[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference irocz::terminal_servers

Title:Terminal Servers
Notice:See Note 2 for Directory of important notes. Please use keywords.
Moderator:LAVC::CAHILLON
Created:Tue May 14 1991
Last Modified:Fri Jun 06 1997
Last Successful Update:Fri Jun 06 1997
Number of topics:3547
Total number of notes:12300

3446.0. "Security: useraccounts and dedicated service" by MUNICH::BLASCH () Mon Feb 24 1997 15:36

Hi,

there's a customer who plans to connect a dial-in/dial-out modem to
a DECserver 900 GM port.

He wants the terminalserver to prompt a dial-in user for a username
and password. 
Depending on the user logging in the server should 
	- connect the user to a dedicated service 
	- put the user to the Local> prompt
	- initiate a callback

Is this possible?

My first answer to this question was no, but then I read about the
local access server security.
Is it possible to get the above mentioned functionality by creating
local useraccounts on the server ?

I found that I can specify "login" as access parameter for a useraccount.
The manual says for "login": "user will be connected to a dedicated host"
But where do I define to which dedicated host the user will be connected?
Can I define it locally at the terminalserver?

Any ideas?

Birgit Blasch
Digital Service Center Munich
T.RTitleUserPersonal
Name		DateLines
3446.1DNAS and DRAS = great solutionCSC32::R_BUCKAuthenticated and assimilatedMon Feb 24 1997 19:068
    Take a look at the combination of DNAS V2.0 (or greater), and DRAS. 
    DRAS is the RADIUS security option.  It allows a level of granularity
    that would satisfy the stated needs.   Web site www-ra.lkg.dec.com is a
    great place to start for information and kits.  Note file
    IROCZ::NETRIDER tends to be the best place to discuss DNAS and DRAS.
    
    Randall Buck
    MCS - Network Support
3446.2IROCZ::D_NELSONDave Nelson LKG1-3/A11 226-5358Mon Feb 24 1997 19:1211
RE: .0, .1

The authorization attributes you can specify for local UserAccounts on the
DECserver are a subset of those possible in RADIUS.  AS Randall states in .1,
if the UserAccount feature in DNAS is not flexible enough, then use a
RADIUS server, like our DRAS product.

Regards,

Dave
3446.3MUNICH::BLASCHTue Feb 25 1997 13:0811
    re .1, .2
    
    Just to be sure I understood everything:
    
    I can't derive the needed functionality by using only local security
    of the Terminalserver.
    I (or better the customer) need additional software like Radius.
    
    Right?
    
    Birgit
3446.4IROCZ::D_NELSONDave Nelson LKG1-3/A11 226-5358Tue Feb 25 1997 13:2334
RE: .3
    
>    Right?
 
Right.

The help screen for UserAccounts shows you what items can be associated with
a local user.  Note that the name of a remote host is not available.  It is
in RADIUS.

DEFINE/SET/CHANGE USERACCOUNT

Sets up a database for a user account for authentication and authorization.

{SET   } USERACCOUNT name [ENABLE|DISABLE]
{DEFINE}                  [PASSWORD [quoted-string]]
{CHANGE}                  [[MAX] CONNECT {minutes|NONE}]
                          [ACCESS {FRAMED|LOCAL|LOGIN|NONE}]
                          [CALLBACK {ENABLE|DISABLE}]
                          [PERMISSIONS ({[DIALBACK|NODIALBACK]
                                         [DIALOUT|NODIALOUT]
                                         [LAT|NOLAT]
                                         [TELNET|NOTELNET]
                                         [SLIP|NOSLIP]
                                         [PPP|NOPPP]
                                         [PRIVILEGED|NOPRIVILEGED]})
                          [DIALOUT NUMBER {quoted-string|uppercase|ANY|NONE}]
                          [DIALOUT SERVICE {uppercase-name|NONE}]
                          [DIALBACK [NUMBER] {quotedstring|uppercase|ANY|NONE}]

Regards,

Dave