ACCESSBUILDERÔ SECURITY
PACKAGE -- NETWARE/WORKGROUP
USER GUIDE
Software Version 1.2
Part No. 09-0704-001
Published May 1995
ACCESSBUILDER SECURITY
PACKAGE -- NETWARE/WORKGROUP
USER GUIDE
(Software Version 1.2)
CONTENTS
1
2
INTRODUCTION
General Information 1–1
1.1. Three Security Client Types 1–1
NetWare Applications 1–2
Workgroup Applications 1–2
1.2. Compatibility 1–2
1.3. Limitations 1–3
NOVELL NETWARE
BINDERY/NDS SECURITY CLIENTS
2.1 Overview 2–1
2.2. Installation 2–1
SNDS Usage 2–5
2.3. De-installation 2–5
2.4. AccessBuilder Configuration 2–6
2.5. Usage 2–6
Client 2–6
3
ACCESSBUILDER NAME SERVER
3.1. Overview 3–1
3.2. Installation Steps 3–2
SUN OS 4.1x Installation 3–2
DOS Installation 3–3
Launching the Name Server 3–3
3.3. Command Options 3–4
3.4. Database Conversion 3–4
3.5. AccessBuilder Configuration 3–5
4
NAME SERVER DATABASE UTILITIES
4.1. General Information 4–1
4.2. User Record Contents 4–1
4.3. The Database Utilities User Interface 4–2
4.4. The Main Menu 4–2
Add a User Record 4–2
Modify User Record 4–3
Delete User Record 4–3
Display User Records 4–3
Save User Records into ASCII Files 4–4
Backup Database 4–5
Restore Database 4–5
Change Database Password 4–6
4.5. PATH 4–6
A DATABASE UTILITIES ERROR MESSAGES
B NAME SERVER ERROR MESSAGES
C TECHNICAL SUPPORT
LIMITED WARRANTY
INTRODUCTION
1
General The AccessBuilder Security Package is a model for flexible multi-vendor
Information security interoperation that is consistent with preliminary IETF (Internet
Engineering Task Force) work. The AccessBuilder Security Package software
provides the network administrator with the means to control network
access by remote users through an existing network security mechanism.
The AccessBuilder Security Package model allows integration of Novell
NetWare security solutions while keeping the AccessBuilder open to future
security options. The AccessBuilder Security Client is thus designed for
maximum flexibility and investment protection for 3Com AccessBuilder
customers.
This document provides an overview of the Novell NetWare Bindery/NDS
Security, a description of the installation procedures, and a summary of
limitations.
Also provided is documentation and installation procedures for
AccessBuilder Name Server, a self-contained security database operating on
a Sun workstation. The AccessBuilder Name Server has application in a
wide variety of workgroup environments.
1.1. Three
Security Client
Types
The AccessBuilder Security Package - NetWare/Workgroup Version 1.2
software provides compatibility with two major types of Novell
network-based user authentication environments and one self-contained
security database package:
■
AccessBuilder Security Client for Novell NetWare Bindery Services
AccessBuilder Security Client for Novell NetWare Directory Services
AccessBuilder Name Server for networks running SunOS 4.1.x
■
■
1-2
CHAPTER 1: INTRODUCTION
The AccessBuilder Security Package - NetWare/Workgroup software
modules are designed to reside on their respective server or client
workstations where they provide the appropriate agent software to
interface between the AccessBuilder and the respective security server or
database.
NetWare The AccessBuilder Security Client for Novell NetWare Bindery/NDS Security
Applications Clients work with the AccessBuilder server software Version 5.0 (or later) to
enable remote user access authentication to be handled automatically from
an existing Novell security database. The AccessBuilder login/password
information is validated directly against the selected Novell security service.
Each version is furnished on a single diskette.
The AccessBuilder Security Client for Novell NetWare bindery/NDS uses a
designated user database maintained by Novell NetWare Bindery or
NetWare Directory Services. It is designed to perform the authentication
process using these services.
Workgroup The “AccessBuilder Name Server” module executes on a Sun Sparc station
Applications running SunOS 4.1.x to provide integrated LAN-based security through its
own user database. The security database can then be used for automatic
validation of remote users logging into one or more AccessBuilder. This
software module is intended to reside on a network node where the
AccessBuilder can query the security database through the AccessBuilder
UDP/IP-based protocol. Also, a set of tools for managing the security
database is provided to facilitate database administration.
1.2.
Compatibility
The AccessBuilder Security Client for Novell NetWare works with
AccessBuilder server software version 5.0 or later and Remote Client
software version 5.0 or later.
1.3. Limitations
1-3
Table 1-1 AccessBuilder Server and Security Client Version Compatibility Matrix
Security Clients
1.0
1.2
4.0
4.1
5.0
●
●
●
1.3. Limitations
Novell NetWare Security Client related limitations include:
ARA and PPP clients using CHAP authentication are not supported
■
Limitations applying to both NetWare Security Client and Name Server
include:
■
■
No space characters are allowed in the user ID and password fields
When the AccessBuilder (Version 5.0) Security Access feature is enabled,
the user id and password fields are case sensitive. Also, when the remote
client is using the AccessBuilder Remote Client software, version 5.0 or
later must be used.
1-4
CHAPTER 1: INTRODUCTION
NOVELL NETWARE
BINDERY/NDS SECURITY
CLIENTS
2
2.1 Overview
If you are not using the Novell NetWare Bindery/NDS Security Client, you
may skip this section.
The NDS (Netware Directory Services) Security Client is a Novell NLM that
runs on Novell Netware Server 4.X.
The Bindery Security Client is a Novell NLM runs on Novell NetWare Server
3.11 or 4.X.
When a remote user dials into an AccessBuilder and provides the login
information, the AccessBuilder server generates a validation request to the
Bindery/NDS Security Client. The Bindery/NDS Security Client then initiates
an authentication session with the Novell Netware server Bindery/NDS
services. Based on the result of the authentication session, the Bindery/NDS
security Client sends a validation response back to the AccessBuilder server
and indicates to the user that the authentication has failed or passed.
2.2. Installation
To install the Bindery/NDS Security Client on a NetWare server, perform the
following steps (on the object server):
1 Verify that TCPIP NLM is running (by verifying the autoexec.ncf file).
If not, verify that Ethernet_II frame type is used. Bind IP to Ethernet_II frame
type. Following this, at the server prompt load TCPIP NLM.
The following are examples of an autoexec.ncf file which loads NetWare
Bindery Services, and NetWare Directory Services security clients:
2-2
CHAPTER 2: NOVELL NETWARE BINDERY/NDS SECURITY CLIENTS
(NetWare Bindery example)
set Time Zone = PST8PDT
set Daylight Savings Time Offset = 1:00:00
set Start Of Daylight Savings Time = (APRIL SUNDAY FIRST 2:00:00 AM)
set End Of Daylight Savings Time = (OCTOBER SUNDAY LAST 2:00:00 AM)
set Default Time Server Type = SINGLE
set Bindery Context = O=b010
file server name SATURN
ipx internal net af0bfed9
load clib
load tcpip
load conlog
load 3C5X9 slot=5 frame=ETHERNET_802.2 NAME=3C5X9_1
bind IPX to 3C5X9_1 net=AA440000
load 3c5x9 slot=5 frame=ETHERNET_II name=3c5x9_2
bind ipx to 3c5x9_2 net=cc100001
load 3C5X9 slot=5 frame=ETHERNET_802.3 NAME=3C5X9_3
bind IPX to 3C5X9_3 net=AA330000
load 3c5x9 slot=5 frame=ETHERNET_SNAP name=3c5x9_4
bind ipx to 3c5x9_4 net=AA550000
bind IP to 3c5x9_2 addr=192.147.72.3 mask=255.255.255.0
set maximum concurrent directory cache writes = 50
set maximum directory cache buffers = 4000
load cpqhlth
load cdrom
cpqsnmp
mount all
unload conlog
load monitor
#######################################################################
# AccessBuilder NetWare Security Client Software
#######################################################################
load sbindery 3com
2.2. Installation
2-3
(NetWare Directory example)
set Time Zone = PST8PDT
set Daylight Savings Time Offset = 1:00:00
set Start Of Daylight Savings Time = (APRIL SUNDAY FIRST 2:00:00 AM)
set End Of Daylight Savings Time = (OCTOBER SUNDAY LAST 2:00:00 AM)
set Default Time Server Type = SINGLE
set Bindery Context = O=b010
file server name SATURN
ipx internal net af0bfed9
load clib
load tcpip
load conlog
load 3C5X9 slot=5 frame=ETHERNET_802.2 NAME=3C5X9_1
bind IPX to 3C5X9_1 net=AA440000
load 3c5x9 slot=5 frame=ETHERNET_II name=3c5x9_2
bind ipx to 3c5x9_2 net=cc100001
load 3C5X9 slot=5 frame=ETHERNET_802.3 NAME=3C5X9_3
bind IPX to 3C5X9_3 net=AA330000
load 3c5x9 slot=5 frame=ETHERNET_SNAP name=3c5x9_4
bind ipx to 3c5x9_4 net=AA550000
bind IP to 3c5x9_2 addr=192.147.72.3 mask=255.255.255.0
set maximum concurrent directory cache writes = 50
set maximum directory cache buffers = 4000
load cpqhlth
load cdrom
cpqsnmp
mount all
unload conlog
load monitor
load dsapi
#######################################################################
# AccessBuilder NetWare Security Client Software
#######################################################################
load snds 3com
2 For NetWare Directory Services, be sure the line load dsapi.nlm occurs
before load snds.nlm (AccessBuilder Security Client).
3 Add a UDP port for the Bindery/NDS Security Client into \etc\services with
the service name "crsecacc", 888 is the default port number in the
AccessBuilder server.
ex. add "crsecacc 888/udp" at the bottom of \etc\services as shown in the
following example:
2-4
CHAPTER 2: NOVELL NETWARE BINDERY/NDS SECURITY CLIENTS
(\etc\services example)
# SYS:ETC\SERVICES
#
#
#
Network service mappings. Maps service names to transport
protocol and transport protocol ports.
#
echo
7/tcp
discard
systat
daytime
netstat
ftp-data
ftp
telnet
smtp
time
9/tcp
sink null
11/tcp
13/tcp
15/tcp
20/tcp
21/tcp
23/tcp
25/tcp
37/udp
42/udp
43/tcp
53/tcp
101/tcp
111/udp
mail
timserver
nameserver
nicname
name
whois
domain
hostnames
sunrpc
#
# usually to sri-nic
# usually to sri-nic
hostname
# Host specific functions
#
tftp
finger
link
69/udp
79/tcp
87/tcp
ttylink
x400
103/tcp
104/tcp
105/tcp
109/tcp
117/tcp
119/tcp
123/tcp
144/tcp
# ISO Mail
x400-snd
csnet-ns
pop-2
uucp-path
nntp
ntp
NeWS
# Post Office
usenet
news
# Network News Transfer
# Network Time Protocol
# Window System
#
# UNIX specific services
#
# these are NOT officially assigned
#
exec
512/tcp
513/tcp
514/tcp
515/tcp
530/tcp
512/udp
513/udp
514/udp
517/udp
520/udp
550/udp
560/udp
561/udp
1524/tcp
161/udp
162/udp
888/udp
login
shell
cmd
# no passwords used
printer
courier
biff
spooler# experimental
rpc
comsat
whod
# experimental
who
syslog
talk
route
router routed
new-who
rmonitord
new-rwho
rmonitor
monitor
ingreslock
snmp
# experimental
# experimental
# experimental
# Simple Network Mgmt Protocol
# SNMP trap (event) messages
snmp-trap
crsecacc
?
snmptrap
2.3. De- installation
2-5
You may need to unload, then reload NetWare server to make the changes
take effect.
4 Insert the distribution diskette into the floppy drive and load the
AccessBuilder Security Client for Bindery (sbindery.nlm) or for NDS
(snds.nlm) -- (depending upon your NetWare Server's version and which
service is used).
:load sbindery 3com
where sbindery is NLM name for AccessBuilder Security Client for Novell
NetWare Bindery. 3com is the default password for AccessBuilder Security
Client.
:load snds 3com
where snds is NLM name for AccessBuilder Security Client for Novell
NetWare Directory Services. 3com is the default password for the
AccessBuilder Security Client.
SNDS Usage Optionally, SNDS may also take context_name as a parameter for remote
access authorization control. For example:
load snds security_password(key) /C:context_name [generic form]
load snds 3com /C:HQ.MyCompany [example]
SNDS will authenticate the remote user against the HQ.MyCompany context
so only user names assigned to that context will be successfully
authenticated. Other users will be denied.
If the context name is not specified in the loading command, SNDS will
authenticate the remote user against the default bindery context.
2.3. De-
installation
To remove the AccessBuilder Security Client function from the NetWare
Server, enter:
:unload sbindery
or
:unload snds
2-6
CHAPTER 2: NOVELL NETWARE BINDERY/NDS SECURITY CLIENTS
2.4.
AccessBuilder
Configuration
Before running the Bindery/NDS Security Client, you will need to configure
the following parameters in the AccessBuilder server:
1) SecurityServerType,
2) SecurityPasswd,
3) ScrtyClIpAddr,
4) ScrtyClUdpPort if necessary, and
5) Time Zone.
Be sure to enter the correct Security Client password which is shared by
AccessBuilder server and AccessBuilder Security Client. The Security
password for the AccessBuilder server should match the password used at
the client security server (3Com is the default value).
The Bindery/NDS Security Client logs the user login records in the
absecure.log file under the NetWare server root directory.
2.5. Usage
Client At the AccessBuilder client site, the Novell NetWare login convention may
be used. For example:
login: ServerName/UserName
password: ********
can be used to do authentication with Bindery Security Client for the
specified Novell NetWare server with Bindery service. For NDS Security
Client, users log into a network instead of a specified server. For
authentication purposes, the UserName is adequate. For example:
login: UserName
password: ********
ACCESSBUILDER NAME SERVER
3
3.1. Overview
The AccessBuilder “Name Server” software module is intended to reside on
a network node (Sun SPARCstation) and includes a security database
management program and a security name server program that interface
with AccessBuilders.
If you are not using the 3Com provided Name Server on a Sun SPARCstation,
you may skip this section.
Figure 3-1 illustrates the data flow during the authentication process
initiated by a remote client:
1 When a remote user dials into the AccessBuilder and provides the
appropriate login information.
2 The AccessBuilder generates a Validation Request to the Database Name
Server.
3 The AccessBuilder Name Server then initiates a database lookup request.
4 User database has retrieved the user record and delivered it to the
AccessBuilder Name Server.
5 The AccessBuilder Name Server then sends a validation response and user
data back to the AccessBuilder.
6 The AccessBuilder then receives the Validation Response and performs a
final check before allowing the remote client to access the network.
3-2
CHAPTER 3: ACCESSBUILDER NAME SERVER
Figure 3-1 Security Access Data Flow and Steps
3.2. Installation
Steps
The AccessBuilder Name Server is distributed on two floppy diskettes; one
for SUN OS 4.1x tar file format, and the other in standard DOS file format.
Refer to the following installation section for your environment.
SUN OS 4.1x
Installation
1 Install the files on the AccessBuilder Name Server distribution diskette (this
diskette contains three files, aceclnt, dbutil, and dbcnvt):
a On your Sun workstation, call up the target directory:
cd (target directory)
b Insert the distribution diskette into the floppy drive and copy the files on
the diskette to your target directory:
tar xvf /dev/rfd0
2 Change the access right to the distribution files to 7555:
3.2. Installation Steps
3-3
chmod 7555 files
3 Change the ownership of the distribution files to root:
chown root files
4 Assign a UDP port for AccessBuilder Name Server:
Edit the /etc/services file to add the following entry:
crsecacc
888/udp
#AccessBuilder security access
If the UDP port 888 is used by other application, you may assign an unused
UDP port number. Make sure the UdpPort parameter in AccessBuilder is set
to the same number.
5 Run the dbutil program to build the user database. Refer to Section 3 for
further information.
DOS Installation To install from the DOS format diskette, perform the following:
1 Insert the DOS diskette into the floppy drive on your PC.
2 Run ftp to transfer the three distribution files from the diskette to the target
directory on a Sun workstation.
3 Perform steps 4 and 5 as described above.
Launching the
Name Server
1 Invoke the AccessBuilder Name Server program.
a Add the directory where the dbserver resides to the path.
Start the AccessBuilder Name Server program:
# dbserver
The AccessBuilder Name Server logs the user login records in the
dbserver.log file which can be used to monitor the transaction status.
A list of error messages may be found in Appendix B.
3-4
CHAPTER 3: ACCESSBUILDER NAME SERVER
3.3. Command
Options
With Name Server Release 1.2, the ‘dbserver’ can run from ‘/etc/rc’ file
without user interactions. This makes it possible for the ‘dbserver’ to run
automatically when UNIX boots up.
The command options for dbserver are:
dbserver [-d] [-p password] [-n/-y]
where:
-d -- The -d option enables the Name Server to print out trace
information on the standard output and to save trace information into
the log file ‘dbserver.log’.
-p password -- is used as the encryption key by the Name Server to
encrypt messages between Name Server and AccessBuilder. This
password has to be the same as the ‘Security Parameter’ of the
AccessBuilder. The default password is ‘3com’.
-y/-n -- The -y option allows the user to change the user password, while
the -n option disables changing the user password. The default is ‘-y’.
3.4. Database
Conversion
The following information applies only to users having an existing Name
Server 1.0 database. If you do not have an existing version 1.0 database, skip
this section.
Because Name Server release 1.2 produces the ‘password.db’ file in a
different format from the previous release, it is necessary to convert your
existing version 1.0 ‘password.db’ file into the new file format. The command
‘dbcnvt’ is provided for this purpose.
Before running the dbcnvt command, make sure that the dbcnvt command
resides in the same directory as the ‘password.db’ file, or the environment
variable DBPATH is set to the name of the directory where the ‘password.db’
file is located. To run dbcnvt, enter the command name the UNIX SHELL
prompt and follow the prompt to enter the database password.
3.5. AccessBuilder Configuration
3-5
3.5.
AccessBuilder
Configuration
In order for the AccessBuilder to work with the Name Server client, the
following parameters in the AccessBuilder (under the admin directory) must
be set to work properly:
1 SecurityServerType
Set this parameter to AB (AccessBuilder Name Server).
2 SecurityPasswd
This parameter has to be the same as the ‘-p password’ command option to
’dbserver’. The default value is 3com.
3 ScrtyClntIpAddr
This parameter is set to the IP address of the UNIX workstation which runs
the Name Server.
4 ScrtyClntUdpPort
This parameter has to be set to the same UDP port number as the ‘crsecacc’
entry of the /etc/services file. The default value is 888.
5 Date
This parameter is set to the current date.
6 Time
This parameter is set to the current time.
These steps may be performed using the Security Clients Parameters dialog
box in Transcend AccessBuilder Manager.
3-6
CHAPTER 3: ACCESSBUILDER NAME SERVER
NAME SERVER DATABASE
UTILITIES
4
4.1. General
Information
The AccessBuilder Name Server Database Utilities (dbutil) are a collection of
tools that enable management of a user database on a Sun Workstation
under SUN OS 4.1.x. Keeping the user database on SUN workstation has two
advantages:
a The system administrator can better manage the user database because
there is only one copy of database to deal with as opposed to one
database per AccessBuilder Server.
b The database can store hundreds of thousands of user records in order
to satisfy the needs of an enterprise network, where there are a large
number of remote users.
4.2. User Record
Contents
The User database contains a set of user records. Each user record contains
information on a remote user who accesses AccessBuilder Server. A user
record is composed of four elements of information:
1 The user's name,
2 login password,
3 privilege and
4 callback number.
The user's name is the key of a user record, and therefore must be unique.
All information except the callback number are mandatory, which means
this information must be supplied when adding a user record to the
database.
4-2
CHAPTER 4: NAME SERVER DATABASE UTILITIES
There is a limited length of information that can input for each piece of
information. The user name can contain up to 64 characters. The password
can have up to 32 characters. The callback number can have up to 16
characters.
4.3. The
The Database Utilities provide a character based, menu driven user
interface. Users interact with menu commands to perform database
operations such as query, add, update, delete, backup and restore.
Database
Utilities User
Interface
4.4. The Main
Menu
When the Database Utilities start up, the Main menu is displayed as shown:
***** Main Menu *****
1) Add User Record
2) Modify User Record
3) Delete User Record
4) Display User Records
5) Save User Records into ASCII File
6) Backup Database
7) Restore Database
8) Change Database Password
9) Exit
Please enter your choice:
Add a User Record You can add a user record to the database by selecting '1' from the main
menu. You will be prompted to enter information on the user's name,
password, privilege and callback number. All information except the
callback number are mandatory.
Please enter your choice: 1
User Name: demouser
User Password:
Privilege, (1) for User, (2) for Administrator: 1
Callback #:
4.4. The Main Menu
4-3
Modify User Record
You can modify a user record in the database by selecting 2 from the Main
menu. You are then prompted to enter the user's name. If the user's name is
in the database, the Utilities display the current information and prompt
you to make modifications. You may elect to skip changes by pressing the
Enter key at the prompt.
Please enter your choice: 2
User Name: demouser
Please enter new password or press enter to skip changes:
The user privilege is: user,
please enter privilege or press enter to skip changes.
(1) for User, (2) for Administrator: 2
The user callback # is: 150,
please enter callback # or press enter to skip changes: 8941800
Delete User Record You can delete a user record from the database by selecting 3 from the
Main menu. You are then prompted to enter the user's name. If the user's
name is in the database, the Utilities will prompt you to confirm the
deletion of the user record.
Please enter your choice: 3
User Name: demouser
Do you really want to delete the user "demouser" from the database? (y/n) y
Display User By selecting item 4 from the Main menu, you are offered four options:
Records
1 Display user records display a particular user,
2 Display users having a 'user' privilege,
3 Display users having 'admin' privilege,
4 Display all users.
4-4
CHAPTER 4: NAME SERVER DATABASE UTILITIES
The following screen shows the Display User Records option and all user
records with ‘user’ privilege.
***** Display User Record Menu *****
1) Display A User Record
2) Display User Records with User Privilege
3) Display User Records with Admin Privilege
4) Display All User Records
5) Return to Main Menu
Please enter your choice: 2
User Name
Privilege Callback #
---------------------------------------------------------------------
joe
john
(user) 8941801
(user) 8941812
Total 2 records found
Save User Records You can save the database information into ASCII files, which can then be
into ASCII Files viewed from a text editor or printed. By selecting item '5' from the Main
menu, you have three options to save user records:
1 Save user records with the 'user' privilege,
2 Save user records with the 'admin' privilege,
3 Save all user records.
4.4. The Main Menu
4-5
The following screen shows the Save User Records menu command and the
contents of the ASCII file containing all the user records.
***** Save User Record Menu *****
1) Save User Records with User Privilege
2) Save User Records with Admin Privilege
3) Save All User Records
4) Return to Main Menu
Please enter your choice: 3
The contents of ASCII file:
User Name
Privilege
Callback #
---------------------------------------------------------------------
joe
john
(user)
(user)
8941801
8941812
Total 2 records found
Backup Database This menu command allows you to backup database into a specified
database name. Since the database includes three related files, this
command eliminates the need to back up three individual files.
Please enter your choice: 6
Please enter database name for backup: all
Backup database...
Restore Database This menu command allows the you to restore the database from a backup
database. Precaution should be taken with this command, because restore
will overwrite the existing database with the backup database.
Please enter your choice: 7
Please enter database name for restore: all
Restoring database will overwrite existing database.
Do you wish to continue? y/n y
Restore database...
4-6
CHAPTER 4: NAME SERVER DATABASE UTILITIES
Change Database This menu command enables you to change database password. Since
Password every user's password in the database is encrypted with database password,
precaution should be taken with this command, especially when the
dbserver daemon is running.
After changing the database password, terminate and restart the dbserver
daemon so that the user login request can be properly authenticated.
Please enter your choice: 8
Please note that if dbserver is currently running, after changing
database password, dbserver will not be able to authenticate user login
properly.
Please terminate and restart dbserver after database password has
changed.
Do you wish to continue? (y/n) y
Old database password:
New database password:
Confirm database password:
Updating database...
4.5.PATH
When dbutil starts, it checks for the setting of environment variable
"DBPATH" to determine the directory to create or to open database files. If
the variable is set, it assumes that the database is under the DBPATH
directory. Otherwise, it assumes that the database files are under the
directory where dbutil starts.
A list of dbutil error messages may be found in Appendix A.
DATABASE UTILITIES ERROR
MESSAGES
A
The following table defines the error messages displayed by the Name
Server Database Utilities(dbutil) when exception conditions arise. Each error
message is accompanied with the possible causes of the error and solutions
to the problem.
Message
Number
dbutil Error Messages
DES initialization failed.
1
Cause:
Software internal error.
Solution: Call tech support.
2
Database initialization failed.
Cause:
File access permission errors.
Solution: Make sure that the user has permission to access all three files:
'helperdb.nx', 'helperdb.dt' and 'password.db' under $DBPATH directory or under
current directory if DBPATH environment variable is not set.
3
The user record already exists.
Cause:
In adding a user record, entry of a user name which already exists in the
database has been attempted.
Solution: Make sure to enter a unique user name or to choose "Modify User
Record" to modify existing information.
4
5
The user record doesn't exist.
Cause:
In updating or deleting a user record, entry of a user name which
doesnot exist in the database has been attempted.
Solution: Enter a user name which already in the database.
Failed to update user record.
Cause:
dbutil was not able to update a user record due to internal errors.
Call tech support.
Solution:
A-2
APPENDIX A: DATABASE UTILITIES ERROR MESSAGES
Message
Number
dbutil Error Messages
6
Failed to delete user record.
Cause:
dbutil was not able to delete a user record due to internal errors.
Call tech support.
Solution:
7
The database password file does not exist.
Cause:
dbutil was not able to locate the password file, however, user record files
do exist.
Solution:
Make sure DBPATH is set properly or starts dbutil from where the
password file is located.
8
Unable to create password file.
Cause:
dbutil was not able to create password file most likely due to a
permission problem.
Solution:
Make sure that the user has permission to write to the file
'password.db'.
9
Incorrect password, exit dbutil.
Cause:
The user has entered password incorrectly three times.
Solution: Enter the correct password.
10
Unable to create user record file.
Cause:
dbutil was not able to create user record file most likely due to
permission problem.
Solution:
Make sure that the user has permission to write to the files 'helperdb.nx'
and 'helperdb.dt'.
11
12
Unable to open user record file.
Cause:
dbutil was not able to open user record file most likely due to
permission problem.
Solution:
Make sure that the user has permission to open the files 'helperdb.nx'
and 'helperdb.dt'.
Unable to create xxx file.
Cause:
In saving database into ASCII file, dbutil was not able to create user
specified file 'xxx' file most likely due to permission problem.
Solution:
Make sure that the user has permission to write to the files 'xxx'.
NAME SERVER ERROR MESSAGES
B
Messages shown in the log file:
Message
Number
Name Server Log File Error Message
1
Abnormal exit\n
Recommended Action: Call 3COM Technical Support.
2
Out of memory when allocating request data.
Recommended Action: Call 3COM Technical Support.
3
Protocol Error (<error code>).
Recommended Action: Call 3COM Technical Support.
4
Version number Error (<error code>).
Recommended Action: Call 3COM Technical Support.
5
Command Error (<error code>).
Recommended Action: Call 3COM Technical Support.
6
Data length Error (<error code>).
Recommended Action: Call 3COM Technical Support.
7
Auth Type length Error (<error code>).
Recommended Action: Call 3COM Technical Support.
8
Auth Type data Error (<error code>).
Recommended Action: Call 3COM Technical Support.
9
User Id length Error (<error code>).
Recommended Action: Call 3COM Technical Support.
10
11
Challenge length Error ().
Recommended Action: Call 3COM Technical Support.
Wrong option type (<error code>).
Recommended Action: Call 3COM Technical Support.
B-2
APPENDIX B: NAME SERVER ERROR MESSAGES
Message
Number
Name Server Log File Error Message
12
13
14
15
16
17
18
Total length error (<error code>).
Recommended Action: Call 3COM Technical Support.
Current Time length Error (<error code>).
Recommended Action: Call 3COM Technical Support.
Incorrect option fields in the packet(<error code>).
Recommended Action: Call 3COM Technical Support.
Incorrect option fields not in the packet(<error code>).
Recommended Action: Call 3COM Technical Support.
DES decode input length error (<error code>).
Recommended Action: Call 3COM Technical Support.
Recoverable software error.
Recommended Action: Call 3COM Technical Support.
DES decode input length error (<error code>).
Recommended Action: Call 3COM Technical Support.
19
20
Wrong Encrypted Key from user <user id>.
Recommended Action: Verify the Name Server has the same password shared by the
AccessBuilder.
Inconsistant time stamp (may be a replay request or misconfigured password).
Recommended Action: Verify the Name Server has the same password shared by the
AccessBuilder.
21
22
23
Wrong Encrypted New Key from user <user id>.
Recommended Action: None. User has entered an invalid password.
Encrypt New Key appeared for Validation Request Packet.
Recommended Action: None. User has requested changing his/her password.
Check password configuration.
Recommended Action: Name Server is set to not allow the user to change his/her
own password, and a user has attempted to change his/her password.
24
Time skew in the incoming packet is too large.
Recommended Action: Verify the time setting on AccessBuilders and Name Server
machine is set up correctly.
B-3
Message
Number
Name Server Log File Error Message
25
UTC time not available.
Recommended Action: Verify the time setting on the Name Server machine is set up
correctly.
26
27
Duplicate time stamp used from user <user id> (could be a replay packet).
Recommended Action: This may be a replay packet. Check if any user is injecting
traffic to the network.
Duplicate sequence number used from user <user id> (could be a replay packet).
Recommended Action: This may be a replay packet. Check if any user is injecting
traffic to the network.
28
29
30
31
32
Authtication failed from user <user id>.
Recommended Action: None. For information only.
Authtication passed from user <user id>.
Recommended Action: None. For information only.
Authtication request from user <user id>.
Recommended Action: None. For information only.
Authtication request failed from an invalid user <user id>.
Recommended Action: None. For information only.
Change password failed from user <user id>.
Recommended Action: None. For information only.
33
34
35
Change password passed from user <user id>
Recommended Action: None. For information only.
Out of memory when allocating request data.
Recommended Action: Make sure the system has at least 1MByte memory available.
No such service: crsecacc/udp. Check /etc/services file.
Recommended Action: Make sure the /etc/services file has crsecacc entry. Also make
sure no other Name Server is running on the same machine.
36
37
Cannot get UDP socket.
Recommended Action: Make sure the /etc/services file has crsecacc entry. Also make
sure no other Name Server is running on the same machine.
Cannot bind UDP socket.
Recommended Action: Make sure the /etc/services file has crsecacc entry. Also make
sure no other Name Server is running on the same machine.
B-4
APPENDIX B: NAME SERVER ERROR MESSAGES
Message
Number
Name Server Log File Error Message
38
Send response failed.
Recommended Action: Make sure the network connection is healthy.
39
Receive Error.
Recommended Action: Make sure the network connection is healthy.
Messages displayed on the terminal:
Message
Number
Name Server Terminal Error Message
1
2
3
Cannot open log file.
Recommended Action: Make sure you have write access to the right
directory.
DES initialization Error!
Recommended Action: Make sure there is at least 1M bytes of memory
available.
UDP socket creation/binding Error!
Recommended Action: Make sure the /etc/services file has a crsecacc
entry. Also make sure no other Name Server is running on the same
machine.
TECHNICAL SUPPORT
C
3Com provides easy access to technical support information through a
variety of services. This appendix describes these services.
On-line Technical
Services
3Com offers worldwide product support seven days a week, 24 hours a day,
through the following on-line systems:
■
■
3Com Bulletin Board Service (3ComBBS)
World Wide Web site
■
■
Ask3ComSM on CompuServeÒ
3ComFactsSM automated fax service
3Com Bulletin 3ComBBS contains patches, software, and drivers for all 3Com products, as
Board Service
well as technical articles. This service is available via modem seven days a
week, 24 hours a day. To reach the service, set your modem to 8 data bits,
no parity, and 1 stop bit. Call the telephone number nearest you:
Country
Australia
France
Baud Rate
Telephone Number
up to 14400 baud (61) (2) 955 2073
up to 14400 baud (33) (1) 69 86 69 54
Germany
up to 9600 baud
up to 9600 baud
(49) (89) 627 32 188
(49) (89) 627 32 189
Hong Kong
Italy (fee required)
Japan
up to 14400 baud (852) 537 5601
up to 9600 baud (39) (2) 273 00680
up to 14400 baud (81) (3) 3345 7266
up to 14400 baud (65) 534 5693
Singapore
Taiwan
up to 14400 baud (886) (2) 377 5838
(886) (2) 377 5840
U.K.
U.S.
up to 14400 baud (44) (144) 227 8278
up to 14400 baud (1) (408) 980 8204
C-2
APPENDIX C: TECHNICAL SUPPORT
World Wide Web Site Access the latest networking information on 3Com’s World Wide Web site by
entering our URL into your Internet browser:
This service features news and information about 3Com products, customer
service and support, 3Com’s latest news releases, selected articles from
3TECHÔ, 3Com’s award-winning technical journal, and more.
Ask3Com on Ask3Com is a CompuServe-based service containing patches, software,
CompuServe drivers, and technical articles about all 3Com products, as well as an
interactive forum for technical questions. To use Ask3Com, you need a
CompuServe account.
To use Ask3Com:
1 Log on to CompuServe.
2 Enter go threecom
3 Press [Return] to see the Ask3Com main menu.
3ComFacts 3Com Corporation’s interactive fax service, 3ComFacts, provides data sheets,
Automated Fax technical articles, diagrams, and troubleshooting instructions on 3Com
Service products 24 hours a day, seven days a week. Within this service, you may
choose to access CardFactsÒ for adapter information, or NetFactsÒ for
network system product information.
■
CardFacts provides adapter installation diagrams, configuration drawings,
troubleshooting instruction, and technical articles.
Document 9999 provides you with an index of adapter documents.
■
NetFacts provides data sheets and technical articles on 3Com Corporation’s
hub, bridge, router, terminal server, and software products.
Document 8888 provides you with an index of system product documents.
Call 3ComFacts using your touch-tone telephone. International access
numbers are:
Support from Your Network Supplier
C-3
Country
Hong Kong
U.K.
Fax Number
(852) 537 5610
(44) (144) 227 8279
(1) (408) 727 7021
U.S.
Local access numbers are available within the following countries:
Country
Australia
Denmark
Finland
Fax Number
800 123853
800 17319
Country
Fax Number
Italy
1678 99085
Netherlands 06 0228049
98 001 4444
05 90 81 58
0130 8180 63
Norway
Sweden
U.K.
800 11062
France
020 792954
0800 626403
Germany
Support from Your
Network Supplier
If additional assistance is required, contact your network supplier. Many
suppliers are authorized 3Com service partners who are qualified to provide
a variety of services, including network planning, installation, hardware
maintenance, application training, and support services.
When you contact your network supplier for assistance, have the following
information ready:
■
Diagnostic error messages
■
■
A list of system hardware and software, including revision levels
Details about recent configuration changes, if applicable
If you are unable to contact your network supplier, see the following section
on how to contact 3Com.
C-4
APPENDIX C: TECHNICAL SUPPORT
Support from
3Com
If you are unable to receive support from your network supplier, technical
support contracts are available from 3Com.
In the U.S. and Canada, call (800) 876-3266 for customer service.
If you are outside the U.S. and Canada, contact your local 3Com sales office
to find your authorized service provider:
Country
Telephone Number
Country
Mexico
Telephone Number
(525) 531 0591
Australia (Sydney) (61) (2) 959 3020
(Melbourne) (61) (3) 653 9515
Netherlands
Singapore
South Africa
Spain
(31) (3) 402 55033
(65) 538 9368
Belgium
Brazil
(32) (2) 7164880
(55) (11) 241 1571
(905) 882 9964
(27) (11) 803 7404
(34) (1) 3831700
(46) (8) 632 91 00
(886) (2) 577 4352
Canada
France
(33) (1) 69 86 68 00
(49) (89) 6 27 32 0
(852) 868 9111
Sweden
Germany
Hong Kong
Italy
Taiwan
United Arab Emirates (971) (4) 349049
(39) (2) 273 02041
(81) (3) 3345 7251
U.K.
U.S.
(44) (1628) 897000
(1) (408) 492 1790
Japan
Returning
A product sent directly to 3Com for repair must first be assigned a Return
Products for Repair Materials Authorization (RMA) number. A product sent to 3Com without an
RMA number will be returned to the sender unopened, at the sender’s
expense.
To obtain an RMA number, call or fax:
Country
Telephone Number
(800) 876 3266, option 2
(44) (1442) 278000
Fax Number
U.S. and Canada
Europe
(408) 764 7120
(44) (1442) 236824
(1) (408) 764 7290
Outside Europe, U.S. and Canada (1) (408) 492 1790
4/4/95
LIMITED WARRANTY
HARDWARE:3Com warrants its hardware products to be free from defects in workmanship and materials, under normal use and service, for the
following lengths of time from the date of purchase from 3Com or its Authorized Reseller:
Internetworking products
Network adapters
One year
Lifetime
Ethernet stackable hubs and
Unmanaged Ethernet fixed port repeaters
Lifetime* (One year if not registered)
*Power supply and fans in these stackable hubs and unmanaged repeatersOne year
Other hardware products
Spare parts and spares kits
One year
90 days
If a product does not operate as warranted during the applicable warranty period, 3Com shall, at its option and expense, repair the defective
product or part, deliver to Customer an equivalent product or part to replace the defective item, or refund to Customer the purchase price paid
for the defective product. All products that are replaced will become the property of 3Com. Replacement products may be new or
reconditioned. Any replaced or repaired product or part has a ninety (90) day warranty or the remainder of the initial warranty period,
whichever is longer.
3Com shall not be responsible for any software, firmware, information, or memory data of Customer contained in, stored on, or integrated with
any products returned to 3Com pursuant to any warranty.
SOFTWARE: 3Com warrants that the software programs licensed from it will perform in substantial conformance to the program specifications
therefor for a period of ninety (90) days from the date of purchase from 3Com or its Authorized Reseller. 3Com warrants the magnetic media
containing software against failure during the warranty period. No updates are provided. 3Com's sole obligation hereunder shall be (at 3Com's
discretion) to refund the purchase price paid by Customer for any defective software products, or to replace any defective media with software
which substantially conforms to 3Com's applicable published specifications. Customer assumes responsibility for the selection of the
appropriate applications program and associated reference materials. 3Com makes no warranty that its software products will work in
combination with any hardware or applications software products provided by third parties, that the operation of the software products will be
uninterrupted or error free, or that all defects in the software products will be corrected. For any third party products listed in the 3Com
software product documentation or specifications as being compatible, 3Com will make reasonable efforts to provide compatibility, except
where the non-compatibility is caused by a “bug” or defect in the third party's product.
STANDARD WARRANTY SERVICE: Standard warranty service for hardware products may be obtained by delivering the defective product,
accompanied by a copy of the dated proof of purchase, to 3Com's Corporate Service Center or to an Authorized 3Com Service Center during
the applicable warranty period. Standard warranty service for software products may be obtained by telephoning 3Com's Corporate Service
Center or an Authorized 3Com Service Center, within the warranty period. Products returned to 3Com's Corporate Service Center must be
pre-authorized by 3Com with a Return Material Authorization (RMA) number marked on the outside of the package, and sent prepaid, insured,
and packaged appropriately for safe shipment. The repaired or replaced item will be shipped to Customer, at 3Com's expense, not later than
thirty (30) days after receipt by 3Com.
WARRANTIES EXCLUSIVE: IF A 3COM PRODUCT DOES NOT OPERATE AS WARRANTED ABOVE, CUSTOMER’S SOLE REMEDY SHALL BE REPAIR,
REPLACEMENT, OR REFUND OF THE PURCHASE PRICE PAID, AT 3COM’S OPTION. THE FOREGOING WARRANTIES AND REMEDIES ARE EXCLUSIVE
AND ARE IN LIEU OF ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, EITHER IN FACT OR BY OPERATION OF LAW, STATUTORY OR OTHERWISE,
INCLUDING WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 3COM NEITHER ASSUMES NOR AUTHORIZES ANY
OTHER PERSON TO ASSUME FOR IT ANY OTHER LIABILITY IN CONNECTION WITH THE SALE, INSTALLATION, MAINTENANCE OR USE OF ITS
PRODUCTS.
3COM SHALL NOT BE LIABLE UNDER THIS WARRANTY IF ITS TESTING AND EXAMINATION DISCLOSE THAT THE ALLEGED DEFECT IN THE
PRODUCT DOES NOT EXIST OR WAS CAUSED BY CUSTOMER'S OR ANY THIRD PERSON'S MISUSE, NEGLECT, IMPROPER INSTALLATION OR
TESTING, UNAUTHORIZED ATTEMPTS TO REPAIR, OR ANY OTHER CAUSE BEYOND THE RANGE OF THE INTENDED USE, OR BY ACCIDENT, FIRE,
LIGHTNING, OR OTHER HAZARD.
LIMITATION OF LIABILITY: IN NO EVENT, WHETHER BASED IN CONTRACT OR TORT (INCLUDING NEGLIGENCE) SHALL 3COM BE LIABLE FOR
INCIDENTAL, CONSEQUENTIAL, INDIRECT, SPECIAL, OR PUNITIVE DAMAGES OF ANY KIND, OR FOR LOSS OF REVENUE, LOSS OF BUSINESS, OR
OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE SALE, INSTALLATION, MAINTENANCE, USE, PERFORMANCE, FAILURE, OR
INTERRUPTION OF ITS PRODUCTS, EVEN IF 3COM OR ITS AUTHORIZED RESELLER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES
Some states do not allow the exclusion of implied warranties or the limitation of incidental or consequential damages for consumer products,
so the above limitations and exclusions may not apply to you. This warranty gives you specific legal rights which may vary from state to state.
GOVERNING LAW: This Limited Warranty shall be governed by the laws of the state of California.
3Com Corporation
5400 Bayfront Plaza
Santa Clara, CA 95052-8145
(408) 764-5000
1/1/94
|