User-Specific Remote Access Security

Use the procedure to set the following user-specific remote access information:

• Whether a user can change the Remote Client password
• How often the user must change the Remote Client password (in days)
• Idle timeout
• Maximum connection time
• Dialback mode
• Whether to use the global dial-out restrictions or create a restriction list

NOTE:  For a container object, you can only configure idle timeout.

To specify security parameters for individual users, complete the following steps:

1. Select Configure Security from the Remote Access Options window.

   The Configuration Options window is displayed.

2. Select Set User Parameters.

   A list of authorized users is displayed.

   If users are distributed over multiple contexts, select the double period (..) to move up the Directory tree to a common branch. Select any other container object to move down the tree.

   If the CONNECT object does not have Browse rights to move up the Directory tree, press Ins and enter the new Directory context. This allows you to jump to another branch of the tree where the CONNECT object does have rights.

3. Select the name of the user that you want to customize.

   The User Parameters window is displayed for that user.

   As a remote access server administrator, you can configure user parameters if the CONNECT object, in addition to having Browse and Read attribute rights, has Write attribute rights to the container in which the username resides.

   When a user's account is disabled by intruder lockout or an expired password, modify one of the parameters in this window or the Remote Client password to reenable the account.

4. Select Allow User to Change Remote Client Password, and specify Yes or No to allow or disallow the user to change the password.

5. Select Disable Remote Client Password After Number of Days and enter a value between -1 and 365 days.

   A value of -1 indicates no limit. The default value is 30 days, indicating that the user must change the password once every 30 days. A value of 0 indicates that the user will be disconnected immediately after dialing in.

6. Select Specify Idle Timeout and specify Yes or No. If you select Yes, enter a value between -1 and 100,000 minutes.

   The default value of -1 indicates that the idle timer is not set and connections can remain idle for any amount of time. The timer is reset whenever data is sent or received through the port, including any broadcast or watchdog traffic. A value of 0 means that the idle timeout occurs immediately. You can set this value for a user or container object.

7. Select Use Default Maximum Connection Time and specify Yes or No. If you select No, enter a value between -1 and 100,000 minutes.

   A value of -1 allows the user to remain connected indefinitely. The default is 0 minutes. Setting the maximum connection time to 0 immediately disconnects the user when the user dials in. Changing the value does not affect current connections. The default maximum connection time is specified when global security is set.

   NOTE:  If the remote client is configured and has negotiated short-hold with the server, both the Idle Time Before Temporary Disconnect and Maximum Call Suspension timers are used (refer to Specifying ISDN Short-Hold Parameters). The other timers associated with the connection, Default Maximum Connection Time and Idle Time Before Disconnection (each configured on a global or individual user basis), are ignored.

   If the remote client does not negotiate short-hold with the server, both the Idle Time Before Disconnection and Maximum Call Suspension timers are ignored. The other timers associated with the connection, Default Maximum Connect Time and Idle Time Before Disconnection, are used.

8. Select Dialback Mode and press Enter.

   1. Select one of the following modes:

      • Use Global Default Dialback Mode---The default dialback mode specified for global remote access security is used. Skip to Step 9.
      • No Dialback Allowed---Dialback is disabled for this user. Skip to Step 9.
      • Force Dialback to a Specific Number---Remote access dials the caller back at a preselected telephone number. Enter a dialback number for the caller. If you select this option, make sure that the user does not specify a dialback number when establishing the connection (specify a blank in the DOS and Windows Dialers for NetWare Connect 2.0). Continue with Step 9.
      • Allow User to Request Dialback to Any Number---The user can request remote access to dial back to any number specified at connection time. Continue with Step 9.
      • Force Dialback to a Caller-Specified Number---The user is required to use the dialback feature. The dialback number is not preconfigured on remote access. The caller specifies the dialback number at connection time. Continue with Step 9.

   2. Specify a port for dialing back.

      To have remote access dial back on the same port that the caller used to dial in, select Use Dial-In Port for Dialback and specify Yes.

      To have remote access dial back to a port group, select Dialback Port Group, press Enter, and specify a port group.

9. To set dial-out restrictions, select Use Global Dial-Out Restrictions and specify No.

   The Restriction List field is displayed.

   1. Press Enter.

      A list of authorized dial-out numbers is displayed. Initially, the default Any Number is displayed, indicating that the user can dial out to any number.

   2. Press Ins.

   3. Enter a dial-out number.

      The user is restricted to that dial-out number. Enter an invalid phone number to prevent a user from dialing out to any number at all. This restriction applies only if you use modem-independent groups.

      Press Ins again to add another number. You can add or delete phone numbers. Use the F5 key to select and delete multiple entries. Deleting the last number in the list redisplays the Any Number entry.

10. Press Esc to exit and save your user security settings.