Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (ASCEND) initial menu & ppp startup & no cmdline
disclaimer: i'm attempting to answer these questions based on my
experience with a max4048, which i'm assuming is similar to
a max2000. if i'm wrong, just hit "d" now. :)
karl@deas.harvard.edu wrote:
]
]Ideally, what I'd like is this:
]1) such users get a login/password prompt when they connect (not the
] system password).
i believe what you're looking for here is
Ethernet -> Mod config -> Tserv options -> Security = Full
]2) they then see an initial menu listing some hosts and `start ppp' as options.
we do something very similar via radius, such as:
Ascend-Menu-Item = "telnet;Enter telnet mode",
Ascend-Menu-Item = "ppp;Start PPP",
which allows users to either start ppp, or enter telnet mode....
nothing else. you could go a step further by changing
the telnet option(s) to be something like
"telnet www.xxx.yyy.zzz;Telnet to host1",
]3) they can't switch out of that menu to get to the command line.
]4) the users are defined through radius, not on the max itself.
correct...
]I guess my most important question is
]How to enable ppp from the terminal server (i.e., unframed for
]radius-defined users?
i believe what you're looking for here is
Ethernet -> Mod config -> Tserv options -> PPP = Yes
and also a line in the radius entry such as:
Framed-Protocol = MPP,
]And my secondary questions are
]- is it possible to define `start ppp' as a menu option in any way other
] than through an explicit ascend-menu-item for every user?
only if you define it on the max itself, which you said you didn't
want to do.
]- is it possible to disable the 0 option in any way other than through
] ascend-menu-item? The docs sure seem to say initialscrn=menu and
] togglescrn=no should do it, but they don't.
i'm not sure what you're referring to with that one... might be something
different between the 2000 and 4048. actually, i bet it's because
your using the "ascend menus" instead of defining your own like above.
]- When I try ppp from the command line that I shouldn't have been able to
] get to, it says `Requested Service Not Authorized'.
]- And, there's no way to specify start ppp in the menu that I can see.
yeah... you need that PPP=Yes set. if you can't do it from the term
server command line, you won't be able to do it from the menu either.
the menu is just a front end to command line commands. you also
probably need the "Framed-Protocol = MPP," (or similar) in your
radius profile.
]b) So I try a more complicated radius entry, like this:
]karl2 Password = "pw"
] Ascend-Menu-Item = "myhost;myhost",
] Ascend-Menu-Item = "ppp;start ppp",
] Ascend-Assign-IP-Pool = 1
]- Still with initial scrn=menu and toggle scrn=no.
]- Now when I login as karl2 the 0 option does not work, this is good.
ahhh... yes... that's because the 0 option is inherently included if
you let the max make up it's own menus as your previous example.
]- But the ppp option still fails, as expected, `Requested Service Not
] Authorized'.
as above... you need that PPP=Yes setting and the radius attribute.
also, your first menu option needs to be a command... "myhost" is
not a command, "telnet myhost" is.
hope that gives you a tip that gets you headed in the right direction.
___________________________________________________________________________
Joe Pautler, E.I.T. University at Buffalo
CIT/OSS Network Engineering 224 Computing Center
http://www.oss.buffalo.edu/~pautler (716) 645-3536
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.nealis.net/ascend/faq>
References: