# # pslave.conf Sample server configuration file. # # Your unit uses a virtual terminal concept. Virtual terminals are # named s1, s2, etc. Every virtual terminal should have a related # physical device tty (without the "/dev/"). The tty parameter # must be configured and must be unique for each virtual terminal. # # There two types of parameters: # # 1) Global parameters # These parameters have the prefix "conf." Example of global parameters # are ethernet ip address, etc. # # 2) Terminal Parameters. # These parameters have prefixes "all.", "s1.", "s2.", etc. # # The "all." entries are used as a template for all virtual terminals. # Setting all.speed to 9600 will set all virtual terminal (s1, s2, # s3, etc.) speeds to 9600. # # Note that you can change the "all." settings one by one. # If the parameter "s4.speed 19200" appears later in the file, all terminals # except s4 will have speed 9600 bps and "s4" will have speed 19200 bps. # # Expansion Variables # # A list of format strings used by some parameters is provided here # for reference. # # %l: login name # %L: stripped login name # %p: NAS port number # %P: protocol # %b: port speed # %i: local IP # %j: remote IP # %1: first byte (MSB) of remote IP # %2: second byte of remote IP # %3: third byte of remote IP # %4: fourth (LSB) byte of remote IP # %c: connect-info # %m: netmask # %t: MTU # %r: MRU # %I: idle timeout # %T: session timeout # %h: hostname # %%: % # Generic SAMPLE: # all async ports at 9600 bps, 8N1, no flow control # Eth IP address 192.169.160.10/24 (MTU=1500) # protocol socket_server # host IP 192.168.160.8/24 # removed: syslogd IP 192.168.160.1 (see syslog-ng.conf) # Radius Server IP 192.168.160.3 (authentication and accounting) # authentication none # # # Ethernet configuration. # # These parameters should only be configured in the file # /etc/network/ifcfg_eth0 _IF_ the customer will not be using the # cy_ras/portslave aplications. If the cy_ras/portslave aplications are _NOT_ # used put all ifconfig commands for the ethernet directly in the # /etc/network/ifcfg_eth0. # # The cy_ras application OVERWRITES the ifcfg_eth0 file with the # values configured here. # # Your unit can request all of its ethernet parameters to a DHCP server. # The administrator can activate the dhcp client with more options changing # the file /etc/network/dhcpcd_cmd. # # Valid values 0: DHCP disabled # 1: DHCP active # 2: DHCP active and the unit saves in flash the last ip assigned # by the DHCP server. # # SEE the manual for more information. # #conf.dhcp_client 2 conf.eth_ip 192.168.250.65 conf.eth_mask 255.255.255.0 conf.eth_mtu 1500 # # Secondary IP address of ethernet # #conf.eth_ip_alias 192.168.161.10 #conf.eth_mask_alias 255.255.255.0 # # Remote Network File System where data buffering will be written instead # of the default directory '/var/run/DB'. The directory tree to which the # file will be written must be NFS-mounted. # # If data buffering is turned on for port 1, for example, the data will be # stored in /tmp/ts_data_buffer/{ttyS1.data | serverfarm} on the machine # with IP address 192.168.160.11. The remote host must have NFS installed # and the administrator must create, export and allow reading/writing to # this directory. # The size of this file is not limited by the value of the parameter # s1.data_buffering, though the value cannot be zero since a zero value turns # off data buffering. # #conf.nfs_data_buffering 192.168.160.11:/tmp/ts_data_buffer # # Lock directory - The lock directory is /var/lock for the unit. # It should not be changed unless the user decides to customize the # operating system. # conf.lockdir /var/lock # # Location of the rlogin binary that accepts the "-i" flag. # conf.rlogin /usr/local/bin/rlogin-radius # # Location of our patched pppd with Radius linked in. # conf.pppd /usr/local/sbin/pppd # # Location of the telnet utility. This can be the system telnet. (Optional) # conf.telnet /bin/telnet # # Location of ssh utility. This can be the system SSH. (Optional) # conf.ssh /bin/ssh # # This parameter is only necessary when authentication is being # performed for a port. When set to one, it is possible to log # in to the unit directly by placing a "!" before your # login name, then using your normal password. This is useful if the # Radius authentication server is down. # conf.locallogins 1 # # the parameter syslog (syslog server) was removed from this file # (see the syslog-ng.conf file). # # Syslog facility for portslave # conf.facility 7 # # Syslog facility for Data Buffering and Alarm # conf.DB_facility 7 # # User groups make the configuration of Port access restrictions # easier. The parameter s.users, that will be explained later, # can be configured using a combination of group names and user names. # #conf.group mkt: paul, sam # #conf.group adm: joe, mark # #s1.users mkt, joe # #s2.users adm, sam # # Speed. All ports are set to 9600 baud rate, 8 bits, No parity, 1 stop bit. # These values can be changed port by port later in the file. # all.speed 57600 all.datasize 8 all.stopbits 1 all.parity none # TS100 ONLY # Media type - define media type and operation mode (half/full) duplex. # # valid values: # rs232 - RS232 (default value). # rs485_half - RS485 half duplex without terminator # rs485_half_terminator - RS485 half duplex with terminator # rs485_full_terminator - RS485 full duplex with terminator # rs422 - alike rs485_full_terminator #all.media rs232 # the parameter syslog_level was removed (see the syslog-ng.conf file) # the parameter console_level was removed (see the syslog-ng.conf file) # # Authentication type - either "local", "none", "remote", # "radius", "local/radius", "radius/local", "RadiusDownLocal", # "TacacsPlus", "local/TacacsPlus", "TacacsPlus/local", # "TacacsPlusDownLocal" or "ldap". # # If the authentication type is configured as "local/radius" the portslave # first tries to authenticate locally. If it fails, portslave will try to # authenticate using the RADIUS server. # # If the authentication type is configured as "RadiusDownLocal" the portslave # first tries to authenticate using the RADIUS server. If the RADIUS server # sends back a rejection, authentication will fail. Local authentication # will be tried only if the RADIUS server is down (timeout). # all.authtype local # # Authentication host and accounting host. Two of each can be configured # per port. The first is tried 'radretries' times before the # second is tried. If 'radretries' is not configured, 5 is used by default. # The parameter 'radtimeout' sets the timeout per query in seconds. # all.authhost1 192.168.160.3 all.accthost1 192.168.160.3 all.radtimeout 3 all.radretries 5 #all.authhost2 192.168.160.4 #all.accthost2 192.168.160.4 # # The shared secret used by RADIUS. # all.secret rad-secret # # Default protocol. # # Valid values are # RAS profile: "slip", "cslip", "ppp", "ppp_only" # TS profile: "login", "rlogin", "telnet", "ssh", "ssh2", "socket_client" # CAS profile: "socket_server", "socket_ssh", "raw_data" # # ppp_only ==> PPP over leased lines (only authentication PAP/CHAP) # # ppp ==> PPP with terminal post dialing (Auto detect PPP) # all.protocol ppp_only # # Default ip address of Linux host to which the terminals will connect. # Used by the protocols rlogin, ssh, socket_client, etc. # all.host 192.168.160.8 # # IP Address assigned to the serial port. # The '+' after the value causes the interfaces to have # consecutive ip addresses. Ex. 192.168.1.101, 192.168.1.107, etc. # # The IP number of a port is used when the RADIUS # server does not send an IP number, or if it tells us to use a dynamic IP no. # all.ipno 192.168.1.101+ all.netmask 255.255.255.255 # # Maximum reception/transmission unit size for the port # all.mtu 1500 all.mru 1500 # # Standard message issued on connect. # all.issue \r\n\ Welcome to terminal server %h port S%p \n\ \r\n # # Login prompt. # all.prompt %h login: # # Terminal type, for rlogin/telnet sessions. # all.term vt100 # # If you want the unit to update the # login records (written to the /var/run/utmp and/or /var/log/wtmp # files), set sysutmp/syswtmp to 1. This is useful for tracking # who has accessed the unit and what they did. # all.sysutmp 1 all.syswtmp 0 all.utmpfrom "%p:%P.%3.%4" # # Use initchat to initialize the modem. # # d == delay (1 sec), p == pause (0.1 sec), l == toggle DTR # r == , l == # all.initchat TIMEOUT 10 \ "" \d\l\dATZ \ OK\r\n-ATZ-OK\r\n "" \ TIMEOUT 10 \ "" ATM0 \ OK\r\n "" \ TIMEOUT 3600 \ RING "" \ STATUS Incoming %p:I.HANDSHAKE \ "" ATA \ TIMEOUT 60 \ CONNECT@ "" \ STATUS Connected %p:I.HANDSHAKE # # Serial port flow control: # hard - hardware, rts/cts # soft - software, CTRL-S / CTRL-Q # none. # all.flow hard # # DCD signal (sets the tty parameter CLOCAL). Valid values are 0 or 1. # In a socket session, if all.dcd=0, a connection request (telnet or # ssh) will be accepted regardless of the DCD signal and the connection # will not be closed if the DCD signal is set to DOWN. # In a socket connection, if all.dcd=1 a connection request will be # accepted only if the DCD signal is UP and the connection (telnet or # ssh) will be closed if the DCD signal is set to DOWN. # all.dcd 1 # # DTR_reset - used as a flag to turn off or on DTR signal in CAS profile. # If set to 0, this parameter will NOT be active. This may be # dangerous when a user connects to a port that a previous user # was on but had lost the session after a timeout. The user may # directly connect into the previous user's shell. If it is anything # greater than 0, the value represents the time that DTR will be off # before it is turned on again. A minimum of 100ms is required. # all.DTR_reset 100 # # PPP options - used if a PPP session is autodetected. # Note that mru and mtu are both set to the MTU setting. # Callback server is enabled when cb-script parameter is set. # all.autoppp %i:%j novj \ proxyarp modem asyncmap 000A0000 \ noipx noccp login auth require-pap refuse-chap \ mtu %t mru %t \ ms-dns 192.168.160.5 ms-dns 0.0.0.0 \ # cb-script /etc/portslave/cb_script \ plugin /usr/lib/libpsr.so # # PPP options - User already authenticated and service type is PPP. # all.pppopt %i:%j novj \ proxyarp modem asyncmap 000A0000 \ noipx noccp mtu %t mru %t netmask %m \ idle %I maxconnect %T \ ms-dns 192.168.160.5 ms-dns 0.0.0.0 \ plugin /usr/lib/libpsr.so # # When not set to zero, this parameter sets the wait for a TCP connection # keep-alive timer. If no traffic passes through the unit for # this period of time (ms), the unit will send a modem status # message to the remote device to see if the connection is still up. # #all.poll_interval 1000 # # Transmission interval - Controls the interval between two consecutive data # packets transmitted to the Ethernet. Only valid for # protocols socket_server, raw_data, and socket_client. # # Valid values : 0 - transmit packet immediately (no interval). # 10, 20, 30, ... interval in milliseconds. # #all.tx_interval 100 # # Inactivity timeout - Defines the time in minutes that a conection can # remain without activity (rx/tx). Only for CAS profile # and socket_client protocol. # #all.idletimeout 5 # This defines an alternative labeling system for the ports on the unit. # This parameter is used by the protocols telnet, socket_client and # socket_server. It is mandadory if the protocol is socket_server, otherwise # 23 will be used. # # The '+' after the numerical value causes the interfaces to be numbered # consecutively. Ex. 7001, 7002, 7003, etc. # all.socket_port 7001+ # Data buffering configuration # # A non-zero value activates data buffering. The number is equal to the # buffer size. A file /var/run/DB/{ttyS#.data | serverfarm} is created on # the unit and all data received from the port is captured. # The files for all buffered ports combined can contain up to the amount # of available memory in the ram disk. This amount can be discovered # by typing: "df". # Each file is a revolving file which is overwritten as the limit of buffer # size is reached. These files can be viewed using the normal Unix tools # (cat, vi, more, etc.). # If there is not enough available ram disk, NFS_buffering can be used. There # is effectively no limit to NFS buffer size. # all.data_buffering 0 # # DB_mode - Valid only when there is NO session (telnet/ssh/raw) established # to the serial port; When configured as cir for circular # format, the buffer is like a revolving file that is overwritten whenever # the limit of the buffer size (as configured in all.data_buffering or # s.data_buffering) is reached. When configured as lin for linear forma t, # once 4k bytes of the Rx buffer in the kernel is reached, a flow control stop (RTS off # or XOFF-depending on how all.flow or s.flow is set) is issued to prev ent # the serial port from receiving further data from the remote. Then when a # session is established to the serial port, a flow control start (RTS on or XON) # will be issued and data reception will then resume. If all.flow or s. flow # is set to none, neither linear nor circular buffering is possible. # Default is cir. all.DB_mode cir # # When non-zero, the contents of the data buffer are sent to the syslog # server every time a quantity of data equal to this parameter is collected. # [40 to 255 recomended] # # The syslog level in syslog-ng.conf should be greater than or equal to 5. # all.syslog_buffering 0 # # Alarm configuration # # A non-zero value activates alarm. All data received from the port is # captured and sent to syslog-ng with facility LOCAL[0+DB_facility] and # priority INFO and the format of the message is "ALARM (ttySx) [data]" # all.alarm 0 # # Controls the presentation of the Data buffering menu # # MENU: # "A non-empty Data Buffering File was found. Choose wich action # should be performed ( (I)gnore, (D)isplay, (E)rase or (S)how and erase ) :" # # valid values: # 0 - Shows the menu with all options. # 1 - Doesn't show the menu and any non empty data buffering file # 2 - Doesn't show the menu but shows a non empty data buffering file # 3 - Shows the menu without the options "erase" and "show and erase". # #all.dont_show_DBmenu 1 # # Data Buffering timestamp # # If enabled (1) the unit will add a timestamp to each line written # in the data buffering file. A line is delimited by any combination # of LF and CR. Also, syslog data buffering will be written line by line # suppressing all LFs and CRs. # #all.DB_timestamp 1 # # # Setting options for a terminal port # # When enabled and set with options, the terminal I/O is set with the # options specified. # The following example sets: # -igncr: Do not ignore the carriage-return on input. # -onlcr: Do not map newline character to a carriage-return/newline # character sequence on output. # opost: Post-process output # -icrnl: Do not map carriage-return to a newline character on input. # Make sure there is a space between each option. # #all.sttyCmd -igncr -onlcr opost -icrnl # # Send Break to the TTY when this string is received (ssh only). # all.break_sequence ~break # # Authentication of RADIUS users registered without passwords # # When enabled (value 1) and a user registered in # the RADIUS database with a blank password tries to log in, the user # is authenticated. This is a very weak level of security since # a user would only need to know that a particular username exists. # This does not affect RADIUS users registered with passwords. # all.radnullpass 0 # # Automatic User Definition (more useful when used with a specific port) # # This parameter is only used if the port is configured as a Terminal Server (TS profile) # (login, telnet, rlogin, ssh and ssh2) and authentication type 'none'. # #all.userauto edson # # Port access restriction (more useful when used with a specific port). # A single comma and spaces/tabs may be used between names. # A comma may not appear between the ! and the first user name. # The users may be local or RADIUS. # # In this example, the users joe and mark CANNOT access any serial port # #all.users ! joe, mark # # In this example, ONLY the users joe and mark CAN access any serial port # #all.users joe, mark # # Serverfarm is an alias name for a server connected to the unit # through one of its serial ports (only useful if assigned to a specific port). # This alias is used as the name of the data buffering file, and in the ssh # command to select a serial port that would be configured as "socket_ssh". # # The value entered here should be the same as used in the ssh command. Ex. # # ssh -t :@ or # ssh -t -l : # #s1.serverfarm server_connected_to_serial1 # # Sniff session mode (in, out, i/o). With this parameter the user can select # which data will be sent to the monitor. The default is "out". # all.sniff_mode out # # Multiple sessions (yes, no). Enable this parameter to allow multiple # sniffers or read/write sessions at the same tty port, when the port # protocol is "socket_server", "socket_ssh" or "raw_data". # # Also, the parameter admin_users must be filed out. # #all.multiple_sessions no # # Escape character (^a,...,^z). This parameter determines which character # must be typed to make the session enter into "menu mode". The possible values # are to , and it is only valid when the port protocol is # "socket_server" or "socket_ssh". # #all.escape_char ^z # # Users that are allowed to sniff sessions (administrator). This field has # the same format as "all.users", but the '!' should be used used with CAUTION. # # In this example, ONLY the users joe, mark, and peter CAN access any # serial port (to create first session) but ONLY the user peter can # sniff or cancel another session. # #all.users joe, mark #all.admin_users peter # # Port-specific parameters # s1.tty ttyS1 s2.tty ttyS2 s3.tty ttyS3 s4.tty ttyS4 s5.tty ttyS5 s6.tty ttyS6 s7.tty ttyS7 s8.tty ttyS8 s8.speed 57600 s8.datasize 8 s8.stopbits 1 s8.parity none s8.authtype local s8.protocol ppp_only s8.initchat TIMEOUT 10 \ "" \d\l\dATZ \ OK\r\n-ATZ-OK\r\n "" \ TIMEOUT 10 \ "" ATM0 \ OK\r\n "" \ TIMEOUT 3600 \ RING "" \ STATUS Incoming %p:I.HANDSHAKE \ "" ATA \ TIMEOUT 60 \ CONNECT@ "" \ STATUS Connected %p:I.HANDSHAKE s8.flow hard s8.dcd 1 s8.autoppp %i:%j novj \ proxyarp modem asyncmap 000A0000 \ noipx noccp login auth require-pap refuse-chap \ mtu %t mru %t \ ms-dns 192.168.160.5 ms-dns 0.0.0.0 \ # cb-script /etc/portslave/cb_script \ plugin /usr/lib/libpsr.so s8.pppopt %i:%j novj \ proxyarp modem asyncmap 000A0000 \ noipx noccp mtu %t mru %t netmask %m \ idle %I maxconnect %T \ ms-dns 192.168.160.5 ms-dns 0.0.0.0 \ plugin /usr/lib/libpsr.so s9.tty ttyS9