[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sheflug] Capable dialers?
On Sunday 03 December 2000 8:38 pm, you wrote:
> Hi all
>
> It's been a long time since I had to ask a question about *dialup*... I
> need to set up my dialup router (running Debian) to connect to our backend
> systems at work for on-call support. I seem to have found something that
> I can't do with chat (mainly because the process is detached). We use
> SecureID for logins; it's essentially a one-time password system, each
> password having a lifetime of about 30 seconds. I need to have the system
> prompt me for the password *at the time it's required* - the modem
> negotiation takes so long that I can't put it in at the very beginning.
>
> I normally use pppd with chat for dialup, but it doesn't appear to have
> any way to prompt me for a password even before the process gets detached
> from the terminal (and even if it did, the password would likely have
> expired before the time came to use it). Does anyone know of anything
> else that might suit my needs? I simply refuse to use winduhs :)
>
Yes - *everything* is possible under Linux that can be done under Windblo$e.
;)
Answer - use "dip" not "chat". "dip" can be modded to support SecireID logins.
I use exactly this system for dialup from a laptop to get into the NHS-Net
for remote image viewing. The system origionally supplied was windo$e based
but my colleagues found it so unreliable and SLOW that I replaced the OS on
the laptop with Linux and cobbled together an automated "dip" script to speed
things up. My "dip" script listed below initialises the modem, dials up, does
the primary loging, asks for the "random" part of the secureID code,
authenticates with the dialup server and then performs a secondary login
before starting PPP for full network access....
You need to...
1. Get the dip source code. (I used the source RPM for my distro)
2. As part of this source code there are a few interesting files about
SecureID stuff. In brief, you need to recompile dip with SKey support
enabled. To quote from the dip Makefile:
"
# If you want to include S/Key authentication, un-comment the next
# 2 lines. You will need libskey.a from the skey-linux-1.1b package
# (available on sunsite.unc.edu in
# /pub/Linux/system/Network/sunacm/Programs/User/skey)
"
If you have any trouble getting hold of source and patches, let me know. I
have it all here.
3. Once you have re-compiled and installed your new dip package, your connect
script can look something like: (This is the one I use)
****
#!/bin/bash
killall -9 dip # make sure we are unique..
/usr/sbin/dip -v /usr/local/share/dip/ppp.dip
****
My /usr/local/share/dip/ppp.dip script is more complicated than it needs be
because I have alternate numbers to dial if some are busy, etc...
It looks like:
****
#
# ppp.dip Dialup IP connection support program.
# This file (should show) shows how to use the DIP
# scripting commands to establish a link to a
# static or dynamic IP PPP server.
# This version by Pieter Meiring (April,1999)
#
main:
#
#
# You should set other pppd options in /etc/ppp/options.
# Set the desired serial port and speed.
# Our modem port is /dev/modem.
port modem
#speed 38400
# Go higher if your modem supports it.
speed 115200
# Reset the modem and terminal line.
# This seems to cause trouble for some people!
reset
# This is our local IP address. That should only be used for static
# IP.
# get $local xxx.xxx.xxx.xxx
# That should work on both static and dynamic IP. PPP should know
# how to get the local and remote IP address.
get $local 0.0.0.0
# shell cp /etc/ppp/options.ev /etc/ppp/options
# Note! "Standard" pre-defined "errlevel" values:
# 0 - OK
# 1 - CONNECT
# 2 - ERROR
#
# You can change those grep'ping for "addchat()" in *.c...
chatkey DELAYED 9
# Prepare for dialing.
# Put your own modem initializaion string here.
send ATZ\rATS7=45S0=0L1V1X4&c1E1Q0%C3\r
wait OK 1
if $errlvl > 0 goto modem_trouble
#
dial:
get $number 3
redial:
if $number == 1 goto d1
if $number == 2 goto d2
print Dialing... 012341234
dial 012341234
goto afterdial
d1:
sleep 5
print Dialing... 012341235
dial 012231235
goto afterdial
d2:
sleep 5
print Dialing... 012341236
dial 012341236
afterdial:
if $errlvl == 3 goto incnumber
if $errlvl > 1 goto modem_trouble
# We are connected. Login to the system.
goto login
incnumber:
print BUSY signal received. Trying next number
inc $number
if $number > 3 goto dial
goto redial
#
login:
sleep 2
send \r\n\r\n
wait ID:
send *userid*\r\n # replace with your userid (w/o "*")
securidfixed *1234* # replace with your fixed part (w/o "*")
securid
# Wait for login prompt
wait id: 20
if $errlvl != 0 goto login_error
# Send the login ID.
send *username*\r\n # replace with your username (w/o "*")
# Wai for passwd prompt
wait assword? 20
if $errlvl != 0 goto password_error
# Send the passward.
# This is for SecureID.
#securidfixed xxxx
#securid
send *password*\r\n # replace with your password (w/o "*")
loggedin:
# We are now logged in.
# wait enable 15
# if $errlvl != 0 goto prompt_error
# Say hello and fire up!
done:
print Yippee! We are CONNECTED
mode PPP
goto exit
prompt_error:
print TIME-OUT waiting for the PPP server to fire up...
goto error
login_error:
print Trouble waiting for the Login: prompt...
goto error
password_error:
print Trouble waiting for the Password: prompt...
goto error
modem_trouble:
if $errlvl == 9 goto redial2
print Modem Trouble: Error code: $errlvl
goto error
redial2:
print Modem not ready (Redail delay required)
print 30 second modem delay
sleep 30
goto redial
error:
print CONNECT FAILED to the PPP server.
quit
exit:
reset
sleep 2
exit
****
Hope this is of use.
Pieter.
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word
"unsubscribe" in the body of the message.
GNU the choice of a complete generation.