3Com 09-0704-001 User Manual

ACCESSBUILDER SECURITY PACKAGE -- NETWARE/WORKGROUP USER GUIDE
Software Version 1.2
Part No. 09-0704-001 Published May 1995
3Com Corporation 5400 Bayfront Plaza Santa Clara, California 95052-8145
3Com Corporation, 1994. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without permission from 3Com Corporation.
3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of 3Com Corporation to provide notification of such revision or change.
3Com Corporation provides this documentation without warranty of any kind, either implied or expressed, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. 3Com may make improvements or changes in the product(s) and/or the program(s) described in this documentation at any time.
UNITED STATES GOVERNMENT LEGENDS:
If you are a United States government agency, then this documentation and the software described herein are provided to you subject to the following restricted rights:
For units of the Department of Defense:
Restricted Rights Legend: Use, duplication or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) (1) (ii) for restricted Rights in Technical Data and Computer Software clause at 48 C.F.R. 52.227-7013. 3Com Corporation, 5400 Bayfront Plaza, Santa Clara, California 95052-8145.
For civilian agencies:
Restricted Rights Legend: Use, reproduction or disclosure is subject to restrictions set forth in subparagraph (a) through (d) of the Commercial Computer Software - Restricted Rights Clause at 48 C.F.R. 52.227-19 and the limitations set forth in 3Com;s standard commercial agreement for the software. Unpublished rights reserved under the copyright laws of the United States.
3ComFacts, Ask3Com, CardFacts, NetFacts, and CardBoard are service marks of 3Com Corporation. 3Com, AccessBuilder, LanScanner, LinkBuilder, NETBuilder, NETBuilder II, ViewBuilder, EtherDisk, EtherLink, EtherLink Plus, EtherLink II, TokenLink,
TokenLink Plus, and TokenDisk are registered trademarks of 3Com Corporation. 3Com Laser Library, 3TECH, Boundary Routing, CacheCard, FDDILink,NetProbe, Parallel Tasking, SmartAgent, Star-Tek, and Transcend are also trademarks of 3Com Corporation.
CompuServe is a registered trademark of CompuServe, Inc. Other brand and product names may be registered trademarks or trademarks of their respective holders. Guide written and produced by Gary Halverson.
ACCESSBUILDER SECURITY PACKAGE -- NETWARE/WORKGROUP USER GUIDE
(Software Version 1.2)
CONTENTS
1 INTRODUCTION
General Information 1–1
1.1. Three Security Client Types 1–1 NetWare Applications 1–2 Workgroup Applications 1–2
1.2. Compatibility 1–2
1.3. Limitations 1–3
2 NOVELL NETWARE
BINDERY/NDS SECURITY CLIENTS
2.1 Overview 2–1
2.2. Installation 2–1 SNDS Usage 2–5
2.3. De-installation 2–5
2.4. AccessBuilder Configuration 2–6
2.5. Usage 2–6 Client 2–6
3 ACCESSBUILDER NAME SERVER
3.1. Overview 3–1
3.2. Installation Steps 3–2 SUN OS 4.1x Installation 3–2 DOS Installation 3–3 Launching the Name Server 3–3
3.3. Command Options 3–4
3.4. Database Conversion 3–4
3.5. AccessBuilder Configuration 3–5
4 NAME SERVER DATABASE UTILITIES
4.1. General Information 4–1
4.2. User Record Contents 4–1
4.3. The Database Utilities User Interface 4–2
4.4. The Main Menu 4–2 Add a User Record 4–2 Modify User Record 4–3 Delete User Record 4–3 Display User Records 4–3 Save User Records into ASCII Files 4–4 Backup Database 4–5 Restore Database 4–5 Change Database Password 4–6
4.5. PATH 4–6
A DATABASE UTILITIES ERROR MESSAGES
B NAME SERVER ERROR MESSAGES
C TECHNICAL SUPPORT
LIMITED WARRANTY
1

INTRODUCTION

General
Information
The AccessBuilder Security Package is a model for flexible multi-vendor security interoperation that is consistent with preliminary IETF (Internet
Engineering Task Force) work. The AccessBuilder Security Package software provides the network administrator with the means to control network
access by remote users through an existing network security mechanism. The AccessBuilder Security Package model allows integration of Novell
NetWare security solutions while keeping the AccessBuilder open to future security options. The AccessBuilder Security Client is thus designed for
maximum flexibility and investment protection for 3Com AccessBuilder customers.
This document provides an overview of the Novell NetWare Bindery/NDS Security, a description of the installation procedures, and a summary of
limitations. Also provided is documentation and installation procedures for
AccessBuilder Name Server, a self-contained security database operating on a Sun workstation. The AccessBuilder Name Server has application in a
wide variety of workgroup environments.

1.1. Three Security Client Types

The AccessBuilder Security Package - NetWare/Workgroup Version 1.2 software provides compatibility with two major types of Novell
network-based user authentication environments and one self-contained security database package:
AccessBuilder Security Client for Novell NetWare Bindery Services
AccessBuilder Security Client for Novell NetWare Directory Services
AccessBuilder Name Server for networks running SunOS 4.1.x
1-2 CHAPTER 1: INTRODUCTION
The AccessBuilder Security Package - NetWare/Workgroup software modules are designed to reside on their respective server or client
workstations where they provide the appropriate agent software to interface between the AccessBuilder and the respective security server or
database.
NetWare
Applications
Workgroup
Applications
The AccessBuilder Security Client for Novell NetWare Bindery/NDS Security Clients work with the AccessBuilder server software Version 5.0 (or later) to
enable remote user access authentication to be handled automatically from an existing Novell security database. The AccessBuilder login/password
information is validated directly against the selected Novell security service. Each version is furnished on a single diskette.
The AccessBuilder Security Client for Novell NetWare bindery/NDS uses a designated user database maintained by Novell NetWare Bindery or
NetWare Directory Services. It is designed to perform the authentication process using these services.
The “AccessBuilder Name Server” module executes on a Sun Sparc station running SunOS 4.1.x to provide integrated LAN-based security through its
own user database. The security database can then be used for automatic validation of remote users logging into one or more AccessBuilder. This
software module is intended to reside on a network node where the AccessBuilder can query the security database through the AccessBuilder
UDP/IP-based protocol. Also, a set of tools for managing the security database is provided to facilitate database administration.

1.2. Compatibility

The AccessBuilder Security Client for Novell NetWare works with AccessBuilder server software version 5.0 or later and Remote Client
software version 5.0 or later.

1.3. Limitations 1-3

Table 1-1 AccessBuilder Server and Security Client Version Compatibility Matrix
Security Clients
1.0 1.2
4.0
4.1
5.0
1.3. Limitations Novell NetWare Security Client related limitations include:
ARA and PPP clients using CHAP authentication are not supported
Limitations applying to both NetWare Security Client and Name Server include:
No space characters are allowed in the user ID and password fields
When the AccessBuilder (Version 5.0) Security Access feature is enabled,
the user id and password fields are case sensitive. Also, when the remote client is using the AccessBuilder Remote Client software, version 5.0 or later must be used.
1-4 CHAPTER 1: INTRODUCTION
NOVELL NETWARE
2

2.1 Overview

BINDERY/NDS SECURITY CLIENTS
If you are not using the Novell NetWare Bindery/NDS Security Client, you may skip this section.
The NDS (Netware Directory Services) Security Client is a Novell NLM that runs on Novell Netware Server 4.X.
The Bindery Security Client is a Novell NLM runs on Novell NetWare Server
3.11 or 4.X. When a remote user dials into an AccessBuilder and provides the login
information, the AccessBuilder server generates a validation request to the Bindery/NDS Security Client. The Bindery/NDS Security Client then initiates
an authentication session with the Novell Netware server Bindery/NDS services. Based on the result of the authentication session, the Bindery/NDS
security Client sends a validation response back to the AccessBuilder server and indicates to the user that the authentication has failed or passed.

2.2. Installation To install the Bindery/NDS Security Client on a NetWare server, perform the

following steps (on the object server):
1 Verify that TCPIP NLM is running (by verifying the autoexec.ncf file).
If not, verify that Ethernet_II frame type is used. Bind IP to Ethernet_II frame type. Following this, at the server prompt load TCPIP NLM.
The following are examples of an autoexec.ncf file which loads NetWare Bindery Services, and NetWare Directory Services security clients:
2-2 CHAPTER 2: NOVELL NETWARE BINDERY/NDS SECURITY CLIENTS
(NetWare Bindery example)
set Time Zone = PST8PDT set Daylight Savings Time Offset = 1:00:00 set Start Of Daylight Savings Time = (APRIL SUNDAY FIRST 2:00:00 AM) set End Of Daylight Savings Time = (OCTOBER SUNDAY LAST 2:00:00 AM) set Default Time Server Type = SINGLE set Bindery Context = O=b010 file server name SATURN ipx internal net af0bfed9 load clib
load tcpip
load conlog load 3C5X9 slot=5 frame=ETHERNET_802.2 NAME=3C5X9_1 bind IPX to 3C5X9_1 net=AA440000
load 3c5x9 slot=5 frame=ETHERNET_II name=3c5x9_2
bind ipx to 3c5x9_2 net=cc100001 load 3C5X9 slot=5 frame=ETHERNET_802.3 NAME=3C5X9_3 bind IPX to 3C5X9_3 net=AA330000 load 3c5x9 slot=5 frame=ETHERNET_SNAP name=3c5x9_4 bind ipx to 3c5x9_4 net=AA550000
bind IP to 3c5x9_2 addr=192.147.72.3 mask=255.255.255.0
set maximum concurrent directory cache writes = 50 set maximum directory cache buffers = 4000 load cpqhlth load cdrom cpqsnmp mount all unload conlog load monitor ####################################################################### # AccessBuilder NetWare Security Client Software #######################################################################
load sbindery 3com
2.2. Installation 2-3
(NetWare Directory example)
set Time Zone = PST8PDT set Daylight Savings Time Offset = 1:00:00 set Start Of Daylight Savings Time = (APRIL SUNDAY FIRST 2:00:00 AM) set End Of Daylight Savings Time = (OCTOBER SUNDAY LAST 2:00:00 AM) set Default Time Server Type = SINGLE set Bindery Context = O=b010 file server name SATURN ipx internal net af0bfed9 load clib
load tcpip
load conlog load 3C5X9 slot=5 frame=ETHERNET_802.2 NAME=3C5X9_1 bind IPX to 3C5X9_1 net=AA440000
load 3c5x9 slot=5 frame=ETHERNET_II name=3c5x9_2
bind ipx to 3c5x9_2 net=cc100001 load 3C5X9 slot=5 frame=ETHERNET_802.3 NAME=3C5X9_3 bind IPX to 3C5X9_3 net=AA330000 load 3c5x9 slot=5 frame=ETHERNET_SNAP name=3c5x9_4 bind ipx to 3c5x9_4 net=AA550000
bind IP to 3c5x9_2 addr=192.147.72.3 mask=255.255.255.0
set maximum concurrent directory cache writes = 50 set maximum directory cache buffers = 4000 load cpqhlth load cdrom cpqsnmp mount all unload conlog load monitor
load dsapi
####################################################################### # AccessBuilder NetWare Security Client Software #######################################################################
load snds 3com
2 For NetWare Directory Services, be sure the line load dsapi.nlm occurs
before load snds.nlm (AccessBuilder Security Client).
3 Add a UDP port for the Bindery/NDS Security Client into \etc\services with
the service name "crsecacc", 888 is the default port number in the AccessBuilder server.
ex. add "crsecacc 888/udp" at the bottom of \etc\services as shown in the following example:
2-4 CHAPTER 2: NOVELL NETWARE BINDERY/NDS SECURITY CLIENTS
(\etc\services example)
# SYS:ETC\SERVICES # # Network service mappings. Maps service names to transport # protocol and transport protocol ports. # echo 7/tcp discard 9/tcp sink null systat 11/tcp daytime 13/tcp netstat 15/tcp ftp-data 20/tcp ftp 21/tcp telnet 23/tcp smtp 25/tcp mail time 37/udp timserver name 42/udp nameserver whois 43/tcp nicname # usually to sri-nic domain 53/tcp hostnames 101/tcp hostname # usually to sri-nic sunrpc 111/udp # # Host specific functions # tftp 69/udp finger 79/tcp link 87/tcp ttylink x400 103/tcp # ISO Mail x400-snd 104/tcp csnet-ns 105/tcp pop-2 109/tcp # Post Office uucp-path 117/tcp nntp 119/tcp usenet # Network News Transfer ntp 123/tcp # Network Time Protocol NeWS 144/tcp news # Window System # # UNIX specific services
# # these are NOT officially assigned # exec 512/tcp login 513/tcp shell 514/tcp cmd # no passwords used printer 515/tcp spooler # experimental courier 530/tcp rpc # experimental biff 512/udp comsat who 513/udp whod syslog 514/udp talk 517/udp route 520/udp router routed new-rwho 550/udp new-who # experimental rmonitor 560/udp rmonitord # experimental monitor 561/udp # experimental ingreslock 1524/tcp snmp 161/udp # Simple Network Mgmt Protocol snmp-trap 162/udp snmptrap # SNMP trap (event) messages
crsecacc 888/udp
?
Loading...
+ 25 hidden pages