Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home

HP-UX AAA Server A.06.00 Administration and Authentication Guide: HP-UX 11.0, 11i v1
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
   
 

HP Part Number: T1428-90025

Published: E0403

© Copyright 2003 Hewlett-Packard Company.

Table of Contents

About This Document
Intended Audience
New and Changed Documentation in This Edition
Publishing History
What's in This Document
Typographical Conventions
Related Documents
HP Encourages Your Comments
I Part — Introduction
1 Overview: The HP-UX AAA Server
RADIUS Overview
Server Compatibility
RADIUS Topology
Establishing a RADIUS Session
Supported Authentication Methods
RADIUS Data Packets
Shared Secret
Product Structure
AAA Servers
AAA Server Manager Program
Accessing the Server Manager
Securing Server Manager Communication with HTTPS
HP-UX AAA Architecture
Configuration Files
AATV Plug-Ins
The Software Engine: Finite State Machine
HP-UX AAA Server Commands, Utilities & Daemons
How The Software Handles An Access-Request
Load Balancing and Failover
Authentication to Verify the Client and User
Authorization to Control Sessions and Access to Services
Simple Network Management (SNMP) Support
Setting Up SNMP to Monitor the HP-UX AAA Server
Session Logs For Accounting
Basic Server Security
II Part — Administration
2 Configuration Screens
Overview
Access Device
Navigating the Define Access Device Screen
Creating or Modifying an Access Device
Deleting an Access Device
DNS Names
Proxies
Navigating the Define Access Device Screen
Creating or Modifying a Proxy
Deleting a Proxy
Local Host Entry
DNS Names
Realms
Navigating the Local Realms Screen
Creating or Modifying a Realm
Deleting a Realm
Special Entries
Users Files
Navigating the Define Users Screen
Adding or Modifying a User Profile
Deleting a User Profile
Special Entries
Server Properties
Navigating the Server Properties Screen
Modifying a Server Properties
General Server Performance Properties
Network, DNS, and Other External Properties
3 Server Connections
Overview
Establishing and Maintaining a Connection
Navigating the Connected AAA Servers Screen
Creating a New Server Connection
Modifying a Server Connection
Deleting a Server Connection
Managing Multiple Servers
4 Startup and Testing
Starting AAA Servers Using Server Manager
AAA Server Start Options
Starting AAA Servers From the Command Line
Configuring the AAA Server to Automatically Start Upon System Reboot
Stopping or Restarting AAA Servers
Using Server Manager
From the Command Line
Adding a AAA Server to Your Network
Testing The Server
Checking Server Status Using Server Manager
Generic Test Procedure
Reading Server's Local Time Using Server Manager
5 Session Management
Session Logs
Displaying a Session
Stopping a Session
Session Limits
Setting Limits on a User-by-User Basis
Setting Limits for Users on a Global Basis
6 Access Devices and Proxies
Setting Up Access Devices
Adding a Device to Your Network
Proxying
Forwarding Authentication Requests
Changing RADIUS Port Numbers
Forwarding Accounting Requests
7 Logging and Monitoring
Overview
Server Log Files
Using Server Manager to Retrieve Logfile Information
Using Server Manager to Retrieve Statistics
Server Sessions
Using Server Manager to Retrieve Session Information
Accounting Log Files
Using Server Manager to Retrieve Accounting Logfiles
Format of Accounting Records in the Default Merit Style
Writing Livingston CDR Accounting Records
Livingston CDR Session Record Format
Changing the Accounting Log Filename
Changing the Accounting Log Rollover Interval
8 Troubleshooting
Overview
Debug Output
Error Messages
Log File Error Messages
Error messages on the screen
radiusd Error Messages
Server Reply Messages
III Part — Managing and Authenticating Users
9 Defining User Profiles
Storing User Profiles
Storing User Profiles in the Default Users File
Grouping Users by Realm
10 ProLDAP™
Overview
Related LDAP Documentation
LDAP Server Compatibility
Authentication And Policy With ProLDAP
The LDAP Information Model
Creating an LDIF File
Using Indirection
Dynamic Access Control Decisions
Configuring the HP-UX AAA Server Software
Definition and Values for Configuring Realms for ProLDAP
Configuring the LDAP Server
ProLDAP Sample LDIF File
Related AATV Plug-In Modules
ProLDAP AATV
CHK_DENY AATV
POLICY AATV
11 Oracle
Overview
Related AATV Plug-In Modules And Processes
The db_srv Package
Oracle Compatibility
The Oracle Database Structure
The Oracle Information Model
Creating an Oracle Table for Authentication
Setting Up the AAA Server And The Oracle Database
Configuring the HP-UX AAA Server Using Server Manager
Configuring the HP-UX AAA Server from the Command Line
Configuring the Oracle Database
Configuring and Running the db_srv Daemon
Scripts
12 Extensible Authentication Protocol (EAP)
Overview
Related Actions and Processes
EAP Compatibility
Configuring the HP-UX AAA Server for EAP
Storing Wireless User Profiles Locally
Storing Wireless User Profiles in an External Database
Configuring the HP-UX AAA Server for EAP from the Command Line
13 SecurID
Overview
Related Documentation
Authentication Of User's
Configuring SecurID Authentication
Configuring the AAA Server for RSA Authentication
Identifying SecurID Users by User Name with Server Manager
Identifying SecurID Users by Realm with Server Manager
Configuring the ACE/Server
Synchronizing the AAA Server with the ACE/Server
Adding SecurID Users
IV Part — Reference
14 The Finite State Machine (FSM)
Overview
States
Using Xstring to call Policy
Using Xstring to Call an Alternate authfile
Event Names
Predefined Names
Creating New Names
Actions
Predefined State Tables
Custom State Tables
Tracking Versions
Examples
Interim Logging
Custom Logging Format
Proxy Accounting Messages
Configuring an Accounting-only Proxy
DNIS Routing
Dynamic Access Control
15 Configuration Files
Overview
HUP Processing
aaa.config
General Server Performance Variables
Network, DNS, and Other External Variables
Server Load-Related Variables
Tunneling Hints
clients
Syntax of a Client Entry
Local Host Entry
DNS Names
Examples
authfile
Syntax of a Realm Entry
Special Entries
users
Syntax of a User Entry
Special User Name Entries
Example User Entries
dictionary
Attribute Entries
Pruning Expressions
Value Entries
las.conf
LAS Session Timing Parameters
Tokenpool Configuration
Realm Configuration
vendors
log.config
Syntax of a Stream Entry in log.config
Default Entry
End Entry
Logging Multiple Streams
iaaaAgent.conf
Realm Files
Decision Files
Expressions
Specifying Attributes in Group Entries
Using Indirection
Example Group Entries
16 Command Line Utilities
radcheck: For Checking AAA Server Status
Reply Messages, without debug flag
Exit Codes
radpwtst: For Testing Authentication
Message
Example
Exit Codes
sesstab: For Viewing Active Session Information
radrecord: For Reading and Printing Session Logs
Messages
raddbginc: For Setting Debug Output
Debug Levels
17 Attribute-Value Pairs
Overview
Specifying Attribute-Value Pairs
Attribute-Value Formats
Examples
Tagged Attributes
Attributes in User Profiles
Configuration Attributes
LAS Configuration
Check (and Deny) Items
Attributes Concerning the NAS
Other Attributes
Reply Items
General Attributes
Attributes Concerning Login Users
Attributes for Framed Users
Tunneling Attributes
Other Attributes
Attributes in Accounting Records
Additional Session Information
18 MIB Objects
Overview
MIB Objects
Glossary of Terms
Index

List of Figures

1-1 Generic AAA Network Topology
1-2 Client-Server RADIUS Transaction
1-3 RADIUS Request/Reply Message Format
1-4 Attribute-Value Pair Format
1-5 The Server Manager User Interface
1-6 Authentication Process
1-7 Default FSM State Transitions
1-8 Default Action Sequence
1-9 Authentication Steps
1-10 Authorization Steps
2-1 Server Manager's Load Configuration Screen
2-2 Server Manager's Save Configuration Screen
2-3 Server Manager's Access Device Screen
2-4 Server Manager's Access Device Attributes Screen
2-5 Server Manager's Access Device Deletion Screen
2-6 Server Manager's Proxy Screen
2-7 Server Manager's Proxy Attributes Screen
2-8 Server Manager's Local Realms Screen
2-9 Server Manager's Local Realm Attributes Screen
2-10 Server Manager's Local Realms Deletion Screen
2-11 Server Manager's Users Screen
2-12 Server Manager's General User Attributes
2-13 Server Manager's Free User Attributes Screen
2-14 Server Manager's User Deletion Screen
2-15 Server Manager's Server Properties Screen
2-16 Server Manager's Modify Server Variable Screen
3-1 Server Manager's Connected Server Screen
3-2 Server Manager's Add Server Connection Screen
3-3 Server Manager's Delete Connection Screen
3-4 Server Manager's Server Status Frame
4-1 Return Value After Successfully Starting a AAA Server
4-2 Server Manager's Start Options Screen
4-3 Algorithm for Determining Which FSM to Load
4-4 Server Manager's Status Options Screen
5-1  Sessions Search Filter Screen
5-2  Example Return for a Sessions Search
5-3  Example of a Session's Attributes
5-4  The General Options on the User Attributes Screen
5-5 The Framed Options on the User Attributes Screen
5-6 The Others Options on the User Attributes Screen
5-7 The Free Options on the User Attributes Screen
6-1  Access Device Attributes Screen
6-2 Proxy Set-up
6-3  Add Proxy Screen from Server Manager's Proxies Link
6-4  Proxy Realm Screen
7-1 Server Manager's Logfile Screen
7-2 Server Manager's Statistics Screen
7-3 AAA Server Statistics Example
7-4 Server Manager's Session Screen
7-5 Accounting Logfile Search Screen in Server Manager
7-6 Detailed Accounting Record for a Selected User
10-1 Tree Structure of Complex Policy
10-2  Server Manager's Realm Attributes Screen
10-3 State transitions in check+policy+las.fsm
11-1 Authentication Process with Oracle
11-2 Oracle Database Table Format
11-3  New Oracle Server Screen
12-1 Authentication Process with EAP
13-1 SecurID Add Client Screen
13-2  SecurID Edit Client Screen
14-1 Default FSM State Transitions

List of Tables

HP-UX AAA Server Administration and Authentication Guide Printing History
Document Conventions
Additional Documents for the HP-UX AAA Server A.06.00
1-1 RADIUS Request/Reply Message Format Description
1-2 Attribute Value Pair Format Description
1-3 Commands, Utilities, & Daemons
2-1 Access Device Message Handling Options
2-2 Access Device Message Handling Options
2-3 Authentication Types Listed in the Realm Attributes Screen
3-1 Icons in Server Manager's Server Status Frame
4-1 Server Start Options
4-2 radiusd Options
4-3 New Server Connection Text Boxes
4-4 Status Options Text Boxes
6-1 Accounting Logging Options
7-1 Filter Parameters for Searching Logfiles
7-2 Statistic Search Parameters
7-3 Sessions Search Parameters
7-4 Accounting Logfile Search Parameters
7-5 Reasons Why The Record Was Generated
8-1 radiusd Error Messages
10-1 Attribute Type
10-2 Relational Operators
10-3 Boolean Operators
11-1 Files Related to db_srv
11-2 AUTH_NET_USERS Table
11-3 Options
14-1 Predefined Event Names
14-2 Available Actions
15-1 Tunnel Attributes & Client Hints Matrix
15-2 Valid Client Entry Options
15-3 Realm Entry Authentication -Type Keyword Meanings
15-4 Default LAS Session Timing Parameters
15-5 Information Recorded by LOG_V2_o
15-6 A-V Pair Expression Operators
15-7 A-V Pair Expression Examples
16-1 radcheck Options
16-2 radpwtst Options
16-3 sesstab Options
16-4 radrecord Options
17-1 Reply Item Attributes
17-2 Session Termination Causes
18-1 MIB Objects and Definitions
   


About This Document  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2003 Hewlett-Packard Development Company, L.P.