LDAD System Manager's Manual

6.0 Hardware Configuration

6.1 Hardware Architecture

6.1.1 LAN Hub

The LDAD LAN hub is a Plaintree Model 1018 workgroup ethernet switch with 16 10BaseT ports and 2 100BASE-TX uplink ports. The 1018 provides LAN connectivity for the LDAD Hewlett Packard (H.P.) D270 server, the LDAD terminal server, and the external interface of the LDAD firewall. Additional ports are provided in order to connect other local WFO systems.

Figure 6.1 Plaintree 1018

6.1.2 Terminal Server

The LDAD Terminal Server is a Xyplex MAXserver 40 (Model 1640) which provides an ethernet interface for connection to the LDAD LAN and 40 serial ports for connections to LDAD communications devices. Each serial port can be configured to a maximum speed of 57,600 bits per second
The terminal server is used to connect 10 dial in/dial out modems (including MicroArt and ASOS), 4 dedicated modems, a DTMF-ASCII converter, a FAX modem, a ROSA modem and various console connections. Port assignments are shown on the right. Please note that console connections for the LDAD D270 server and LDAD LAN hub are not shown in this table, but may be included in the final configuration. The LDAD terminal server is configured with a minimum of 13 IP addresses, which must be assigned in the address space in which the site LDAD resides. First, a single IP address is used to address the terminal server as a whole. Next, an individual and unique IP address is used to address each individual port from port 1 through port 8 and port 21 through 24.		Port	Function
		1	Used for dial-out to devices configured for 7 bits, even parity
		2	Used for dial-out to devices configured for 8 bits, no parity
		3	First dial in line, 8 bits, no parity
		4	Second dial in line, 8 bits, no parity
		5	Third dial in line, 8 bits, no parity
		6	Fourth dial in line, 8 bits, no parity
		7	Fifth dial in line, 8 bits, no parity
		8	Sixth dial in line, 8 bits, no parity
		9	MicroArt Modem
		10	ASOS Modem
		19	DTMF-ASCII Converter
		21	First Dedicated Modem
		22	Second Dedicated Modem
		23	Third Dedicated Modem
		24	Fourth Dedicated Modem
		30	Fax Modem
		37	ROSA Modem
For port 1, the IP address is named "7e1out" within the LDAD site and is used to access a dial out port configured properly for communications with older devices that utilize 7 bit even parity communications configurations. A good example of this type of configuration would be LARC gauge communications. The IP address assigned to port 2 within the LDAD site is named "8n1out" and is used in much the same way as the port 1 IP address. In this case, the modem connected to port 2 is configured for 8 bit no parity communications. More modern communications equipment is usually configured in this manner. The IP addresses assigned to ports 3 through 8 are used by dial-in users who wish to establish direct TCP communications via PPP to the LDAD LAN.

6.1.3 Modem Nest

The LDAD Modem nest is the Motorola Modulus 21 chassis provided for the internal AWIPS radar modems. All dial-in/dial-out and dedicated modems used in LDAD, with the exception of the FAX modem and ROSA modem, reside in this chassis.

Figure 6.2 Motorola Modulus 21 & Assoc. Backplane

6.1.4 Dedicated Modems

6.1.5 Dial-In/Dial-Out Modems

6.1.6 Fax Modem

6.1.7 ROSA Modem

6.1.8 DTMF<->ASCII Converter

6.1.9 Firewall

Figure 6.3 H-P Netserver E40

The LDAD Firewall functions are provided by a TIS Gauntlet Firewall. This firewall is an H-P NetServer E40 running BSDI 3.0 UNIX operating system. The TIS Gauntlet Firewall application on this unit is configured to provide security to internal AWIPS resources. The LDAD firewall allows transparent application proxy access outbound from the AWIPS site for protocols such as telnet, rlogin, remsh, ftp, and http, but is configured to allow only the specific LDAD site to access internal AWIPS resources in a controlled fashion. In addition, packet filters are configured on the LDAD firewall that allow specific direct port communications between the LDAD server and the AWIPS site internal data servers.

6.1.10 LDAD Server

The LDAD server function is met by an H-P Model D270 server. The LDAD server provides the focal point for all external communications between the AWIPS site and the community, functioning as a communications pass-through device for all incoming and outgoing data. In addition, the LDAD server provides a Web server accessible by the public and emergency managers, where text, binary, and graphics output products are placed for access by these parties. The LDAD server also provides a bulletin board service for LDAD dial-in users where products can be viewed and/or downloaded. Accounts on the LDAD server are given to emergency managers and personnel external to AWIPS who require the capability to access NWS data or to upload products for use by the AWIPS site.

Figure 6.4 H-P D270 Server

6.2 LDAD LAN Hub Configuration

 Up Time 64:22:07:35     Plaintree Systems WaveSwitch 1018 System Manager       
+-------------------+
| System            |
| Interface Stats   |
| Configure         |
| Top Conversations |
| Erase NV Store    |
+-------------------+





 F1/^W:Quit

Figure 6.5 1018 System Manager Screen Shot

 Up Time 64:22:22:23     Plaintree Systems WaveSwitch 1216 System Manager       
+--------------------------Management Configuration----------------------------+
|                                                                              |
| IP address:              x.x.x.10                                            |
| Default gateway address: x.x.x.254                                           |
| Number of subnet bits:   8                     Subnet Mask: 255.255.255.0    |
|                                                                              |
| Name:     lhub1-(site).somewhere.rainbow.gov                                 |
|                                                                              |
| Location: Omaha  WSFO                                                        |
|                                                                              |
| Contact:  maintenance@ncf.awips.noaa.gov                                     |
|                                                                              |
|---------------------------Management Communities-----------------------------|
| ncf-read-write 0.0.0.0                                                       |
|                                                                              |
|                                                                              |
|                                                                              |
|------------------------------Trap Communities--------------------------------|
|                                                                              |
|                                                                              |
|                                                                              |
+------------------------------------------------------------------------------+
 F1/^W:Menus  F2/^E:Commit Changes  TAB:Next Field

Figure 6.6 1018 System Configure Screen Shot

6.3 LDAD Terminal Server Configuration

This installation procedure is valid through LDAD Version 4.2, and includes the following capabilities. Port counts can be expanded as needed.

The following configuration information is required for a successful terminal server configuration. Please fill in the applicable blanks and utilize this information for the Xyplex Terminal server configuration. Example answers are given in parentheses.

General Information:

Site Name (nhda)__________________________

IP Domain of Site (over.rainbow.net)____________________

IP Subnet (140.90.91.0)__________________________

Subnet Mask (255.255.255.0)__________________________

DNS Server IP Address (140.90.21.193)__________________________

Default Gateway IP Address (140.90.91.1)__________________________

1640 Access Password (4ruy8)__________________________

1640 Priviledged Password (nick8y7)__________________________

Radius Authentication Secret Password (1nhda3)__________________________

IP addresses are required for use by the LDAD site terminal server. These IP addresses must reside on the selected LDAD site IP address space, be reserved for this use, and should also be entered in the site's DNS server tables. In all cases ".full.domain.name" refers to the domain name of the LDAD site.

Use /
Assigned to     DNS Host Name                   Address

Terminal
Server          lts1-(site).full.domain.name    ___.___.___.___

Port 1          7e1out.full.domain.name         ___.___.___.___

Port 2          8n1out.full.domain.name         ___.___.___.___

Port 3          dialin1.full.domain.name        ___.___.___.___

Port 4          dialin2.full.domain.name        ___.___.___.___

Port 5          dialin3.full.domain.name        ___.___.___.___

Port 6          dialin4.full.domain.name        ___.___.___.___

Port 7          dialin5.full.domain.name        ___.___.___.___

Port 8          dialin6.full.domain.name        ___.___.___.___

Port 21         dedicated1.full.domain.name     ___.___.___.___

Port 22         dedicated2.full.domain.name     ___.___.___.___

Port 23         dedicated3.full.domain.name     ___.___.___.___

Port 24         dedicated4.full.domain.name     ___.___.___.___

LDAD D270
Server          ls1-(site).full.domain.name     ___.___.___.___

6.4 LDAD Terminal Server Configuration Command Sequence

1. Ensure that terminal server ports are connected to all LDAD devices, including dial-out modems (ports 1 and 2), dial-in modems (ports 3 through 10), dedicated modems (ports 21 - 24), DTMF-ASCII converters (ports 19), ROSA modem (port 37), and FAX modem (port 30).
2. Default the terminal server configuration to ensure that no extraneous configuration information exists on the terminal server. Ensure that the terminal server software is version V6.0.3S7 or above. If terminal server software is not at this level, upgrade to a newer version of software.
3. Log in, set priv, and enter the following configuration information:

Xyplex>> set server change enabled
Xyplex>> define server change enabled
Xyplex>> define server packet count 250
Xyplex>> define server internet address (IP address of LDAD Terminal server)
Xyplex>> define server internet ip reassembly enabled
Xyplex>> define server internet tcp resequencing enabled
Xyplex>> define server internet subnet mask autoconfigure disabled
Xyplex>> define server internet subnet mask (subnet mask of LDAD site LAN)
Xyplex>> define server internet primary gateway address (default gateway IP address)
Xyplex>> define server internet primary domain address (DNS server IP address)
Xyplex>> define server internet default domain suffix (.full.domain.name)
Xyplex>> define server internet name (lts1-{site}.full.domain.name)
Xyplex>> define server internet domain ttl 60
Xyplex>> define server parameter server check disabled
Xyplex>> define server protocol ppp enabled
Xyplex>> define server apd enabled
Xyplex>> define server radius enabled
Xyplex>> define server accounting entries 500
Xyplex>> define server internet rotary (IP address of LDAD Terminal server) 0, 3-40
Xyplex>> define server internet rotary (IP address of 7e1out-{site}) 1
Xyplex>> define server internet rotary (IP address of 8n1out-{site}) 2
Xyplex>> define port 1-8,21-24 speed 57600
Xyplex>> define port 9-10,19 speed 9600
Xyplex>> define port 30 speed 38400
Xyplex>> define port 37 speed 300
Xyplex>> define port 1-10,19,21-24,30 modem control enabled
Xyplex>> define port 1-10,19,21-24,30 flow control cts
Xyplex>> define port 1 character size 7
Xyplex>> define port 1 parity even
Xyplex>> define port 1-2,9-10,19,30,37 access remote
Xyplex>> define port 9-10 local switch ^W
Xyplex>> define port all type ansi
Xyplex>> define port 9-10 type softcopy
Xyplex>> define port 9-10 preferred service telnet
Xyplex>> define port 1-10,19,21-24,37 autobaud disabled
Xyplex>> define port 1-10,19,21-24,37 broadcast disabled
Xyplex>> define port 1-8,19,21-24,30,37 outboundsecurity disabled
Xyplex>> define port 3-8,21-24 rlogin dedicated service (IP address of LDAD D270 server)
Xyplex>> define port 3-8,19,21-24,37 autoconnect enabled
Xyplex>> define port 3-8,19,21-24,37 autohangup enabled
Xyplex>> define port 1-8,19,21-24,37 line editor disabled
Xyplex>> define port 1-2,19,30 noloss enabled
Xyplex>> define port 1-8,19,21-24,37 internet tcp window size 1024
Xyplex>> define port 1-8,19,21-24,37 typeahead size 4096
Xyplex>> define port 3-8,21-24 rlogin transparent mode enabled
Xyplex>> define port 1-10,21-24 telnet terminal "vt100"
Xyplex>> define port 1-10,21-24 resolve service any_telnet
Xyplex>> define port 1-2 telnet remote 23
Xyplex>> define port 9-10,19,30,37 default session mode transparent
Xyplex>> define server login password "(1640 Access Password)"
Xyplex>> define server privileged password "(1640 Priviledged Password)"
Xyplex>> init delay 1

4. Wait until the terminal server reboots and reconnect. Log in, set priv, and enter the following configuration information:

Xyplex>> define server radius primary server (IP address of LDAD D270 server)
Xyplex>> define server radius logging enabled
Xyplex>> define server radius primary secret "(Radius Authentication Secret Password)"
Xyplex>> define po 3-8,21-24 apd interactive ppp
Xyplex>> define po 3-8,21-24 ppp pap radius enabled
Xyplex>> define po 3-8,21-24 ppp ip vj compression slots 15
Xyplex>> define po 3-8,21-24 dcd timeout 0
Xyplex>> define po 30 dcd timeout 10000
Xyplex>> define po 30 telnet terminaltype "vt100"
Xyplex>> define po 3-10,21-24 apd authentication interactive disabled
Xyplex>> define po 3 ppp ip remote address (IP address of dialin1.full.domain.name)
Xyplex>> define po 4 ppp ip remote address (IP address of dialin2.full.domain.name)
Xyplex>> define po 5 ppp ip remote address (IP address of dialin3.full.domain.name)
Xyplex>> define po 6 ppp ip remote address (IP address of dialin4.full.domain.name)
Xyplex>> define po 7 ppp ip remote address (IP address of dialin5.full.domain.name)
Xyplex>> define po 8 ppp ip remote address (IP address of dialin6.full.domain.name)
Xyplex>> define po 21 ppp ip remote address (IP address of dedicated1.full.domain.name)
Xyplex>> define po 22 ppp ip remote address (IP address of dedicated2.full.domain.name)
Xyplex>> define po 23 ppp ip remote address (IP address of dedicated3.full.domain.name)
Xyplex>> define po 24 ppp ip remote address (IP address of dedicated4.full.domain.name)
Xyplex>> lo po 3-10

5. Verify the server configuration by performing the following show commands and verifying each of the settings. Lines starting with "****" are comments that explain what settings to verify within the screen.

Xyplex>> show server

MX1640 V6.0.3S7 Rom 4B0000 HW 00.00.00 Lat Protocol V5.2 Uptime: 0 00:00:41
Address:   08-00-87-0C-AC-09   Name:   X0CAC09              Number:     0

Identification:  Xyplex Terminal Server
Welcome:         Welcome to the Xyplex Terminal Server.

Circuit Timer:            80           Password Limit:            3
Console Port:              0           Queue Limit:              24
Inactivity Timer:         30           Retransmit Limit:          8
Keepalive Timer:          20           Session Limit:            64
Multicast Timer:          30           Software:           XPCSRV20
Node Limit:              100           Identification Size:      63
Textpool Size:         16384           Timezone:              00:00
Accounting Entries:      500           Packet Count:            250
Nested Menu Size:          0           Menu Name:                  
Userdata Delay:           50
Service Groups: 0 
Time Server: 0.0.0.0          Disabled
Enabled Characteristics:
Announcements, Broadcast, Change, Console Logout, Dump, Lock,
TFTP Read Broadcasts, Purge Node
****verify packet count, accounting entries

Xyplex>> show server ip

MX1640 V6.0.3S7 Rom 4B0000 HW 00.00.00 Lat Protocol V5.2 Uptime: 0 00:03:18
Address:   08-00-87-0C-AC-09   Name:   X0CAC09              Number:     0

Identification:  Xyplex Terminal Server

Internet Address:           xxx.xx.xx.xx        Internet TTL:               64 
Internet Broadcast Address: 255.255.255.255     Translation Table TTL:      60 
Local Base:                 4000                Local Increment:           100
Routing Table Size:         64                  TCP Retransmit:            640
Domain Name:                LTS1-FSLC.FSL.NOAA.GOV
Default Domain Suffix:              .FSL.NOAA.GOV


Domain TTL:                 60                  IP Reassembly:          ENABLED
Primary Domain Address:     xxx.xx.xxx.xxx      TCP Resequencing:       ENABLED
Secondary Domain Address:   0.0.0.0             TCP Connect Timer:           32

Primary Gateway Address:    xxx.xx.xx.1      
Secondary Gateway Address:  0.0.0.0          
Gateway Timeout:            60 
Subnet Mask:                255.255.0.0      
Subnet Mask Auto-Configure: DISABLED

****verify IP address, domain name, default domain suffix, domain ttl,
primary domain address, primary gateway address, subnet mask, that subnet
mask autoconfigure is disabled, that Ip reassembly is enabled, and that
TCP resequencing is enabled.

Xyplex>> show server radius

MX1640 V6.0.3S7 Rom 4B0000 HW 00.00.00 Lat Protocol V5.2 Uptime: 0 00:07:03
                                                      20 Apr 1998  23:08:41

Radius Primary Server:     xxx.xx.xx.xx
Resolved Address:          xxx.xx.xx.xx       Secret:  CONFIGURED

Radius Secondary Server:   NONE
Resolved Address:          0.0.0.0            Secret:  DEFAULT

Radius Port Number:        1645               Request Timeout (sec):    5     
Radius Logging:            ENABLED            Chap Challenge Size:      16    
Radius Server Retries:     3     
Radius Ports Enabled:      3-10

Successful Logins:         0                  Configuration Failures:   0     
Authentication Failures:   0                  Policy Failures:          0     

Server access attempts:         Primary           Secondary
   Successful:                     0                  0     
   Failed:                         9                  0     
****verify Radius Primary server, radius ports enabled 3-10, and that
Secret shows "CONFIGURED".

Xyplex>> show ip rotary
        Round Robin search: ENABLED, Round Robin search
        Internet Address         Ports

         xxx.xx.xx.xx            0, 3-40
         xxx.xx.xx.xx            1
         xxx.xx.xx.xx            2
**verify that ports 0 and 3 through 40 are configured to utilize the IP
address of the terminal server. Verify that the configured IP address for
port 1 is the FQDN of the 7e1out host. Verify that the configured IP
address for port 2 is the FQDN for the 8n1out host.

6. Verify port 1 configuration.

Xyplex>> show po 1


Port 1:  (Remote)                         20 Apr 1998  23:11:46

Character Size:            7           Input Speed:       57600
Flow Control:            CTS           Output Speed:      57600
Parity:                 Even           Modem Control:   Enabled

Access:               Remote           Local Switch:       None
Backwards Switch:       None           Name:             PORT_1
Break:                 Local           Session Limit:         4
Forwards Switch:        None           Type:               Ansi
CCL Modem Speaker: Inaudible           CCL Name:           None
APD Timeout:       Unlimited           APD Default:      LOGOUT
APD:                Disabled
Dialout Action:       Logout
APD Authentication
Interactive Only:   Disabled

Preferred Service: None

Authorized Groups: 0
(Current)  Groups: 0

Enabled Characteristics:
Autoprompt,  Input Flow Control,  Internet Connections,  Loss Notification,
Message Codes,  Noloss,  Output Flow Control,  ULI,  Verification

****verify character size of 7, parity of even, flow control of CTS, input
and output speed of 57600, modem control is enabled, access is remote, apd
is disabled, and that noloss is enabled.

Xyplex>> show po 1 alt char


Port 1:  (Remote)                                     20 Apr 1998  23:17:53

Resolve Service:          Any_Lat     DTR wait:                    Disabled
Idle Timeout:                   0     Typeahead Size:                  4096
SLIP Address:             0.0.0.0     SLIP Mask:            255.255.255.255
Remote SLIP Addr:         0.0.0.0     Default Session Mode:     Interactive
TCP Window Size:             1024     Prompt:                        Xyplex
DCD Timeout:                 2000     Dialback Timeout:                  20
Stop Bits:                      1     Script Login:                Disabled
TCP Keepalive Timer:            0     Username Filtering:              None
Nested Menu:             Disabled     Nested Menu Top Level:              0
Command Size:                  80     Clear Security Entries:      Disabled
Rlogin Transparent Mode: Disabled     Login Duration:                     0
Xon Send Timer:                 0     TCP Outbound Address:         0.0.0.0
Slip Autosend:           Disabled     Radius Accounting:           Disabled
APD Prompt:               Enabled


Username Prompt:          Enter username> 
Password Prompt:     Enter user password> 

Xyplex>> show po 1 telnet char


Port 1:  (Remote)                                20 Apr 1998  23:20:20

Abort Output Character:       None    Newline:                 CR/NULL
Attention Character:          None    Newline Filtering:          None
Default Port:                   23    Query Character:            None
Echo Mode:                  Remote    Remote Port:                  23
Erase Keystroke Character:    None    Synchronize Character:      None
Erase Line Character:         None    Transmit:           BuffTime  80
Interrupt Character:          None    Binary Session Mode:     PASTHRU
TerminalType:                vt100    Tn3270 Device:              None
Tn3270 TranslationTable:      None    Tn3270 Printer Port:         Any
Local Port:                   4100    Tn3270 Default Port:          23


Enabled Characteristics:
****verify that the Remote port is 23.

7. Verify port 2 configuration.

Xyplex>> show po 2 

Port 2:  (Remote)                         20 Apr 1998  23:13:20

Character Size:            8           Input Speed:       57600
Flow Control:            CTS           Output Speed:      57600
Parity:                 None           Modem Control:   Enabled

Access:               Remote           Local Switch:       None
Backwards Switch:       None           Name:             PORT_2
Break:                 Local           Session Limit:         4
Forwards Switch:        None           Type:               Ansi
CCL Modem Speaker: Inaudible           CCL Name:           None
APD Timeout:       Unlimited           APD Default:      LOGOUT
APD:                Disabled
Dialout Action:       Logout
APD Authentication
Interactive Only:   Disabled

Preferred Service: None

Authorized Groups: 0
(Current)  Groups: 0

Enabled Characteristics:
Autoprompt,  Input Flow Control,  Internet Connections,  Loss Notification,
Message Codes,  Noloss,  Output Flow Control,  ULI,  Verification

****verify character size of 8, parity of none, flow control of CTS, input
and output speed of 57600, modem control is enabled, access is remote, apd
is disabled, and that noloss is enabled.

Xyplex>> show po 2 telnet char


Port 2:  (Remote)                                20 Apr 1998  23:21:07

Abort Output Character:       None    Newline:                 CR/NULL
Attention Character:          None    Newline Filtering:          None
Default Port:                   23    Query Character:            None
Echo Mode:                  Remote    Remote Port:                  23
Erase Keystroke Character:    None    Synchronize Character:      None
Erase Line Character:         None    Transmit:           BuffTime  80
Interrupt Character:          None    Binary Session Mode:     PASTHRU
TerminalType:                vt100    Tn3270 Device:              None
Tn3270 TranslationTable:      None    Tn3270 Printer Port:         Any
Local Port:                   4200    Tn3270 Default Port:          23


Enabled Characteristics:
****verify that the Remote Port is set to 23.

8. Verify ports 3 through 10, port 19, ports 21 through 24, port 30, and port 37 configurations. Apply the example for port 3 with port 4 to 8.

Xyplex>> show po 3


Port 3:                                   20 Apr 1998  23:15:13

Character Size:            8           Input Speed:       57600
Flow Control:            CTS           Output Speed:      57600
Parity:                 None           Modem Control:   Enabled

Access:                Local           Local Switch:       None
Backwards Switch:       None           Name:             PORT_3
Break:                 Local           Session Limit:         4
Forwards Switch:        None           Type:               Ansi
CCL Modem Speaker: Inaudible           CCL Name:           None
APD Timeout:       Unlimited           APD Default:      LOGOUT
APD:                INTERACTIVE PPP 
Dialout Action:       Logout
APD Authentication
Interactive Only:   Disabled

Dedicated Service: xxx.xx.xx.21

Authorized Groups: 0
(Current)  Groups: 0

Enabled Characteristics:
Autoconnect,  Autohangup,  Autoprompt,  Input Flow Control,
Internet Connections,  Loss Notification,  Message Codes,  Output Flow Control,
PAP-Radius,  ULI,  Verification

****verify character size of 8, parity of none, flow control of CTS, input
and output speed of 57600, modem control is enabled, access is local, apd is
interactive and PPP, noloss is disabled, APD Authentication Interactive Only
is Disabled, and that the Dedicated service displays the IP address of the
LDAD D270 server. Verify that all enabled characteristics match the
characteristics shown above.

Xyplex>> show po 3 alt char


Port 3:                                               20 Apr 1998  23:22:35

Resolve Service:          Any_Tel     DTR wait:                    Disabled
Idle Timeout:                   0     Typeahead Size:                  4096
SLIP Address:             0.0.0.0     SLIP Mask:            255.255.255.255
Remote SLIP Addr:         0.0.0.0     Default Session Mode:     Interactive
TCP Window Size:             1024     Prompt:                        Xyplex
DCD Timeout:                    0     Dialback Timeout:                  20
Stop Bits:                      1     Script Login:                Disabled
TCP Keepalive Timer:            0     Username Filtering:              None
Nested Menu:             Disabled     Nested Menu Top Level:              0
Command Size:                  80     Clear Security Entries:      Disabled
Rlogin Transparent Mode:  Enabled     Login Duration:                     0
Xon Send Timer:                 0     TCP Outbound Address:         0.0.0.0
Slip Autosend:           Disabled     Radius Accounting:            Enabled
APD Prompt:               Enabled


Username Prompt:          Enter username> 
Password Prompt:     Enter user password> 

****verify rlogin transparent mode enabled, tcp window size 1024, typeahead
size 4096, dcd ypletimeout 0, resolve services is Any_Telnet, and APD prompt
enabled.

Xyplex>> show po 3 ppp char       


Port 3:                                   20 Apr 1998  23:26:33
PPP Characteristics

Protocol(s):  IP

Active:                            Enabled
PAP Authentication:             PAP-Radius
CHAP Authentication:                  None
CHAP Challenge Timer (min):              0

Charmap:                        0x000a0000
MRU:                                  1500
Restart Timer:                           3
Failure Limit:                           3
Configure Limit:                        10

Logging:                              None
Keepalive Timeout:                Disabled
Keepalive Timer:                  Disabled
Magic Number:                      Enabled

**verify Active enabled, PAP Authentication is PAP-Radius.

Xyplex>> show po 3 ppp ip char


Port 3:                                   20 Apr 1998  23:27:19
PPP IP Characteristics:

Local IP Address:             0.0.0.0
Local IP Range:               0.0.0.0 - 255.255.255.255
Remote IP Address:      xxx.xx.xx.101
Remote IP Range:              0.0.0.0 - 255.255.255.255
IP Broadcast:                Disabled
IP Mask:              255.255.255.255
VJ Compression:               Enabled
VJ Slots:                          15

****verify remote IP address as being the IP address assigned to the
particular port. These IP addresses must be unique.

Xyplex>> show po 9

Port 9:  (Remote)                         29 Jan 1999  01:04:57

Character Size:            8           Input Speed:        9600
Flow Control:            CTS           Output Speed:       9600
Parity:                 None           Modem Control:   Enabled

Access:               Remote           Local Switch:         ^W
Backwards Switch:       None           Name:             PORT_9
Break:                 Local           Session Limit:         4
Forwards Switch:        None           Type:               Soft
CCL Modem Speaker: Inaudible           CCL Name:           None
APD Timeout:       Unlimited           APD Default:      LOGOUT
APD:                Disabled
Dialout Action:       Logout
APD Authentication
Interactive Only:   Disabled

Preferred Service: TELNET

Authorized Groups: 0
(Current)  Groups: 0

Enabled Characteristics:
Autoprompt,  Input Flow Control,  Internet Connections,  Line Editor,
Loss Notification,  Message Codes,  OutboundSecurity,  Output Flow Control,
ULI,  Verification


Xyplex>> show po 9 alt char

Port 9:  (Remote)                                     29 Jan 1999  01:05:48

Resolve Service:          Any_Tel     DTR wait:                    Disabled
Idle Timeout:                   0     Typeahead Size:                   128
SLIP Address:             0.0.0.0     SLIP Mask:            255.255.255.255
Remote SLIP Addr:         0.0.0.0     Default Session Mode:     Transparent
TCP Window Size:              256     Prompt:                        Xyplex
DCD Timeout:                 2000     Dialback Timeout:                  20
Stop Bits:                      1     Script Login:                Disabled
TCP Keepalive Timer:            0     Username Filtering:              None
Nested Menu:             Disabled     Nested Menu Top Level:              0
Command Size:                  80     Clear Security Entries:      Disabled
Rlogin Transparent Mode: Disabled     Login Duration:                     0
Xon Send Timer:                 0     TCP Outbound Address:         0.0.0.0
Slip Autosend:           Disabled     Radius Accounting:           Disabled
APD Prompt:               Enabled


Username Prompt:          Enter username>
Password Prompt:     Enter user password>

****Port 10 must be verified the same way port 9 was.

Xyplex>> show po 19

Port 19:  (Remote)                         04 Jan 1999  22:28:09

Character Size:            8           Input Speed:        9600
Flow Control:            CTS           Output Speed:       9600
Parity:                 None           Modem Control:   Enabled

Access:              Dynamic           Local Switch:       None
Backwards Switch:       None           Name:            PORT_19
Break:                 Local           Session Limit:         4
Forwards Switch:        None           Type:               Ansi
CCL Modem Speaker: Inaudible           CCL Name:           None
APD Timeout:       Unlimited           APD Default:      LOGOUT
APD:                Disabled
Dialout Action:       Logout
APD Authentication
Interactive Only:   Disabled

Preferred Service: None

Authorized Groups: 0
(Current)  Groups: 0

Enabled Characteristics:
Autoconnect,  Autohangup,  Autoprompt,  Input Flow Control,
Internet Connections,  Loss Notification,  Message Codes,  Noloss,
Output Flow Control,  ULI,  Verification

****verify character size of 8, parity of none, flow control of CTS, input
and output speed of 57600, modem control is enabled, access is dynamic, apd
is disabled, and check every Enabled Characteristics whether or not match the
characteristics shown above.


Xyplex>> show po 19 alt char

Port 19:  (Remote)                                     04 Jan 1999  22:36:33

Resolve Service:          Any_Tel     DTR wait:                    Disabled
Idle Timeout:                   0     Typeahead Size:                  4096
SLIP Address:             0.0.0.0     SLIP Mask:            255.255.255.255
Remote SLIP Addr:         0.0.0.0     Default Session Mode:     Transparent
TCP Window Size:             1024     Prompt:                        Xyplex
DCD Timeout:                 2000     Dialback Timeout:                  20
Stop Bits:                      1     Script Login:                Disabled
TCP Keepalive Timer:            0     Username Filtering:              None
Nested Menu:             Disabled     Nested Menu Top Level:              0
Command Size:                  80     Clear Security Entries:      Disabled
Rlogin Transparent Mode: Disabled     Login Duration:                     0
Xon Send Timer:                 0     TCP Outbound Address:         0.0.0.0
Slip Autosend:           Disabled     Radius Accounting:           Disabled
APD Prompt:               Enabled


Username Prompt:          Enter username> 
Password Prompt:     Enter user password> 

****verify Default Session Mode is transparent.

Xyplex>> show po 30


Port 30:  (Remote)                         04 Jan 1999  22:47:05

Character Size:            8           Input Speed:       38400
Flow Control:            CTS           Output Speed:      38400
Parity:                 None           Modem Control:   Enabled

Access:               Remote           Local Switch:       None
Backwards Switch:       None           Name:            PORT_30
Break:                 Local           Session Limit:         4
Forwards Switch:        None           Type:               Ansi
CCL Modem Speaker: Inaudible           CCL Name:           None
APD Timeout:       Unlimited           APD Default:      LOGOUT
APD:                Disabled
Dialout Action:       Logout
APD Authentication
Interactive Only:   Disabled

Preferred Service: None

Authorized Groups: 0
(Current)  Groups: 0

Enabled Characteristics:
Autobaud,  Autoprompt,  Broadcast,  Input Flow Control,  Internet Connections,
Line Editor,  Loss Notification,  Message Codes,  Noloss,  Output Flow Control
ULI,  Verification

Xyplex>> show po 30 alt char


Port 30:  (Remote)                                     04 Jan 1999  22:47:57

Resolve Service:          Any_Lat     DTR wait:                    Disabled
Idle Timeout:                   0     Typeahead Size:                   128
SLIP Address:             0.0.0.0     SLIP Mask:            255.255.255.255
Remote SLIP Addr:         0.0.0.0     Default Session Mode:     Transparent
TCP Window Size:              256     Prompt:                        Xyplex
DCD Timeout:                10000     Dialback Timeout:                  20
Stop Bits:                      1     Script Login:                Disabled
TCP Keepalive Timer:            0     Username Filtering:              None
Nested Menu:             Disabled     Nested Menu Top Level:              0
Command Size:                  80     Clear Security Entries:      Disabled
Rlogin Transparent Mode: Disabled     Login Duration:                     0
Xon Send Timer:                 0     TCP Outbound Address:         0.0.0.0
Slip Autosend:           Disabled     Radius Accounting:           Disabled
APD Prompt:               Enabled


Username Prompt:          Enter username>
Password Prompt:     Enter user password>


Xyplex>> show po 37


Port 37:  (Remote)                         04 Jan 1999  22:45:49

Character Size:            8           Input Speed:         300
Flow Control:            XON           Output Speed:        300
Parity:                 None           Modem Control:  Disabled

Access:               Remote           Local Switch:       None
Backwards Switch:       None           Name:            PORT_37
Break:                 Local           Session Limit:         4
Forwards Switch:        None           Type:               Ansi
CCL Modem Speaker: Inaudible           CCL Name:           None
APD Timeout:       Unlimited           APD Default:      LOGOUT
APD:                Disabled
Dialout Action:       Logout
APD Authentication
Interactive Only:   Disabled

Preferred Service: None

Authorized Groups: 0
(Current)  Groups: 0

Enabled Characteristics:
Autoconnect,  Autohangup,  Autoprompt,  Input Flow Control,
Internet Connections,  Loss Notification,  Message Codes,  Output Flow Control
ULI,  Verification

Xyplex>> show po 37 alt char


Port 37:  (Remote)                                     04 Jan 1999  22:46:46

Resolve Service:          Any_Lat     DTR wait:                    Disabled
Idle Timeout:                   0     Typeahead Size:                  4096
SLIP Address:             0.0.0.0     SLIP Mask:            255.255.255.255
Remote SLIP Addr:         0.0.0.0     Default Session Mode:     Transparent
TCP Window Size:             1024     Prompt:                        Xyplex
DCD Timeout:                 2000     Dialback Timeout:                  20
Stop Bits:                      1     Script Login:                Disabled
TCP Keepalive Timer:            0     Username Filtering:              None
Nested Menu:             Disabled     Nested Menu Top Level:              0
Command Size:                  80     Clear Security Entries:      Disabled
Rlogin Transparent Mode: Disabled     Login Duration:                     0
Xon Send Timer:                 0     TCP Outbound Address:         0.0.0.0
Slip Autosend:           Disabled     Radius Accounting:           Disabled
APD Prompt:               Enabled


Username Prompt:          Enter username>
Password Prompt:     Enter user password>

6.4.1 CSPORTD

You will find the csportd executable in /usr/bin, but to start up csportd properly, you need to configure it. Follow these instructions:

$ su root -c "/usr/local/src/csportd/csportd.Setup"

Password: Enter root password

Note: If csportd has been previously installed and configured, you will be ask whether or not to rewrite it.
If no, the program will exit. If yes, the processes will continue:

CSPORTD has been previously configured!!!

Would you like to reconfigure it? [Y/n] : default is yes

CSPORTD has been successfully started!!

6.5 LDAD Dial-Out Modem #1 Configuration

6.6 LDAD Dial-Out Modem #2 Configuration

6.7 LDAD Dial-In Modem Configuration

LDAD Dial-in modems are configured to reload their option set after each call is terminated, either normally or abnormally. This ensures that the dial-in modem will be properly configured for the next call. Disconnect each associated terminal server port from the dial-in modem before configuring it. This is necessary when manually configuring the modem because the modem is configured to reload its option set after the terminal server logs out the port. Certain configuration actions taken when configuring the modem as shown in Table 6.4 will cause the terminal server to log off the port, making it impossible to properly manually configure the modem and save the new configuration to the proper option set without the terminal server being disconnected.

6.8 LDAD Dedicated Modem Configuration

LDAD Dedicated modems are configured to reload their option set if communications is broken for any reason. This ensures that the dedicated modem will be properly configured when the line is re-established.

Disconnect each associated terminal server port from the dedicated modem before configuring it. This is necessary when manually configuring the modem because the modem is configured to reload its option set after the terminal server logs out the port. Certain configuration actions taken when configuring the modem as shown in Table 6.5 will cause the terminal server to log off the port, making it impossible to properly manually configure the modem and save the new configuration to the proper option set without the terminal server being disconnected.

The configuration shown in table 6.5 is valid for any dedicated modem that is to be used for Emergency Manager connection, and enables either interactive login to the LDAD server or PPP communications.

Some dedicated modem configurations may differ quite significantly due to the differing needs of the communications segment. Each dedicated modem configuration must be checked for compatibility with the particular application ofr which it is used.

6.9 LDAD Firewall Configuration

6.9.1 LDAD Firewall O.S. Configuration

• Add administrative user accounts
Personnel responsible for administering and/or troubleshooting the LDAD firewall must have local accounts on the firewall system. Only site maintenance personnel or system administrators should have local accounts on the firewall system. Normal users who use proxies for communications between AWIPS and external systems will have only TIS accounts, not local accounts. To add a local account, use the /usr/sbin/adduser command on the firewall. Add the local administrator accounts to group wheel to ensure that these accounts can use the command /usr/bin/su to become root after logging on to the system.

fslc: /root# /usr/sbin/adduser
. . .
Login names are up to 16 characters and consist of upper or lower
case alphabetic characters or digits. They must start with an
alphabetic character and should generally be all lower case.

Please enter the login name for the user you wish to create or
press just <Enter> for a list of current users.

Login name: newadmin

Adding user: newadmin

For security purposes, no characters are printed when entering passwords.

Password:
Retype new password:

Enter primary group as either a name defined in the group file
or a numeric gid.

Primary group (? for list of choices) [user]: wheel

You will be prompted for the user's full name, office, office phone,
and home phone. The values for these fields may not contain commas.
To leave a field blank, simply press <Enter> when prompted for the value.

Full name: Mr. Site Admin

Office: WSFO Rm. 112

Office Phone: 555-8181

Home Phone: None

Home directory [/home/newadmin]:

Login shell (? for list of choices) [/bin/csh]:

Login name:     newadmin
Primary group:  wheel
Full name:      Mr. Site Admin
Office:         WSFO Rm. 112
Office phone:   555-8181
Home phone:     None
Home directory: /home/newadmin
Shell:          /bin/csh

Add this user to the password file? [yes]:

Cached passwd entry for new user: newadmin (uid: 101)
  the entry will be written when you are done adding users.

Generally, users are members of a single group. Add users to special
groups for special privileges; here is a list:
    dialer     users who can access modems
    wheel      users who can ever become superuser

Add `newadmin' to other secondary groups? [no]: 

Do you wish to add additional users? [no]: 
adduser: Successful Completion (new password and group files written)

fslc: /root

• Configure Network Time Protocol
The LDAD firewall must synchronize its time to the internal AWIPS site. In turn, the LDAD firewall will serve as a time source for the external LDAD server. Edit the /etc/ntp.conf file on the firewall to allow this.

bou:/root# cat /etc/ntp.conf
broadcastclient 165.92.YYY.ZZZ
broadcast XXX.XXX.XXX.XXX
bou:/root#

Change YYY.ZZZ to reflect the subnet and broadcast address of the internal AWIPS site. Change XXX.XXX.XXX.XXX to reflect the broadcast address of the external LDAD network. The daemon xntpd is started automatically by the firewall if /etc/ntp.conf exists, so the next reboot of the firewall will start NTP and synchronize the firewall clock to the local AWIPS site time.
• Configure Serial Console
The LDAD firewall is configured to utilize a terminal server port for communications in normal operation. This configuration does not allow the BSDI OS to be reloaded, so a mouse, keyboard, and VGA display is shipped with the LDAD system for maintenance purposes. In the event of a failure or OS reconfiguration, the serial console connection configuration must be redone to allow terminal server communications. Edit /etc/boot.default to allow the serial connection to be used as a console.

fslc: /root# cat /etc/boot.default
-echooff
# change to -v for more verbose output
# remove this line for traditional output
# the -q option inhibits noisy autoconfiguration details
-autodebug -q 
-echoon
-show
-console com0 
-echo Booting from serial console
-start
fslc: /root#

Edit /etc/ttys and change the console line to reflect the type of terminal that the serial console will have (vt100 works well for terminal server connections). The original BSDI-supplied line has been commented out in the following example.

fslc:/etc# vi /etc/ttys
....
#
#console        "/usr/libexec/getty pccons"     ibmpc3  on secure
console "/usr/libexec/getty pccons"     vt100   on secure

• Configure Host Resolve Order
The LDAD firewall must recognize AWIPS site host names for use in connections to internal hosts, as well as sucessfully resolve incoming external connections. Internal AWIPS site hosts will not be known to external connection DNS servers, and this information must reside in the hosts file of the LDAD firewall. (The hosts table must be updated after the firewall is configured due to the modifications that a running TIS Gauntlet package must make to the /etc/hosts file, so this step will be accomplished after the TIS firewall is configured.) The firewall must be configured to utilize its local /etc/hosts file first, and if the hostname in question is not found there, to utilize the external DNS server for hostname lookup. Edit /etc/irs.conf and change the host lookup order to reflect this need.

fslc:/etc# vi /etc/irs.conf
....
# Hosts comes first from DNS, failing that, the local file
hosts           local     continue
hosts           dns
....

6.9.2 LDAD TIS Firewall Configuration

• Log on to the firewall system via the terminal server connection, become root and run this program to confiugre the firewall. Enter your answers at every >> prompt.

fslc:/etc#  cd /usr/local/ldadfw
fslc:/usr/local/ldadfw#  su root -c "./ldadfw.install"
Password:

Welcome to Gauntlet firewall configuration.

Gauntlet has been previously installed. Would you like to reinstall? [Y/n]

Please follow answer these questions.

Enter your hostname as the site name for the external interface. e.g. site1
>>mysite

Enter your domain name of the external LDAD site. e.g. fsl.noaa.gov
>>somewhere.noaa.gove

Enter your default gateway's IP address (as the external LDAD site gateway).
e.g. 129.89.144.1
>>133.33.33.1

Enter your name server IP address. e.g. 129.89.144.12
>>133.33.33.2

Enter your IP address assigned to the external LDAD interface.
e.g. 129.89.144.167
>>133.33.33.3

Enter your subnet mask of the external LDAD LAN. e.g. 255.255.255.0
>>255.255.255.0

Enter your broadcast address of the external LDAD LAN. e.g. 129.89.144.255
>>133.33.33.255

Enter your IP address assigned to the internal interface connected to the
AWIPS site LAN. e.g. 165.92.133.101
>>165.92.133.110

Enter your subnet mask of the internal AWIPS site. e.g. 255.255.255.128
>>255.255.255.128

Enter your broadcast address of the internal AWIPS site. e.g. 165.92.133.127
>>165.92.133.127

Enter your internal site AWIPS router floating IP address (this will allow
the firewall to route to NCF). e.g. 165.92.133.70
>>165.92.133.70

Enter your internal mail hub. e.g. somewhere.central.awips.noaa.gov
>>somewhere.central.awips.noaa.gov

Enter your mail hub IP address. e.g. 129.89.123.45
>>133.33.33.2

Enter your postmaster email address. e.g.
fire-reports@somewhere.central.awips.noaa.gov,
whoever@somewhere.central.awips.noaa.gov
>>me@here.awips.noaa.gov,him@there.awips.noaa.gov

Enter the centrally assigned firewall reporting address. e.g.
fire-reports@somewhere.central.awips.noaa.gov,
whoever@somewhere.central.awips.noaa.gov
>>>me@here.awips.noaa.gov

• Please take a minute to review all your input. You can edit any item by selecting its number or just press <enter> if everything is OK.

These are all the answers you have entered so far:
1 ) hostname as the site name for the external interface -->mysite 
2 ) domain name of the external LDAD site -->somewhere.noaa.gove
3 ) default gateway's IP address (as the external LDAD site gateway)
    -->133.33.33.1 
4 ) name server IP address -->133.33.33.2
5 ) IP address assigned to the external LDAD interface -->133.33.33.3 
6 ) subnet mask of the external LDAD LAN -->255.255.255.0
7 ) broadcast address of the external LDAD LAN -->133.33.33.255
8 ) IP address assigned to the internal interface connected to the AWIPS
    site LAN -->165.92.133.110
9 ) subnet mask of the internal AWIPS site -->255.255.255.128
10 ) broadcast address of the internal AWIPS site -->165.92.133.127
11 ) internal site AWIPS router floating IP address (this will allow the
     firewall to route to the NCF -->165.92.133.70
12 ) internal mail hub -->somewhere.central.awips.noaa.gov
13 ) mail hub IP address -->133.33.33.2 
14 ) postmaster email address -->him@there.awips.noaa.gov
15 ) the centrally assigned firewall reporting address
     -->me@here.awips.noaa.gov

• After verifying all the inputs you've entered, you may select any item to edit your previous input. Or if everthing is correct, just press <enter> to continue.

Which item would you like to modify? Enter the item number or press enter
to accept all these answer
Item: 2
2 ) domain name of the external LDAD site [somewhere.noaa.gove]
    -->somewhere.noaa.gov

or press enter to go on.

Item:

Please wait

• After "Please wait" prompt, it may take a few seconds before leading to the next stage, "User Authentication Management".

user       group      longname      status proto      last
----       -----      --------      ------ -----      ----

                                  Add New User
                                      Quit

• Once the screen appears as shown above, select Add New User.

                                       Edit User

   Status of user
   ------------------------------------------------------------
     Never logged in
     No bad logins
     Authentication protocol: password
     Flags: DISABLED

   UserID:  mugwump                      
     Name:  Mr. Billy MugWump
    Group:  AWIPS
    Proto: password

   To change password, enter a new value.
   [Existing password will not be displayed.]
   Passwd: XXXXXXXX
   Verify: XXXXXXXX


                                        Save these Changes
                                         Delete this User
                                        Escape (don't save)

****Each external user must have a firewall proxy account to access internal AWIPS resources. This is the screen that is used to add this proxy account. Never confuse a firewall UNIX account with a firewall proxy account. UNIX accounts are added only for LDAD administrators who need access to configure the firewall. You may access this menu at any time to add a new external user. In the example above, user "mugwump" is added as a firewall proxy account.

• Select Quit. And then go on answering the following questions.

What is the IP address of the LDAD server (LS)?
>>
What is the IP address of the DATA server (DS)?
>>

• Again, take a look at your input and edit the item you want. Or else, just press <enter>.

You have entered:
1 )  for IP address of the LDAD server (LS)
2 )  for IP address of the DATA server (DS)
Enter the number to modify or press enter if everything is correct. >>

• Answer these questions and review them as you did previously.

What is the external subnet the LDAD firewall is connected to(untrusted network)?   e.g.129.89.*
>>
What is the external subnet (above)'s name?   e.g. My Network
>>

You've entered:
1)  for untrusted network subnet
2)  for its name
Enter the number to modify or press enter if everything is correct >>

• Now the installation program is rebooting the machine, once it is done. Do the next one.
• Copy AWIPS site Host file
The LDAD firewall must know the host names and associated IP addresses of the hosts at the local AWIPS site. This is accomplished by adding these IP addresses and hostnames to the firewall /etc/hosts file. Log in to the firewall as root and FTP to ds1-(site) (you will probably need to find out the IP address of this node) and get /etc/hosts, then merge this hosts file with the /etc/hosts file on the firewall. TIS Gauntlet is installed and configured, so place the new host entries below the line
#%subs-end% END: Ok to manually edit in order to ensure that the TIS Gauntlet modifications to the /etc/hosts file on the firewall are preserved. A modified /etc/hosts file will look like the example below:

#
# Host Database
# This file should contain the addresses and aliases
# for local hosts that share this file.
# It is used only for "ifconfig" and other operations
# before the nameserver is started.
#
#TAG=OSI
127.0.0.1               localhost loghost

# do not use fully qualified domain names here
#
# make stub entry for external address
#%subs-start%
#expand ${ip_outsideaddr} ${ip_hostname} ${ip_hostname}.${ip_domainname}
#%subs-data% BEGIN: DO NOT manually edit below this line 
19.75.59.254 fslc fslc.fsl.noaa.gov
#%subs-end%  END: Ok to manually edit 

# make stub entry for internal address
#%subs-start%
#expandif $ip_insideaddr ! "none"
#${ip_insideaddr} ${ip_hostname}-internal ${ip_hostname}-internal.${ip_domainname}
#endexpandif
#%subs-data% BEGIN: DO NOT manually edit below this line 
165.92.103.119 fslc-internal fslc-internal.fsl.noaa.gov
#%subs-end%  END: Ok to manually edit 

10.0.1.1      as1-beat        # Application Server 1 heartbeat = LAN
10.0.1.2      as2-beat        # Application Server 2 heartbeat = LAN

10.0.1.3      xyplex1 # Terminal Server 1
10.0.1.4      xyplex2 # Terminal Server 2

10.0.2.1      ds1-beat        # Data Server heartbeat LAN
10.0.2.2      ds2-beat        # Data Server heartbeat LAN

165.92.30.1   as1-ancf        netMgr  netTime # Application = Server
165.92.30.2   as2-ancf        bnetMgr bnetTime        # > Application Server

165.92.xxx.1  as1-(site)      as1     # Application Server
165.92.xxx.2  as2-(site)      as2     # Application Server

165.92.xxx.5  ds1-(site)      cpCfgHost       ds1     # Data Server
165.92.xxx.6  ds2-(site)      ds2     # Data Server

165.92.xxx.10 ws1-(site)      ws1     # Workstation Type III
165.92.xxx.11 ws2-(site)      ws2     # Workstation Type III
165.92.xxx.12 ws3-(site)      ws3     # Workstation Type III
.....

6.10 LDAD Radius Server Configuration

Install the radius server by one of two methods.

1. Binary Distribution - acquire radius.binary.tar.gz. This can be obtained by anonymous ftp from ftp.fsl.noaa.gov; change to the directory "network". After obtaining and uncompressing the tar file, "tar -xvf radius.binary.tar" will unpack the radius binaries into /usr/private/etc, the directories used for radius.
2. Source Distribution - acquire radius.source.tar.gz. This can be obtained by anonymous ftp from ftp.fsl.noaa.gov; change to the directory "network". After obtaining and uncompressing the tar file, "tar -xvf radius.source.tar" will unpack the radius source into a directory called "radius" in your current directory. Follow the directions in README.AWIPS to build and install the source.

• Edit /etc/services file to include the radius ports. Add the following lines:

## added for radiusd authentication 
radius          1645/udp        # Radius dialin authentication
radacct         1646/udp        # Radius accounting

• Edit /usr/private/etc/raddb/authfile as superuser and change the following lines to match your site.

.
..
....
.....
#       It says to use the UNIX password file for authentication.

#Change "your.realm.name" to the domain of the ldad server."
your.realm.name                    UNIX-PW

#       This entry says to pass requests with authentication realm names
#       which didn't appear in this file along to another RADIUS server.

#Change "DEFAULT" user to utilize UNIX-PW method."
DEFAULT                            UNIX-PW

#       This next entry says to handle requests which don't have a realm
#       name appended to the user id as local user ids.

NULL                               UNIX-PW

• Edit /usr/private/etc/raddb/clients. Comment out all the example entries and add two entries, one for your LDAD server, and one for the LDAD terminal server. Both entries should be fully qualified domain names. Use the radius authentication secret password you assigned to the site in section 6.3. These passwords must match on both the terminal server and the LDAD server. An example file is shown below.

#
#       This file contains a list of clients which are allowed to
#       make authentication requests and their encryption keys.
#
#       The first field may be an IP address or a valid DNS hostname.
#
#       The second field (separated by blanks or tabs) is the encryption
#       key.  It is currently limited to fifteen (15) characters in length.
#
#       The prefix field specifies a prefix which can be used to select
#       different users files and authfile files to be used for requests
#       from the associated client.
#
#       The "<name1>/<name2>" style entries may be used to specify the pair
#       of servers for which an entry applies.  This allows the same clients
#       file to be used by and distributed to different RADIUS servers.
#
#Client Name            Key             user/authfile prefix
#----------------       --------------- --------------------
ls1-fsld.fsl.noaa.gov   *&^3Re8
lts1-fsli.fsl.noaa.gov  *&^3Re8

• Edit /etc/inetd.conf and add the following line to activate the radiusd when a radius request is received.

radius  dgram   udp     wait    root    /usr/private/etc/radiusd radiusd

After modifying /etc/inetd.conf, kill -HUP the inetd process to allow this change to take affect.
• Verify that your system has an "/etc/shells" file. This file contains a list of legal shells on the system. Your /etc/shells file should contain a minumum of the following;

/bin/ksh
/bin/csh
/bin/tcsh
/bin/sh
/ldad/bin/tmain
/usr/bin/tcsh

6.11 LDAD Fax Server Configuration

6.11.1 Fax modem

• Plug a straight-through cable between the port 30 of LDAD terminal server and the modular adaptor of the fax modem
• Plug a power cable and a phone line to the fax modem and turn it on.
• The default configuration of this modem is working fine with HylaFax, therefore use cu or kermit to get connected with the modem and reset it.

$kermit

Executing /usr/share/lib/kermit/ckermit.ini for UNIX...

Good Morning!

C-Kermit 5A(190), 4 Oct 94, for HP-UX 10.0

Copyright (C) 1985, 1994,

Trustees of Columbia University in the City of New York.

Type ? or HELP for help.

[/] C-Kermit>>set line
/dev/faxmodem

[/] C-Kermit>set speed 9600

/dev/faxmodem, 9600 bps

[/] C-Kermit>c
atz
OK
at&f9
OK
at&w0
OK

• And then Ctrl-c to exit.

6.11.2 HylaFAX Software Preparation

As well as the program itself, there are a number of other components, which are ghostscript and tiffutils packages, required to get HylaFAX going. They can be downloaded from the following sites:

the ghostscript package:

http://gatekeep.cs.utah.edu/hppd/hpux/X11/Graphics/libpng-0.96/

http://gatekeep.cs.utah.edu/hppd/hpux/Misc/zlib-1.0.4/

http://gatekeep.cs.utah.edu/hppd/hpux/PostScript/gs-5.01/

http://gatekeep.cs.utah.edu/hppd/hpux/PostScript/gs_fonts_std-5.01/

http://gatekeep.cs.utah.edu/hppd/hpux/X11/Graphics/jpeg-6a/

http://gatekeep.cs.utah.edu/hppd/hpux/X11/Graphics/tiff-3.4b037/

**If you plan to use the HylaFAX binary version which is already built on your server (you may check it by verifying if /opt/hylafax and /var/opt/hylafax directories exist), then you can skip this section and go directly to next section (Setup HylaFAX).

Install from Source Code Distribution

• Download
The source code is available for ftp on ftp.sgi.com in sgi/fax/source directory. Get "hylafax-v4.0pl2-tar.gz" from their site, then unzip and untar it.
• Apply patches
The source code that was just download is not complete enough to be built on our server without any error. That means it needs more patches in order to compile successfully. These patches can be downloaded from http://www.trump.net.au/~rjc/hylafax/ And they are "faxmail", "Tagline", "textfmt", "StackBuffer", "gcc-2.8.0", "hpux", "hpux bug".
To apply, run patch from above the root of distribution:
$ls
hylafax-v4.0pl2
gcc-2.8.0.diff
$patch < gcc-2.8.0.diff
Repeat this patch command with all the patches. Finally, the source code will be ready to compile.
• Compile
$cd hylafax-v4.0pl2
$chmod 644 config.site



In config.site, check if these three important parameters - DIR_AFM, CC, CXX - have valid values, according to the paths on the server.

For instance, DIR_AFM=/opt/gs/share/fonts. This directory should consist of afm files that the application needs.

Since the default value for CC and CXX is "gcc," ensure gcc of egcs is available on the server, otherwise edit these parameters accordingly to the compilers that really exist.

• Make the software
$/usr/local/bin/make or $make

A lot of messages will be generated during the making process. Then it will stop at a list of directories. Check every entry to see if it is valid for the server.

It will ask if these settings are OK. If any is not, type its number and press <enter>. Frequently, these entries need to be edited:

Then finish the installation with this command:


$ sudo /usr/local/bin/make install or just $sudo make install

To avoid complication, the easier way is to make use of the HylaFAX binary version which was already built. But if you would like to install the binary version from scratch, execute the following command:

$sudo swinstall -s /usr/local/src/hylafax-hpux10.20-v4.0pl2-2.depot

6.11.3 Set up HylaFAX

• If it is binary distribution, add /opt/hylafax/bin and /opt/hylafax/sbin to your path. If it is source code, add /usr/local/bin and /usr/local/sbin.
• If it is binary version, execute this command:

$su root -c "/opt/hylafax/hylafax.Setup"

Password:

If it is source version, do this instead:

$su root -c "/usr/local/src/hylafaxsrc/hylafax.Setup"

Password:

• The script will run you through lines of message explaining what it is doing until it will be interrupted by these two questions waiting for your input:

• Now HylaFAX should be starting. The modems lights should flash. Wait for a few seconds and type faxstat to view the modems available. The following lines should be shown:

Note: hfaxd and faxq must be running together. hfaxd listens for client requests for service and creates a process for each client. It supports the submission of outbound jobs, querying the status of the send and receive queues, and altering parameters of previously submitted jobs. faxq is the central queuing agent for HylaFAX. One faxq process is normally running at all times. faxq is responsible for scheduling, preparing, and initiating outbound jobs.

6.11.4 Try Sending a Fax

The most simple format of sendfax is:
$sendfax -c "[comments]" -x "destination company" -d [recipient@destination number] document file

For instance
$sendfax -c "very confidential" -x "John's company" -d John@4977256 report.txt

For each job that is queued, sendfax prints a job identifier and a job group identifier on the standard output like this:

request id is 44 (group id 44) for host localhost (1 file)

To use this command more effectively, consult sendfax's man page for more options.

6.12 LDAD FTP Server Configuration

Since an HP-UX wu-ftpd binary version has not yet been developed, we need to build it from its source code. It needs an ANSI-C compiler in order to compile the code successfully, so do not use the standard HP C compiler. wu-ftpd has been successfully built using gcc version 2.7.2.2.

6.12.1 Prepare the Source Code

• FTP the source code from [not yet known] into /usr/local/src and uncompress it

$zcat wu-ftpd-2.4.tar.Z | tar xvf

• Ensure /usr/local/gcc-2.7.2.2/bin (or other ANSI C compiler) resides in your path.

6.12.2 Edit the Source Code

• In /usr/local/src/wu-ftpd-2.4/src/makefiles, redefine the following variables in Makefile.hpx

LIBS = ../support/libsupport.a -lsec

CFLAGS = --Dunix -D_HPUX_SOURCE ${IFLAGS}

YACC = bison -y

• In /usr/local/src/wu-ftpd-2.4/support/makefiles, redefine this variable in Makefile.hpx

CFLAGS = -static ${IFLAGS} ${LFLAGS}

• In /usr/local/src /wu-ftpd-2.4/src/ftpd.c line 143, add "const" into this line:

extern char *getline(), *realpath(const char *pathname, char *result);

• In /usr/local/src /wu-ftpd-2.4/src/realpath.c at line 45, add "const" into the line:

realpath(const char *pathname, char *result)

• Rearrange the declaration in /usr/local/src/wu-ftpd-2.4/src/ftpcmd.y. The lines marked with '*' should be towards the top of ftpcmd.y

%union {

char *String;

int Number;

}

* %{

* extern jmp_buf errcatch;

*

* void

* print_groups();

*

* #define CMD 0 /* begginning of command */

* #define ARGS 1 /* expect miscellaneous arguments */

* #define STR1 2 /* expect SP followed by STRING */

* #define STR2 3 /* expect STRING */

* #define OSTR 4 /* optional SP then STRING */

* #define ZSTR1 5 /* SP then optional STRING */

* #define ZSTR2 6 /* optional STRING after SP */

* #define SITECMD 7 /* SITE command */

* #define NSTR 8 /* Number followed by a string */

* #define STR3 9 /* expect STRING followed by optional SP then

STRING */

*

* struct tab {

* char *name;

* short token;

* short state;

* short implemented; /* 1 if command is implemented */

* char *help;

* };

*

* struct tab cmdtab[ ] = { /* In order defined in RFC 765 */

* { "USER", USER, STR1, 1, "<sp> username: },

* ...

* ...

* ...

* };

*

* struct tab sitetab [ ] = {"<sp>

* { "UMASK", UMASK, ARGS, 1, "[ <sp> umask ]" },

* ...

* ...

* ...

* };

* %}

*

%type <String> STRING password pathname pathstring username

%type <Number> NUMBER byte_size check_login form_code mode_code

octal_number

%type <Number> struct_code

%start cmd_list

%%

6.12.3 Build and Install the Code

$./build CC=gcc hpx

$./build CC=gcc install

guestgroup out

class data guest *

class regular real *

class anon anonymous *

tar yes data regular anon

compress yes data regular anon

autogroup ldad data

upload /data /Incoming yes ldad ldad 0666

upload /data /ldad/public/laps yes ldad ldad 0666

upload /data * no

log commands anonymous

chmod no anonymous

delete no anonymous

overwrite no anonymous

umask no anonymous

rename no anonymous

autogroup ldad anon

:.Z: : :/bin/compress -d -c %s:T_REG|T_ASCII:O_UNCOMPRESS:UNCOMPRESS

: : :.Z:/bin/compress -c %s:T_REG:O_COMPRESS:COMPRESS

:.gz: : :/usr/local/bin/gzip -cd %s:T_REG|T_ASCII:O_UNCOMPRESS:GUNZIP

: : :.gz:/usr/local/bin/gzip -9 -c %s:T_REG:O_COMPRESS:GZIP

: : :.tar:/bin/tar -c -f - %s:T_REG|T_DIR:O_TAR:TAR

: : :.tar.Z:/bin/tar -c -Z -f - %s:T_REG|T_DIR:O_COMPRESS|O_TAR:TAR+COMPRESS

: : :.tar.gz:/bin/tar -c -z -f - %s:T_REG|T_DIR:O_COMPRESS|O_TAR:TAR+GZIP

Use "ckconfig" in /usr/local/src /wu-ftpd-2.4/bin directory to check if every required configuration is in place.

Add ftp user in /etc/passwd with this line:

ftp:x:15:15:Anonymous ftp:/data/ldad/./:/bin/false

In /etc/inetd.conf, edit the first line which contains the word "ftp"

ftp stream tcp nowait root /etc/tcpd /etc/ftpd -l

$/sbin/init.d/inetd stop

$/sbin/init.d/inetd start