does it mean that i wouldnt be able to telnet this arc? i have just 1 login (manage) user (like adm). actually i dont need dialin/dialout login users. so i have set all ports to network type (do i have to set SLOT:x/CON:1 to network type too? ).
Yes you can but that would mean that you will have all your users just do PPP and nothing else. What you have now guarantees you that ppp users will do only chap, however you could have non-ppp users such as login/terminal users who can use the system. If you setup all the users just as network users or if you setup all the ports just as network ports you can gurantee no one can the terminal/login thus stop all cleartext login.
-V
On 1/18/03 7:59 AM, "alex" <alex@wanex.ge> wrote:
so how can i disable cleartext logins?
How do you expect to do chap using terminal? Terminal is always cleartext authentication. You need to use a ppp client that supports chap (win2k. XP, etc) and dialin using ppp. That is how you do chap.
-V
On 1/18/03 7:14 AM, "alex" <alex@wanex.ge> wrote:
i enabled chap authentication on HiperARC by : SET PPP AUTHENTICATION_PREFERENCE CHAP and SET PPP RECEIVE_AUTHENTICATION CHAP but it doesnt seem to work. i dialed into HiperARC by HyperTerminal and got login prompt but not chap challenge.
how is it possible to enable chap authentication and disable pap? (i have HiperARC V4.1.59)
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
No - you can telnet, Telnet uses network connection not a modem port. The best thing in your case would be is to have all your users except the user adm and/or other login user setup as network users only. Also you should setup your telnet host list that allows you to telnet to your hiper arc only from your network. -V On 1/18/03 9:18 AM, "alex" <alex@wanex.ge> wrote:
does it mean that i wouldnt be able to telnet this arc? i have just 1 login (manage) user (like adm). actually i dont need dialin/dialout login users. so i have set all ports to network type (do i have to set SLOT:x/CON:1 to network type too? ).
Yes you can but that would mean that you will have all your users just do PPP and nothing else. What you have now guarantees you that ppp users will do only chap, however you could have non-ppp users such as login/terminal users who can use the system. If you setup all the users just as network users or if you setup all the ports just as network ports you can gurantee no one can the terminal/login thus stop all cleartext login.
-V
On 1/18/03 7:59 AM, "alex" <alex@wanex.ge> wrote:
so how can i disable cleartext logins?
How do you expect to do chap using terminal? Terminal is always cleartext authentication. You need to use a ppp client that supports chap (win2k. XP, etc) and dialin using ppp. That is how you do chap.
-V
On 1/18/03 7:14 AM, "alex" <alex@wanex.ge> wrote:
i enabled chap authentication on HiperARC by : SET PPP AUTHENTICATION_PREFERENCE CHAP and SET PPP RECEIVE_AUTHENTICATION CHAP but it doesnt seem to work. i dialed into HiperARC by HyperTerminal and got login prompt but not chap challenge.
how is it possible to enable chap authentication and disable pap? (i have HiperARC V4.1.59)
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
i tested everything possible but againg got text login maybe its really radius problem anyway thanks for help ----- Original Message ----- From: "Ved" <ved@iyka.com> To: <usr-tc@mailman.xmission.com> Sent: Sunday, January 19, 2003 02:45 PM Subject: Re: [USR-TC] Unable to CHAP
No - you can telnet, Telnet uses network connection not a modem port. The best thing in your case would be is to have all your users except the user adm and/or other login user setup as network users only. Also you should setup your telnet host list that allows you to telnet to your hiper arc only from your network.
-V
On 1/18/03 9:18 AM, "alex" <alex@wanex.ge> wrote:
does it mean that i wouldnt be able to telnet this arc? i have just 1 login (manage) user (like adm). actually i dont need dialin/dialout login users. so i have set all ports to network type (do i have to set SLOT:x/CON:1 to network type too? ).
Yes you can but that would mean that you will have all your users just do PPP and nothing else. What you have now guarantees you that ppp users will do only chap, however you could have non-ppp users such as login/terminal users who can use the system. If you setup all the users just as network users or if you setup all the ports just as network ports you can gurantee no one can the terminal/login thus stop all cleartext login.
-V
On 1/18/03 7:59 AM, "alex" <alex@wanex.ge> wrote:
so how can i disable cleartext logins?
How do you expect to do chap using terminal? Terminal is always cleartext authentication. You need to use a ppp client that supports chap (win2k. XP, etc) and dialin using ppp. That is how you do chap.
-V
On 1/18/03 7:14 AM, "alex" <alex@wanex.ge> wrote:
i enabled chap authentication on HiperARC by : SET PPP AUTHENTICATION_PREFERENCE CHAP and SET PPP RECEIVE_AUTHENTICATION CHAP but it doesnt seem to work. i dialed into HiperARC by HyperTerminal and got login prompt but not chap challenge.
how is it possible to enable chap authentication and disable pap? (i have HiperARC V4.1.59)
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
i'm having a strange problem... i have a hiper nmc that i can only connect to from the same network as the total control chassis. i have the snmp strings correct and i have tried having no specific stations listed as allowed and tried specifically listing the stations that can't connect from other places. one other stupid question, i haven't setup an nmc from scratch in a long time...what do i put in the lan ip and what do i put in the wan ip? i think i might have flipped the numbers? should i enabled routing between the lan and wan? it is a very simple setup and i'm not doing anything fancy. matthew
On Sun, 19 Jan 2003, matthew wrote:
i have a hiper nmc that i can only connect to from the same network as the total control chassis.
Do you have the default gateway set? Lack of a gateway would cause such a problem... Charles
i have the snmp strings correct and i have tried having no specific stations listed as allowed and tried specifically listing the stations that can't connect from other places.
one other stupid question, i haven't setup an nmc from scratch in a long time...what do i put in the lan ip and what do i put in the wan ip?
i think i might have flipped the numbers?
should i enabled routing between the lan and wan?
it is a very simple setup and i'm not doing anything fancy.
matthew
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
I double checked, the gateway is set o.k. i can't think of anything else. matthew At 01:11 AM 1/20/2003 -0500, Charles Sprickman wrote:
On Sun, 19 Jan 2003, matthew wrote:
i have a hiper nmc that i can only connect to from the same network as the total control chassis.
Do you have the default gateway set? Lack of a gateway would cause such a problem...
Charles
i have the snmp strings correct and i have tried having no specific stations listed as allowed and tried specifically listing the stations that can't connect from other places.
one other stupid question, i haven't setup an nmc from scratch in a long time...what do i put in the lan ip and what do i put in the wan ip?
i think i might have flipped the numbers?
should i enabled routing between the lan and wan?
it is a very simple setup and i'm not doing anything fancy.
matthew
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
matthew de Jongh president the spa! internet voice (413) 539-9818 www.the-spa.com
participants (4)
-
alex -
Charles Sprickman -
matthew -
Ved