Left Up Right PPP-Protokoll

CallBack-FAQ

Das Callback-System unterbricht danach die Verbindung und ruft die mit dem Namen verbundene Telefonnummer zurück. Da nur registrierte Benützer mit diesem Verfahren von Modemanschlüssen auf das UniNetz gelangen wird eine maximale Sicherheit erreicht.
1.) Warum wird CallBack verwendet?
- Sicherheitsfeature - Kostenverlagerung von Client zum Server
2.) DesignRules
CallBack erst nach erfolgreicher Authentisierung When Callback is successfully negotiated, and authentication is complete, the Authentication phase proceeds directly to the Termination phase, and the link is disconnected.
3.) Terminologie
4.) Realisierung in drei Stufen:
4.) CallBack-Spezifikationen
5.) Was ist bei CLID-CallBack zu beachten?
wichtig ist clientseitig die korrekte MSN bzw. EAZ anzugeben.
6.) Wie konfiguriert man WinNT 4.0 Server als Callback-Server?
7.) Wie konfiguriert man WinNT 4.0 Workstation als Callback-Client?
8.) Wie konfiguriert man LINUX als CallBack-Client fuer MS-WinNT CallBack-Server?
pppd can be compiled with CBCP support as client only, which allows to connect to WinNT servers, but not act as server with CBCP support for Windows clients. Jan Kratochvil wrote some code for pppd-2.3.5 to enhance it by server side support
9.) Wie konfiguriert man LINUX als CallBack-Server
10.) LINUX-CallBack-Server auf Basis von interaktive TerminalServerLogin
However, callback from Linux box to different clients can be organized quite easily without CBCP, if you use mgetty. Then you can start PPP after callback. No need in additional software, utilite callback from mgetty package enough. You have only edit /etc/mgetty/login.config and modify Windows client side.
11.) Configuring client side
On client side you have to add &C to modem init string and edit (or create) dial script (Windows). Win95 and Win98. Open "Control panel" -> "Modems" -> "Properties" -> "Advanced" -> "Extra settings" and add there &C.
12.) CallBack-Varianten bei WinNT-RAS-Server
13.) CallBack-Client und "NO CARRIER"
I have also added "&c0" in Advanced Extra Settings for the modem, so that it should not detect a "NO CARRIER". 
This feature implements the following callback specifications of RFC 1570:
For the client---Option 0, location is determined by user authentication
For the server---Option 0, location is determined by user authentication; Option 1, dialing string; and Option 3, E.164 number.
Return calls are made through the same dialer rotary group but not necessarily the same line as the initial call. 


MS Callback
MS Callback provides client-server callback services for Microsoft Windows 95 
and Microsoft Windows NT clients. MS Callback supports the Microsoft
Callback Control Protocol (MSCB). MSCB is a Microsoft proprietary protocol 
that is used by Windows 95 and Windows NT clients. MS Callback supports
negotiated PPP Link Control Protocol (LCP) extensions initiated and agreed 
upon by the Microsoft client. The MS Callback feature is added to existing 
PPP Callback functionality. Therefore, if you configure your Cisco access 
server to perform PPP Callback using Cisco IOS Release 11.3(2)T or later, 
MS Callback is automatically available.

MS Callback supports AAA security models using a local database or AAA server.

MSCB uses LCP callback options with suboption type 6. The Cisco MS Callback 
feature supports clients with a user-specified callback number and server
specified (preconfigured) callback number.

MS Callback does not affect non-Microsoft machines that implement standard 
PPP LCP extensions as described in RFC 1570. In this scenario, MS Callback is
transparent.

The following are restrictions of the MS Callback feature: 
- The Cisco access server and client must be configured for PPP and PPP Callback.
- The router or access server must be configured to use CHAP or PAP authorization.
- MS Callback is only supported on PSTN (Public Switched Telephone Network) and ISDN links.
- MS Callback is only supported for IP.



callback-4_24.tar.gz
Title        = Callback package for Linux
Version      = 4.xx 
Desc1        = This package allows callback for Linux systems which are
Desc2        = equipped with a modem. Prerequisite: mgetty
Desc3        = The package contains three programs:
Desc4        = cblogin, a login-program for dial-in connections,
Desc5        = cbmgetty, a pseudo-getty and cb, a callback control unit.


# /etc/ppp/pap-secrets 
# Secrets for authentication using PAP
# fuer LINUX-CallBack-Client
# client        server  secret                  IP addresses
# Hinruf
"jan"     "*" "geheimespasswort"
# Rückruf
"ascend3" "*" "nocheinpasswort"   *


Callback Control Protocol


   The Callback Control Protocol is always initiated by the Answerer.
   Here is an example of such a dialog:


        Caller                                              Answerer
        ------                                              --------

                            Callback Request
                <-----------------------------------------
                  These are the callback options you have:

                  1) Caller will not be called back.
                  2) Caller MAY specify the address at which it
                     wishes to be called back at.


                            Callback Response
                ----------------------------------------->
                     Caller wants to be called back at xxxx.


                            Callback Ack
                <-----------------------------------------
                     OK, Caller will be called back at xxxx.
                   Disconnect and prepare to receive a call.



   In the Callback Phase, the Answerer will send a Callback Request
   listing the callback options available to the Caller.  Additional
   Callback Request packets MUST be sent until a valid Callback Response
   packet is received, or an optional retry counter expires.  If the
   retry counter expires, the implementation MUST terminate the link and
   MUST NOT proceed to the NCP phase.  

   The Caller will respond with a Callback Response listing only the 
   option (taken from the list of options sent by the Answerer) that it 
   wishes to use. The data of the option MAY be modified.

   If the Callback Response sent back by the Caller is valid and
   acceptable to the Answerer, it will respond with a Callback Ack.  Upon
   receiving the the Callback Ack the Caller should proceed to the Link
   Termination phase and prepare to receive a call.

   The only exception to the above occurs if the Caller requested not to
   be called back and the Answerer responded with a Callback Ack then both
   peers MUST proceed to the NCP phase.

   If the Callback Response contains any invalid or unacceptable data,
   the Answerer MAY terminate the link, or resend the Callback Request.
   The Answerer MUST NOT proceed to the NCP phase.

   Because the Callback Ack send to the Caller may be lost the Answerer
   MUST wait for the Caller to send a LCP Terminate-Req or to resend the
   Callback Response.


Terminology
   caller    The end of the link that initiated the connection.
   answerer  The end of the link that accepted the connection.
   peer      The other end of the point-to-point link.


LINUX-CallBack-Client to WinNT-RAS-CallBack-Server
 It needs to be compiled into pppd, it's not compiled in by default, but if it came with a distribution it may already be there.  The pppd source code is at cs.anu.edu.au in
 pub/software/ppp and the README.cbcp in the source code describes what you need to do to compile CBCP into pppd. 
  
 The single (undocumented) option is "callback ", and using pppd with NT has a problem during the call back unless the option "receive-all" is used.
  
 The "receive-all" option was not in 2.3.5 but is in 2.3.7 and greater. 
  

=========================================================================================
Subject:
Re: RAS callback problem
Date: 03/22/2000
Author:  Clifford Kite 

 Anders ?stling  wrote:
  
 > I have a problem with MSCHAP negotiation during callback. My home system
 > (Mandrake 7.0/pppd 2.3.11 compiled with MSCHAP and CBCP)
 > dials the NT RAS server, negotiates using CHAP successfully and then
 > hang up. When the callback occurs, pppd attempts to do PAP
 > authentication only and gives up after a number of attempts.
  
 Two things:
  
 o  Mgetty AutoPPP is intended to answer calls for PPP connections and   authenticate the peer using PAP which is what the last log showed   was happening.  The NT
 RAS wants no part of having to authenticate   itself to you.  The mgetty AutoPPP may work for what you want to   do by adding the "noauth" option to the login.config
 AutoPPP line. 
  
   Otherwise you likely need to make another arrangement to answer   the callback.  In that case there is a callback script in the file   RAScb.gz at http://inetport.com/~kite/
 that may help.
  
 o  You'll need to add the pppd option "receive-all" to the login.config   AutoPPP line, or to a callback script.
  
 -- 
 Clifford Kite                   Not a guru. (tm)
 /* Editing with vi is a lot better than using a huge swiss army knife.
    Use =} to wrap paragraphs in vi.  Or put   map ^] !}fmt -72^M   in
    ~/.exrc and use ^] to wrap to 72 columns or whatever you choose. */
=========================================================================================

 2. Johannes Endres: (je)


Linux-PPP mit Call-Back
Praxis, Hotline, RAS, Remote Access Server, Windows NT, R=FCckruf, pppd, CBCP
(c't 1/1999, Seite 144)

 4. Johannes Endres: (je)


Mac per PPP am NT-Server
Praxis, Hotline, Remote Access Server,Callback Control Protocol,Rückruf,CBCP,Wondows NT
c't 3/98, Seite 161
=========================================================================================

Also check the following in your client DUN session:
 - In Server Type
   Dial-Up Server Type --> PPP: Windows 95, Windows NT, Internet - In Scripting
   No script file
 - In General -> Modem properties -> Options -> No brings up windows before/after connection.
  

=========================================================================================
'Callback-Feature' (Rueckruf durch Windows NT Server): 
     Viele Windows NT Server verwenden das sogenannte "Microsoft Call Back Configuration Protocol' (CBCP) um einen zusaetzlichen Sicherheitsstandard zu
     erreichen: der betreffende Windows NT Server wird so konfiguriert, dass er nach der ersten Kontaktaufnahme unter einer bestimmten Telefonnummer
     zurueckruft. 
     Hierfuer gibt es aber zwei verschiedene Varianten: 
          den "User-Defined" Callback: dem betreffenden Windows NT Server wird bei der Kontaktaufnahme eine vom Client vorgegebene Telefonnummer
          uebergeben, unter der dieser dann zurueckruft. 
          den "Admin-Defined" Callback: der betreffende Windows NT Server ruft unter einer vom verantwortlichen NT-Administrator fest vorgegebenen
          Telefonnummer zurueck. 
     Die Einstellungen hierfuer werden auf der NT-Maschine im "User Manager" unter "User Properties" im Menuepunkt "Dialin" (Dialin Information)
     getroffen. Ein aktives "Set By Caller" bezeichnet den "User-Defined" Callback; ein aktives "Preset To:" (mit nachfolgender Zieltelefonnummer) den
     "Admin-Defined" Callback. 

=========================================================================================
Die Geschwindigkeitseinstellung der seriellen Schnittstelle wird auf 115200 Baud 
(fuer Modemverbindungen 28.8k/komprimiert) heraufgesetzt: 
 setserial /dev/ttyS0 spd_vhi
Diese Einstellung kann natuerlich auch permanent beim Systemstart vorgenommen werden 
(in der Datei /sbin/init.d/serial).
Check the serial port configuration. 
In Linux: 
 To check, setserial -g /dev/ttyS? 
 To reconfigure, setserial -b /dev/ttyS1 irq 3 autoconfig 
=========================================================================================
Configuration 3: PPP connection in Windows NT with CHAP authentication and
                 automatic callback through the Windows NT Server
_______________________________________________________________________________

It is set the above mentioned patched 'pppd' version and used in addition
the Callback Feature.

The Windows NT server's dialling takes place according to
the preceding pattern. To activate the automatic callback, the 'pppd' 
must be informed about the -variable- user-defined phone number under the 
Windows NT callback. This takes place with the option "cb", that is 
installed in the dialling script:
_______________________________________________________________________________
#!/bin/sh
# Establishing a PPP connection
# to a Windows NT Server under CALLBACK mode use
phone="cb 555111"
/usr/sbin/pppd 38400 connect '/usr/sbin/chat -v -f $HOME/win_nt.chat' \
    lock $phone
_______________________________________________________________________________
file: dial_win_nt.callback

To take the arrived callback correctly, a corresponding 'mgetty' 
process for the interface must be defined for this purpose through an 
entry to the file /etc/inittab. This 'mgetty' process is activated in the 
next system start and takes the 'pppd' programmes' call in an arrived PPP 
connection.
_______________________________________________________________________________
mo:23:respawn:/usr/sbin/mgetty -x 6 -s 38400 ttyS0
_______________________________________________________________________________
Exit file /etc/inittab
_______________________________________________________________________________
Parameter description exit file /etc/inittab :
-s            :   sets the port speed to be used 
                         e.g.: 38400 Baud
ttyS0                :   defines the interface to be addressed
                         ( ttyS0 = COM1 ) 
-x 6                 :   sets the debug mode. The debug informations 
                         are filed in the file /tmp/log.mg.
                         (/tmp/log.mg.ttyS0)
_______________________________________________________________________________

In the 'mgetty' configuration file /usr/etc/mgetty+sendfax/mgetty.config 
is fixed to use only the modem mode in an arrived connection.
_______________________________________________________________________________
# ----- port specific section -----
# Here you can put things that are valid only for one line, not the others
# USR Sportster Vi 28.8, connected to ttyS0: don't do fax
port ttyS0
data-only y
rings 2
_______________________________________________________________________________
Exit file /usr/etc/mgetty+sendfax/mgetty.config
_______________________________________________________________________________
Parameter description exit file /usr/etc/mgetty+sendfax/mgetty.config :
 port ttyS0           : Specific interface definitions for
                        port ttyS0 ( = COM1 )
 data-only y          : specifies the class of the modem connected to the 
                        declared port:  
                        no use from FAX mode, only data mode
 rings             : defines the RING messages' number that are 
                        waited for until 'mgetty' lifts the modem up
_______________________________________________________________________________
Informatik- und Netzwerkverein Ravensburg e.V Walter Jäger