graphical user interface. Remote Annex Server Tools for Windows NT standard Remote Annex log file, a RADIUS server log file, and the Windows NT Using Remote Annex Documentation In addition to this manual, you need the Remote Annex Administrator’s Guide for UNIX Administrator’s Guide...

  • Page 13: Name Server Issues

    Remote Annex Server Tools for Windows NT 116 name servers. We do not ship IEN-116 for Windows NT information, see the Remote Annex Administrator’s Guide for UNIX. that IEN-116 discussions do not apply to Remote Annex Server Tools for ® Windows NT Logging Issues Besides the standard Annex log destinations, you can configure Remote...
  • Page 14 A /4 A /13 A /14 A /15 (continued on next page) Remote Annex Server Tools for Windows NT UNIX Host-Originated Connections Using the Terminal Server TTY (TSTTY) Using the Transport Multiplexing (TMux) Protocol Terminal Server TTY How TSTTY Interacts with Annex Port Parameters Configuring the Annex for TSTTY...

  • Page 15: Platform Requirements

    Book/Chapter Topic B /2 C /4 Platform Requirements Remote Annex Server Tools for Windows NT TMux-Specific Annex Parameters vs. MIB Objects aprint rtelnet ® • Windows NT Server version 3.51 or 4.0 configured to support the TCP/IP protocol. • Administrative privileges on the server.

  • Page 16: Document References

    ACE/Server software security types backup security Remote Annex Server Tools for Windows NT • Remote Annex Adminstator’s Guide to UNIX (for port numbers as profile attributes) • Model 5399 Remote Access Concentrator Network Administrator’s Guide (for port types as profile attributes) •...

  • Page 17: Selecting Server Tools Options

    RADIUS server, and view information about your current Remote Annex Server Tools for Windows NT Selecting a Security Server...
  • Page 18 To select options in the Security window: Specify a Regime Select the protocol you desire from the Regime radio box. • • • Remote Annex Server Tools for Windows NT Native NT (default selection) RADIUS Security SecurID ® User Guide...
  • Page 19 Windows NT authenticates them. Any users who are not members of the groups listed here will not have access to the Remote Annexes, their ports, or networks. Remote Annex Server Tools for Windows NT Chapter 2 Selecting Server Tools Options ®...
  • Page 20 Groups list box and click on Remove, or double-click the group name. If you install Remote Annex Server Tools for Windows NT primary domain controller, the groups you select here must have local log on privileges to allow authentication.
  • Page 21 Click on the Domain pull–down menu. The list boxes Groups and Remote Access Groups become active and list the group(s) you created in the above steps. Remote Annex Server Tools for Windows NT Chapter 2 Selecting Server Tools Options ®...

  • Page 22: Creating A Radius Authentication And Accounting Server

    Creating a RADIUS Authentication and Accounting Server To create a RADIUS Authentication or Accounting server: Remote Annex Server Tools for Windows NT Select the newly created Group from the Groups list box and click on Add. The selected group appears in the Remote Access Groups list box.
  • Page 23 RADIUS server. When you create a second RADIUS server, the first RADIUS server then appears in the Backup Server drop–down list. Remote Annex Server Tools for Windows NT Chapter 2 Selecting Server Tools Options for more details on Secret, ®...

  • Page 24: Selecting Booting/Logging Options

    files, and to choose directories, time formats and network address formats for the log file. Remote Annex Server Tools for Windows NT To display this window, choose the Booting/Logging tab in the Server Tools Options window.
  • Page 25 To select options in the Booting/Logging window: In the Directory for load and dump files field, you can accept the default or enter a drive and directory for the Remote Annex system images and dump files. This field automatically lists the drive on which the Remote Annex Server Tools for Windows NT default directory, where the system stores load and dump files.

  • Page 26: Using The Event Viewer

    Annex that generates logging messages in the log files. • Use Host Name to include a Remote Annex name in the log files instead of the Remote Annex’s Internet address. The time and address formats you chose appear in the acp_logfile or RADIUS logging.
  • Page 27 Selecting Server Tools Options ® To view Windows NT logs, double-click on the Event Viewer icon in Administrative Tools and select Application from the Log menu. ARNING Figure 2-2 ® 2-11 Remote Annex Server Tools for Windows NT User Guide...
  • Page 28 . TheDetail window of the Event Log lists the times events occur. • Source lists the software that logged the event. • For syslog messages from a Remote Annex or from the network, Annex_syslog • For messages generated by erpcd, the column displays Annex_syslog •...

  • Page 29: Configuring A Radius Server

    RADIUS servers and associated parameters. To view this information, click on the RADIUS Servers tab of the Server Tools Options window. Remote Annex Server Tools for Windows NT Chapter 2 Selecting Server Tools Options ®...

  • Page 30: Creating And Configuring A Radius Server

    Creating and Configuring a RADIUS Server To create and configure a new RADIUS Server: 2-14 Remote Annex Server Tools for Windows NT Click on New. All information fields become active. Enter the Host Name of the RADIUS Server you are creating in the text field.

  • Page 31: Modifying Radius Server Information

    Click on Apply to set your changes and leave the Server Tools Options window open on your desktop. Use this option if you want to make changes in any of the other tabbed dialogs. Remote Annex Server Tools for Windows NT Chapter 2 Selecting Server Tools Options ®...

  • Page 32: Deleting Radius Server Information

    Chapter 2 Selecting Server Tools Options Deleting RADIUS Server Information 2-16 Remote Annex Server Tools for Windows NT Select the RADIUS Server to be deleted and click on Delete. All information text fields remain inactive and a confirmation dialog box appears.

  • Page 33: Displaying Version Information

    Displaying Version Information The Version tab window provides the company and product name, version number, and build number for the Remote Annex Server Tools for Windows NT Figure 2-4 The Version Dialog Box ® To view this information, click on the Version tab of the Server Tools Options window.
  • Page 34 Chapter 2 Selecting Server Tools Options ® 2-18 Remote Annex Server Tools for Windows NT User Guide...

  • Page 35: Understanding Erpcd

    Annex Server Tools for Windows NT remote procedure call daemon (erpcd) running on a Windows NT server. Erpcd responds to all Remote Annex boot, dump, and ACP security requests. ACP’s eservices file, stored in the \etc directory, lists the services that erpcd provides. Eservices includes controls for: •...

  • Page 36: Editing Files

    The changes take effect immediately. User names and group names are not case-sensitive. Using the acp_userinfo File The acp_userinfo file stores information about the Remote Annex commands and protocols available to users. When a user logs into the server, erpcd matches the login environment with acp_userinfo entries, and controls user access based on these entries.
  • Page 37 For example, if a user who belongs to the Engineering group requests access to a Remote Annex port on Monday morning at 10 a.m. and a profile excludes Engineering group members from using that Remote Annex on Mondays between 9 and 11 a.m., the user cannot log in to the port.
  • Page 38 If you do not enter a domain name, erpcd assumes the user is registered in the domain in which Remote Annex Server Tools for ® Windows NT is installed.
  • Page 39 To list Remote Annexes and/or ports, type by one or more Remote Annex names or IP addresses and one or more port numbers, respectively. Use an asterisk to specify a partial Remote Annex name or IP address.
  • Page 40 (e.g., annex= Annex 02, 245.132.88.22; ports=1,3,6-22 you omit Remote Annex names or addresses and list one or more ports, the profile attributes apply to all Remote Annexes. From the Bay Networks program group window, double-click on the appropriate icon to open the acp_userinfo file.
  • Page 41 Find the area of the file where entry information resides and type clicmd Enter a single user or superuser CLI command, or the name of an existing macro defined for a Remote Annex. Remote Annex Server Tools for Windows NT Chapter 3 Understanding Erpcd for the access code.
  • Page 42 The climask attribute limits the CLI commands users can execute. To use this attribute: Remote Annex Server Tools for Windows NT Type Repeat the line you created in Steps 1-3 if you want to use more than one CLI command. Erpcd executes CLI commands in the order they appear.
  • Page 43 The deny attribute prevents a user from connecting to a Remote Annex. To use the command: When erpcd denies access to a Remote Annex, it generates a message in the log file. For CLI users, the message appears on the screen.
  • Page 44 Each filter definition includes categories for direction, scope, family, criteria, and actions. Separate each part of the filter definition with a space. 3-10 Remote Annex Server Tools for Windows NT Find the area of the file where entry information resides, and type filter Enter a filter definition.
  • Page 45 . For the port numbers that correspond to login these service names, see Document References on page 1-6. Remote Annex Server Tools for Windows NT Chapter 3 Understanding Erpcd dst_address , or icmp domain finger name...
  • Page 46 The route attribute defines the IP routes that a router makes available through a Remote Annex when it dials in. Use this attribute when you do not want a router to incur overhead in running a routing protocol itself.
  • Page 47 Enter an IP address for the gateway that is the next hop for the route. If you enter an asterisk, the Remote Annex uses the remote address of the port as the gateway. If necessary, you can enter a number from 1 to 15 to indicate the number of hops to the destination, or route is hardwired.
  • Page 48 Specify one at_nve_filter attribute for each user in a profile. To use this attribute: 3-14 Remote Annex Server Tools for Windows NT From the Bay Networks program group window, double-click on the appropriate icon to open the acp_userinfo file.
  • Page 49 The at_password attribute stores a passwords for registered AppleTalk users. Remote Annex Server Tools for Windows NT to authenticate all AppleTalk users. To use this attribute: chap_secret The chap_secret attribute defines the token used for authentication when you use the CHAP protocol for PPP links. CHAP authenticates users based on the user names in the acp_userinfo file.

  • Page 50: Using The Acp_Keys File

    When the security server receives an encrypted message from a Remote Annex, it matches the key with an associated Remote Annex in the acp_keys file. If there is no match, the Remote Annex and the server cannot communicate.

  • Page 51: Creating Encryption Keys

    The acp_keys file opens in the Notepad editor. Find the area of the file where entry information resides and enter Remote Annex names or IP addresses and encryption keys in the acp_keys file. Use the Remote Annex admin utility to set the acp_key parameter for each Remote Annex you listed in the acp_keys file.

  • Page 52: Using The Acp_Dialup File

    To use the information in acp_dialup, you must set the address_origin parameter to Remote Annex to search the acp_dialup file for the remote client’s user name and for local and remote addresses. From the Bay Networks program group window, double-click on the appropriate icon to open the acp_dialup file.

  • Page 53: Using Local And Remote Addresses

    Remote Annex uses the remote address from the file, and uses the Remote Annex’s IP address for the local address. If the file does not contain a matching user name, the Remote Annex uses values from the local_address and remote_address parameters.
  • Page 54 Chapter 3 Understanding Erpcd ® 3-20 Remote Annex Server Tools for Windows NT User Guide...

  • Page 55: Using Security Features

    RADIUS for Windows NT implementation is significantly different from the UNIX implementation. Therefore to avoid confusion, all RADIUS for Windows NT is included in this chapter. Remote Annex Server Tools for Windows NT Chapter 4 ® uses standard ®...

  • Page 56: Using Windows Nt ® Domain Security

    Using Security Features Using Windows NT When a user logs on to a Remote Annex, to one of its ports, or to a network, the system performs authentication based on the security parameters you enter. Once you set the parameters that enable a type of security:...

  • Page 57: Multiple Domain Authentication Setup Procedure

    Workgroups ® steps to facilitate support for multiple Establish the appropriate trust relationship among domains. Load the Remote Annex Server Tools for Windows NT trusting domain controller. Define the user(s) in the trusted domain’s security accounts manager database. ®...

  • Page 58: Setting Remote Annex Security Parameters

    Define a backup security server in the pref_secure2_host parameter. • If a Remote Annex queries the primary server and does not receive a response within the time defined in the network_turnaround parameter, the Remote Annex queries the backup server.

  • Page 59: Types Of Security

    You can customize security features by editing several ACP files. These files are maintained by the security server through the Remote Annex Server Tools for Windows NT • The acp_keys file includes encryption key information. • The acp_dialup file contains user names and addresses for dial- up connections.

  • Page 60: Ppp Security

    You need to set certain parameters to enable each type of security described here. Once you set parameters, each user will have to enter a user name and password. Remote Annex Server Tools for Windows ® grants access only to those user names and passwords listed in ®...

  • Page 61: Cli Security

    CLI Security The Command Line Interpreter (CLI) of the Remote Annex allows users to connect to hosts, move between established sessions, modify port characteristics, and display statistics for the Remote Annex, hosts, and the network.

  • Page 62: Port Server Security

    Using Security Features Port Server Security The port server process of the Remote Annex allows it to accept telnet or rlogin connection requests from network users, hosts, and applications. When a user connects to a Remote Annex via telnet or rlogin and...

  • Page 63: Additional Security Types

    Additional Security Types Remote Annex Server Tools for Windows NT VCLI, and PPP security using Windows NT passwords. Remote Annex Server Tools for Windows NT To use ACE/Server (SecurID) security, select the security regime SecurID radio button in the Security dialog box.

  • Page 64: Radius Security

    Chapter 4 Using Security Features Remote Annex Server Tools for Windows NT support local Remote Annex security and Proprietary IPX security in the same way. Remote Annex Server Tools for Windows NT support the following server-based security types (see References RADIUS Security RADIUS is an IETF- developed protocol that defines a communication...

  • Page 65: Radius And Acp Protocol Operation

    ERPCD/ACP receives an Access- Reject or an unsupported Access- Challenge or the backup RADIUS server also fails to respond, Remote Annex Server Tools for Windows NT Chapter 4 Using Security Features The... expedited remote procedure call daemon (ERPCD)/ACP prompts the Remote Annex for the user name and password.

  • Page 66: Radius Authentication

    CHAP information, RADIUS server validates the information and returns either an Access-Accept or Access-Reject message, 4-12 Remote Annex Server Tools for Windows NT • PPP and CHAP Support • Access-Request Attributes • Access-Accept and Access-Reject Attributes If the RADIUS On/Off radio button in the Server Tools Options/ Security dialog box is set to off, the ACP server validates against the chap_secret entry in the acp_userinfo file.

  • Page 67: Access-Request Attributes

    NAS-IP-Address Indicates the IP address of the Annex authenticating the user or sending an Accounting packet. NAS-Port-Type Specifies the Remote Annex port handling the user session. This value corresponds to the physical port type. Supported port types: • Async (0) •...
  • Page 68 Specifies the link level protocol type allowable to the user. Supported values are: Service-Type Specifies the type of service the user will receive. Supported types of service are: 4-14 Remote Annex Server Tools for Windows NT Description Serial interface port Virtual (VCLI, FTP) Dial-out Ethernet (outbound) Although not an attribute, CHAP-Challenge appears in the Authenticator of the RADIUS header.

  • Page 69: Access-Accept And Access-Reject Attributes

    In this version, attributes included in the RADIUS Access-Accept and Access-Reject packets are ignored by ERPCD/ACP. However, ERPCD/ ACP does instruct the Remote Annex to display text sent in a Reply- Message attribute as long as the user is a CLI or port server user.

  • Page 70: Radius Accounting Process

    Acct-Status-Type Marks whether the Accounting packet sent to the RADIUS server is the beginning or end of a dial-up session. 4-16 Remote Annex Server Tools for Windows NT • Start (1) - ERPCD/ACP login events • Stop (2) - ERPCD/ACP logout events •...

  • Page 71: Radius Configuration Management

    The RADIUS Servers dialog box: • RADIUS Servers • Fail-over Algorithm • Secret Format • Response Timeout and Number of Retries Format • Backup Server Remote Annex Server Tools for Windows NT Chapter 4 Using Security Features ® 4-17 User Guide...
  • Page 72 Attribute Secret Timeout Retries Backup server RADIUS Authentication Server and Accounting Server Secret Format 4-18 Remote Annex Server Tools for Windows NT Value 4 seconds None • RADIUS Authentication Server is the host name of the RADIUS Authentication server. •...
  • Page 73 The number of times to retry before fail-over to the backup server, or authentication is discontinued. Fail-over occurs if the host is the original primary server. This entry must be on one line. Remote Annex Server Tools for Windows NT Chapter 4 Using Security Features ®...
  • Page 74 RADIUS server, the time expires, (continued on next page) 4-20 Remote Annex Server Tools for Windows NT From the Server Tools Options dialog box, click on the Security tab. Select the RADIUS radio button to enable the RADIUS security server.

  • Page 75: Backup Security

    If you configure port server, CLI, VCLI, and PPP security to use Windows ® available, the Remote Annex uses its locally stored password parameters to restrict user access. These parameters settings serve as backup security.To use backup security, you must set the parameters listed in the following table.

  • Page 76: Radius Dictionary File

    The file we provide includes the latest IETF definitions of the RADIUS protocol at the time of release. It includes all attributes and values that are needed to support our Remote Annex and erpcd implementation. It is not necessary that our definitions be used directly, but other dictionaries may have to be extended to cover our usage.
  • Page 77 VALUE Service-Type VALUE Service-Type VALUE Service-Type VALUE Service-Type VALUE Service-Type VALUE Service-Type VALUE Service-Type <...> Remote Annex Server Tools for Windows NT Chapter 4 Using Security Features string string string ipaddr integer integer integer ipaddr SLIP ARAP Gandalf-SL/MLP IPX/SLIP Login-User...
  • Page 78 Chapter 4 Using Security Features ® 4-24 Remote Annex Server Tools for Windows NT User Guide...

  • Page 79: Browser Definition

    Domain or workgroup. Microsoft now provides a Windows Internet Naming Service (WINS) for the Windows NT the problems with locating Browsers. Remote Annex Server Tools for Windows NT Appendix A Microsoft Network ®...
  • Page 80 The station caches the location of up to 3 browsers and accesses them in the future in a random pattern. The browse request load is thereby spread among the available browsers. Remote Annex Server Tools for Windows NT ® User Guide...

  • Page 81: Locating Browsers

    A remote access client calling into a subnet with no MB will be unable to browse the network. Appendix A Browsing for Resources on a Microsoft Network Remote Annex Server Tools for Windows NT ® , Windows 95, ®...

  • Page 82: The Wins Solution

    DMB for the browse list for the domain. Clients The following clients can use the enhanced WINS browse capability (are WINS aware): Remote Annex Server Tools for Windows NT ® 3.5 or greater. WINS primary function is to provide name ®...
  • Page 83 Note that this is only necessary on clients that will encounter browsing problems because their broadcast queries will not be routed correctly. If a master browser exists on the subnet, the disabling will not be necessary. Remote Annex Server Tools for Windows NT ® server ®...

  • Page 84: Remote Annex Example

    Browsing for Resources on a Microsoft Network Remote Annex Example The Remote Annex forwards IP broadcasts from a remote access client to the network that the Annex is on. If that network is a subnet that has no PCs capable of being a master browser, the remote client must be configured to use WINS to be able to browse Microsoft resources.

  • Page 85: Additional Information

    Appendix A Browsing for Resources on a Microsoft Network Checks internal cache of resolved names. Asks WINS (if enabled). Broadcasts to resolve name. Checks LMHOSTS file. servername Remote Annex Server Tools for Windows NT #PRE #DOM:dept #net ® User Guide...
  • Page 86 Remote Annex Server Tools for Windows NT • #DOM:dept indicates that server name is a domain controller for the dept domain •...
  • Page 87 3-9 detail window 2-12 document references 1-6 documentation conventions ix documentation exceptions 1-3 documentation, using remote annex 1-2 to 1- list of documentation exceptions 1-3 logging issues 1-3 name server issues 1-3 user authentication issues 1-2 domain, selecting 2-3...
  • Page 88 3-19 locating browsers A-3 logging 1-3 options 2-8 selecting options 2-1 to 2-10 Index-2 Remote Annex Server Tools for Windows NT master browsers A-2 modifying 2-15 multiple domains 4-2 authentication setup procedure 4-3 na utility 3-3, 3-15, 3-18, 4-1...
  • Page 89 3-5 use NT event log 2-8 user authentication 1-2 user manager for domains 4-1 user...end block 3-3 user-name attribute 4-13 username keyword 3-4 user-password attribute 4-13 Remote Annex Server Tools for Windows NT Index ® Index-3 User Guide...
  • Page 90 4-8 version information 2-1 version information, displaying 2-17 virtual CLI security 4-7 windows detail 2-12 server tools options 4-2 selecting server tools options window 2-1 workgroups and domains A-8 Index-4 Remote Annex Server Tools for Windows NT ® User Guide...

This manual is also suitable for:

Remote annex server tools

Table of Contents