ACCESSBUILDER SECURITY
PACKAGE -- NETWARE/WORKGROUP
USER GUIDE
Software Version 1.2
Part No. 09-0704-001
Published May 1995
3Com Corporation ■ 5400 Bayfront Plaza ■ Santa Clara, California ■ 95052-8145
3Com Corporation, 1994. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make
any derivative work (such as translation, transformation, or adaptation) without permission from 3Com Corporation.
3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time without obligation on the
part of 3Com Corporation to provide notification of such revision or change.
3Com Corporation provides this documentation without warranty of any kind, either implied or expressed, including, but not limited to, the
implied warranties of merchantability and fitness for a particular purpose. 3Com may make improvements or changes in the product(s) and/or
the program(s) described in this documentation at any time.
UNITED STATES GOVERNMENT LEGENDS:
If you are a United States government agency, then this documentation and the software described herein are provided to you subject to the
following restricted rights:
For units of the Department of Defense:
Restricted Rights Legend: Use, duplication or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) (1) (ii) for
restricted Rights in Technical Data and Computer Software clause at 48 C.F.R. 52.227-7013. 3Com Corporation, 5400 Bayfront Plaza, Santa Clara,
California 95052-8145.
For civilian agencies:
Restricted Rights Legend: Use, reproduction or disclosure is subject to restrictions set forth in subparagraph (a) through (d) of the Commercial
Computer Software - Restricted Rights Clause at 48 C.F.R. 52.227-19 and the limitations set forth in 3Com;s standard commercial agreement for
the software. Unpublished rights reserved under the copyright laws of the United States.
3ComFacts, Ask3Com, CardFacts, NetFacts, and CardBoard are service marks of 3Com Corporation.
3Com, AccessBuilder, LanScanner, LinkBuilder, NETBuilder, NETBuilder II, ViewBuilder, EtherDisk, EtherLink, EtherLink Plus, EtherLink II, TokenLink,
TokenLink Plus, and TokenDisk are registered trademarks of 3Com Corporation. 3Com Laser Library, 3TECH, Boundary Routing, CacheCard,
FDDILink,NetProbe, Parallel Tasking, SmartAgent, Star-Tek, and Transcend are also trademarks of 3Com Corporation.
CompuServe is a registered trademark of CompuServe, Inc.
Other brand and product names may be registered trademarks or trademarks of their respective holders.
Guide written and produced by Gary Halverson.
ACCESSBUILDER SECURITY
PACKAGE -- NETWARE/WORKGROUP
USER GUIDE
3.2. Installation Steps 3–2
SUN OS 4.1x Installation 3–2
DOS Installation 3–3
Launching the Name Server 3–3
3.3. Command Options 3–4
3.4. Database Conversion 3–4
3.5. AccessBuilder Configuration 3–5
4NAME SERVER DATABASE UTILITIES
4.1. General Information 4–1
4.2. User Record Contents 4–1
4.3. The Database Utilities User Interface 4–2
4.4. The Main Menu 4–2
Add a User Record 4–2
Modify User Record 4–3
Delete User Record 4–3
Display User Records 4–3
Save User Records into ASCII Files 4–4
Backup Database 4–5
Restore Database 4–5
Change Database Password 4–6
4.5. PATH 4–6
ADATABASE UTILITIES ERROR MESSAGES
BNAME SERVER ERROR MESSAGES
CTECHNICAL SUPPORT
LIMITED WARRANTY
1
INTRODUCTION
General
Information
The AccessBuilder Security Package is a model for flexible multi-vendor
security interoperation that is consistent with preliminary IETF (Internet
Engineering Task Force) work. The AccessBuilder Security Package software
provides the network administrator with the means to control network
access by remote users through an existing network security mechanism.
The AccessBuilder Security Package model allows integration of Novell
NetWare security solutions while keeping the AccessBuilder open to future
security options. The AccessBuilder Security Client is thus designed for
maximum flexibility and investment protection for 3Com AccessBuilder
customers.
This document provides an overview of the Novell NetWare Bindery/NDS
Security, a description of the installation procedures, and a summary of
limitations.
Also provided is documentation and installation procedures for
AccessBuilder Name Server, a self-contained security database operating on
a Sun workstation. The AccessBuilder Name Server has application in a
wide variety of workgroup environments.
1.1. Three
Security Client
Types
The AccessBuilder Security Package - NetWare/Workgroup Version 1.2
software provides compatibility with two major types of Novell
network-based user authentication environments and one self-contained
security database package:
■AccessBuilder Security Client for Novell NetWare Bindery Services
■AccessBuilder Security Client for Novell NetWare Directory Services
■AccessBuilder Name Server for networks running SunOS 4.1.x
1-2CHAPTER 1: INTRODUCTION
The AccessBuilder Security Package - NetWare/Workgroup software
modules are designed to reside on their respective server or client
workstations where they provide the appropriate agent software to
interface between the AccessBuilder and the respective security server or
database.
NetWare
Applications
Workgroup
Applications
The AccessBuilder Security Client for Novell NetWare Bindery/NDS Security
Clients work with the AccessBuilder server software Version 5.0 (or later) to
enable remote user access authentication to be handled automatically from
an existing Novell security database. The AccessBuilder login/password
information is validated directly against the selected Novell security service.
Each version is furnished on a single diskette.
The AccessBuilder Security Client for Novell NetWare bindery/NDS uses a
designated user database maintained by Novell NetWare Bindery or
NetWare Directory Services. It is designed to perform the authentication
process using these services.
The “AccessBuilder Name Server” module executes on a Sun Sparc station running SunOS 4.1.x to provide integrated LAN-based security through its
own user database. The security database can then be used for automatic
validation of remote users logging into one or more AccessBuilder. This
software module is intended to reside on a network node where the
AccessBuilder can query the security database through the AccessBuilder
UDP/IP-based protocol. Also, a set of tools for managing the security
database is provided to facilitate database administration.
1.2.
Compatibility
The AccessBuilder Security Client for Novell NetWare works with
AccessBuilder server software version 5.0 or later and Remote Client
software version 5.0 or later.
1.3. Limitations1-3
Table 1-1 AccessBuilder Server and Security Client Version Compatibility Matrix
Security Clients
1.01.2
4.0
4.1●
5.0●●
1.3. LimitationsNovell NetWare Security Client related limitations include:
■ARA and PPP clients using CHAP authentication are not supported
Limitations applying to both NetWare Security Client and Name Server
include:
■No space characters are allowed in the user ID and password fields
■When the AccessBuilder (Version 5.0) Security Access feature is enabled,
the user id and password fields are case sensitive. Also, when the remote
client is using the AccessBuilder Remote Client software, version 5.0 or
later must be used.
1-4CHAPTER 1: INTRODUCTION
NOVELL NETWARE
2
2.1 Overview
BINDERY/NDS SECURITY
CLIENTS
If you are not using the Novell NetWare Bindery/NDS Security Client, you
may skip this section.
The NDS (Netware Directory Services) Security Client is a Novell NLM that
runs on Novell Netware Server 4.X.
The Bindery Security Client is a Novell NLM runs on Novell NetWare Server
3.11 or 4.X.
When a remote user dials into an AccessBuilder and provides the login
information, the AccessBuilder server generates a validation request to the
Bindery/NDS Security Client. The Bindery/NDS Security Client then initiates
an authentication session with the Novell Netware server Bindery/NDS
services. Based on the result of the authentication session, the Bindery/NDS
security Client sends a validation response back to the AccessBuilder server
and indicates to the user that the authentication has failed or passed.
2.2. InstallationTo install the Bindery/NDS Security Client on a NetWare server, perform the
following steps (on the object server):
1 Verify that TCPIP NLM is running (by verifying the autoexec.ncf file).
If not, verify that Ethernet_II frame type is used. Bind IP to Ethernet_II frame
type. Following this, at the server prompt load TCPIP NLM.
The following are examples of an autoexec.ncf file which loads NetWare
Bindery Services, and NetWare Directory Services security clients:
set Time Zone = PST8PDT
set Daylight Savings Time Offset = 1:00:00
set Start Of Daylight Savings Time = (APRIL SUNDAY FIRST 2:00:00 AM)
set End Of Daylight Savings Time = (OCTOBER SUNDAY LAST 2:00:00 AM)
set Default Time Server Type = SINGLE
set Bindery Context = O=b010
file server name SATURN
ipx internal net af0bfed9
load clib
bind ipx to 3c5x9_2 net=cc100001
load 3C5X9 slot=5 frame=ETHERNET_802.3 NAME=3C5X9_3
bind IPX to 3C5X9_3 net=AA330000
load 3c5x9 slot=5 frame=ETHERNET_SNAP name=3c5x9_4
bind ipx to 3c5x9_4 net=AA550000
bind IP to 3c5x9_2 addr=192.147.72.3 mask=255.255.255.0
set maximum concurrent directory cache writes = 50
set maximum directory cache buffers = 4000
load cpqhlth
load cdrom
cpqsnmp
mount all
unload conlog
load monitor
#######################################################################
# AccessBuilder NetWare Security Client Software
#######################################################################
load sbindery 3com
2.2. Installation2-3
(NetWare Directory example)
set Time Zone = PST8PDT
set Daylight Savings Time Offset = 1:00:00
set Start Of Daylight Savings Time = (APRIL SUNDAY FIRST 2:00:00 AM)
set End Of Daylight Savings Time = (OCTOBER SUNDAY LAST 2:00:00 AM)
set Default Time Server Type = SINGLE
set Bindery Context = O=b010
file server name SATURN
ipx internal net af0bfed9
load clib
bind ipx to 3c5x9_2 net=cc100001
load 3C5X9 slot=5 frame=ETHERNET_802.3 NAME=3C5X9_3
bind IPX to 3C5X9_3 net=AA330000
load 3c5x9 slot=5 frame=ETHERNET_SNAP name=3c5x9_4
bind ipx to 3c5x9_4 net=AA550000
bind IP to 3c5x9_2 addr=192.147.72.3 mask=255.255.255.0
set maximum concurrent directory cache writes = 50
set maximum directory cache buffers = 4000
load cpqhlth
load cdrom
cpqsnmp
mount all
unload conlog
load monitor
# SYS:ETC\SERVICES
#
#Network service mappings. Maps service names to transport
#protocol and transport protocol ports.
#
echo7/tcp
discard9/tcpsink null
systat11/tcp
daytime13/tcp
netstat15/tcp
ftp-data20/tcp
ftp21/tcp
telnet23/tcp
smtp25/tcpmail
time37/udptimserver
name42/udpnameserver
whois43/tcpnicname# usually to sri-nic
domain53/tcp
hostnames101/tcphostname# usually to sri-nic
sunrpc111/udp
#
# Host specific functions
#
tftp69/udp
finger79/tcp
link87/tcpttylink
x400103/tcp# ISO Mail
x400-snd104/tcp
csnet-ns105/tcp
pop-2109/tcp# Post Office
uucp-path117/tcp
nntp 119/tcp usenet# Network News Transfer
ntp123/tcp# Network Time Protocol
NeWS144/tcpnews# Window System
#
# UNIX specific services
#
# these are NOT officially assigned
#
exec512/tcp
login513/tcp
shell514/tcpcmd# no passwords used
printer515/tcpspooler # experimental
courier530/tcprpc# experimental
biff512/udpcomsat
who513/udpwhod
syslog514/udp
talk517/udp
route520/udprouter routed
new-rwho550/udpnew-who# experimental
rmonitor560/udprmonitord# experimental
monitor561/udp# experimental
ingreslock 1524/tcp
snmp161/udp# Simple Network Mgmt Protocol
snmp-trap162/udpsnmptrap# SNMP trap (event) messages
crsecacc 888/udp
?
Loading...
+ 25 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.