Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home

HP-UX AAA Server A.07.00 Administrator's Guide: HP-UX 11i v1, 11i v2, and 11i v3
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
   
 

HP Part Number: T1428-90064

Published: E0709

Table of Contents

About This Document
Intended Audience
New and Changed Information in This Edition
Publishing History
Document Organization
Typographic Conventions
HP-UX Release Name and Release Identifier
Related Documents
HP Encourages Your Comments
I Introduction
1 Overview: The HP-UX AAA Server
RADIUS Topology
Establishing a RADIUS Session
Product Structure
HP-UX AAA Server Daemon, Libraries, and Utilities
HP-UX AAA Server Manager Program
Documentation
HP-UX AAA Server Architecture
Configuration Files
AATV Plug-Ins
The Software Engine: Finite State Machine
HP-UX AAA Server Commands, Utilities & Daemons
Handling an Access Request
Authentication to Verify the Client and User
Authorization to Control Sessions and Access to Services
Session Logs For Accounting
IPv6 Support for External Services
2 Upgrading to Version A.07.00
The HP-UX AAA Server Upgrade Process
Upgrading from Version A.06.02 to Version A.07.00
Upgrading from Version A.06.01 to Version A.07.00
Upgrading from Version A.06.00.x to Version A.07.00
Upgrading from Version A.05.x to Version A.07.00
Merging the Dictionary File
3 Installing and Securing the HP-UX AAA Server
Acquiring the HP-UX AAA Server Software
Installing and Uninstalling the HP-UX AAA Server
To Install the HP-UX AAA Server
To Uninstall the HP-UX AAA Server Software
HP-UX AAA Server File Locations
Securing the HP-UX AAA Server
Changing the Default HP-UX AAA Server Settings
Environment Specific Security Procedures
4 Enabling the HP-UX AAA Server for GUI-based Administration
Accessing the Server Manager
Starting and Stopping the RMI Objects
Starting and Stopping Tomcat
Testing the Installation
To Test the Installation
Starting HP-UX AAA Servers Using Server Manager
HP-UX AAA Server Start Options
Server Manager’s Reload Feature
Starting HP-UX AAA Servers From the Command Line
Configuring the HP-UX AAA Server to Start Automatically Upon System Reboot
Stopping or Restarting HP-UX AAA Servers
Using Server Manager
From the Command Line
Adding an HP-UX AAA Server to Your Network
II Configuring the HP-UX AAA Server Manager Using the Server Manager GUI
5 The HP-UX AAA Server Manager Interface
Commonly Used Icons in the GUI
6 Managing HP-UX AAA Servers
Using the Server Connections Screen
Adding a New Server
Modifying Connection Attributes
Deleting a Server Connection
Managing Multiple Servers
Loading and Saving Your Configuration
7 Configuring RADIUS Clients Using the Access Devices Screen
Navigating the Access Devices Screen
Adding a RADIUS Client
Modifying a RADIUS Client’s Properties
Deleting a RADIUS Client
8 Configuring Realms
Using the Local Realms Screen
Adding a Realm
Modifying Realms
Special Entries
Deleting a Realm
Configuring Realms for Authentication using an External Server
Configuring Realms for Database Access via SQL
Configuring Realms for LDAP
Configuring Realms for Oracle
Configuring a SecurID Realm
9 Configuring Proxies
Navigating the Proxy Screen
Changing the Default localhost Proxy Settings
Creating or Modifying a Proxy
Forwarding Authentication Requests From a Proxy Server
Forwarding Authentication Requests to a Remote Server
Changing RADIUS Port Numbers
Forwarding Requests to Alternate RADIUS Ports
Forwarding Accounting Requests
Proxying Authentication and Accounting Messages to the Same Server
Proxying Accounting Requests to a Central Server
Deleting a Proxy
10 Configuring Users
Navigating the Users Screen
Changing the Default test_user Settings
Adding a User Profile
Tabs on the Add Users Screen
Adding Users for SecurID Authentication
Modifying User Profiles
Deleting a User Profile
To Delete a User Profile From the Default users File
To Delete a User Profile in a Local Realms File
11 Modifying Server Properties
Navigating the Server Properties Screen
DHCP Relay Properties
DNS Updates Properties
Message Handling Properties
SNMP Properties
Enable SNMP Support
Tunneling Properties
Tunneling Reply Items (Optional)
Certificate Properties
File Size Properties
Maximum Logfile Size
Miscellaneous Properties
Permit Microsoft Client Authenticate As Computer
12 Logging and Monitoring
Overview
Server Log Files
Using Server Manager to Retrieve Logfile Information
Using Server Manager to Retrieve Statistics
Accounting Log Files
Using Server Manager to Retrieve Accounting Logfiles
Format of Accounting Records in the Default Merit Style
Writing Livingston CDR Accounting Records
Changing the Accounting Log Filename
Changing the Accounting Log Rollover Interval
Rolling Over the Log File and Accounting Stream
III Advanced Configuration Information
13 Securing LAN Access With EAP
Overview
The Secure LAN Advisor
Preparing Your LAN
Determining the EAP Authentication Method to Use
Securing WLANs with the HP-UX AAA Server
Digital Certificate Administration
Using the “Self-Signed” Digital Certificates
Installing Your Own Digital Certificates and Keys
14 Managing Sessions
Session Logs
Displaying Session Attributes
Stopping a Session
Session Limits
Setting Limits on a User-by-User Basis
Setting Limits for Users on a Global Basis
15 Assigning IP Addresses
Assigning Static IP Addresses
To Assign a Static IP (IPv4) Address to a Profile in Flat Files
To Assign a Static IPv6 Address to a Profile in Flat Files
To Assign Static Traditional IP (IPv4) Addresses to a User Profile in an LDAP LDIF File
To Assign Static IPv6 Addresses to a User Profile in an LDAP LDIF File
Assigning Dynamic IP Addresses Using DHCP
IV Integrating the HP-UX AAA Server With External Services
16 LDAP Authentication
LDAP Server Compatibility
Related LDAP Documentation
Authentication with LDAP
Configuring the LDAP Server
17 SQL Access
SQL Access Overview
SQL Access Concepts
Implementing SQL Access
Sample Implementation Files
Pre-requisites for SQL Access
SQL Access Implementation Details
sqlaccess.config File Configuration
Advanced SQL Mapping Configuration
18 Oracle Authentication (Deprecated)
Related AATV Plug-In Modules And Processes
The db_srv Package
Oracle Compatibility
The Oracle Database Structure
The Oracle Information Model
Configuring the Oracle Database
Table Structure
Modifying the Table Structure
Supported Attributes
19 Simple Network Management Protocol (SNMP) Support
Setting Up SNMP to Monitor the HP-UX AAA Server
20 VPN Tunneling
Establishing a Tunnel for a User
21 Using DHCP
Required DHCP Server Features
Recommended DHCP Server Features
Defining DHCP Address Pools for Specific Users
To Associate an Address Pool with a User Profile in AAA Server Flat Files
To Associate an Address Pool with a User Profile in an LDAP LDIF File
Associating Address Pools with Realms and Other Conditions
22 Using SecurID
Authentication Of Users
Configuring SecurID Authentication
Configuring the HP-UX AAA Server for RSA SecurID Authentication
Configuring the ACE/Server
Synchronizing the HP-UX AAA Server with the ACE/Server
Related Documentation
V Troubleshooting
23 Troubleshooting Overview
AAA Environment Components
HP-UX AAA Server Operation
Probable Causes for Failure
Configuration Problems
External Service Problems
Protocol Limitations
RADIUS Client and Supplicant Considerations
24 Troubleshooting Procedures
Troubleshooting Flowchart
Troubleshooting Flowchart Process
Troubleshooting the Server Manager Administration Utility
Common Problems With the Server Manager
Troubleshooting the HP-UX AAA Server
Troubleshooting HP-UX AAA Server Startup Problems
Troubleshooting an Unresponsive HP-UX AAA Server
Troubleshooting Access-Rejects from the HP-UX AAA Server
EAP Problems
Troubleshooting Provisioning Errors
25 Troubleshooting Resources
HP-UX AAA Server Troubleshooting Utilities
The radcheck Utility: For Checking the Server Status
The radpwtst Utility: For Testing Authentication
The raddbginc Utility: For Setting Debug Output Levels
The radsignal Utility: For Rolling Over the Debug Output to New Files
The HP-UX AAA Server Logfile and Debug File
The HP-UX AAA Server Logfile
The HP-UX AAA Server Debug File
26 Reporting Problems
Server Set Up Information
Server Manager Related Information
External Components
External Databases
SNMP Servers
DHCP Servers
OpenSSL
EAP Related Information
Clients
Access Points
VI Reference
27 The Finite State Machine (FSM)
States
Using Xstring to call Policy
Using Xstring to Call an Alternate authfile
Event Names
Predefined Names
Creating New Names
Actions
FSM Tables
Custom State Tables
Tracking Versions
Examples
Interim Logging
Custom Logging Format
Proxy Accounting Messages
DNIS Routing
Dynamic Access Control
28 Configuration Files
HUP Processing
The aaa.config File
Variables in the aaa.config File
The clients File
Prefixed Users and authfile
Wildcard Support for IPv4 and IPv6
The users File
Syntax of a User Entry
Syntax of IPv6 Attributes
With Tunneling
The dictionary File
Attribute Entries
Pruning Expressions
Value Entries
The las.conf File
LAS Session Timing Parameters
Token Pool Configuration
Realm Configuration
The vendors File
Syntax of a vendors File
The log.config File
Syntax of a Stream Entry
Default Entry
End Entry
Logging Multiple Streams
Examples
Decision Files
Expressions
Specifying Attributes in Group Entries
Using Indirection
Example Group Entries
29 Attribute-Value Pairs
Specifying Attribute-Value Pairs
Attribute-Value Formats
Examples
Tagged Attributes
Attributes in User Profiles
Configuration Attributes
Check (and Deny) Items
Attributes Concerning the NAS
Other Attributes
Reply Items
General Attributes
Attributes Concerning Login Users
Attributes for Framed Users
Tunneling Attributes
Other Attributes
Attributes in Accounting Records
Additional Session Information
30 MIB Objects
MIB Objects
A Supported IETF RFCs
B Supported Authentication Methods
C RADIUS Data Packets
Data Packet Format
Attribute-Value Pair Format
Glossary of Terms
Index

List of Figures

1-1 Typical AAA Network Topology
1-2 Client-Server RADIUS Transaction
1-3 Authentication Process
1-4 Default Action Sequence
1-5 Authentication Steps
1-6 Authorization Steps
4-1 Return Value After Successfully Starting a AAA Server
4-2 Server Manager’s Start Options Screen
4-3 Algorithm for Determining Which FSM to Load
5-1 The HP-UX AAA Server Manager User Interface
6-1 Server Manager’s Connected Server Screen
6-2  The Add Connection Screen
6-3 The Modify Connection Screen
6-4 The Delete Server Connections Screen
6-5 Server Manager’s Server Status Frame
6-6 Server Manager’s Load Configuration Screen
6-7 Server Manager’s Save Configuration Screen
7-1 Server Manager’s Access Device Screen
7-2  Server Manager’s Access Device Attributes Screen
7-3 The Delete Access Device Screen
8-1 Server Manager’s Local Realms Screen
8-2 Server Manager’s Local Realm Attributes Screen
8-3 The Delete Local Realm Screen
8-4 User Storage Parameters for Database Access via SQL
8-5 New Oracle Server Screen
9-1 Proxy Configuration
9-2 Server Manager’s Proxy Screen
9-3 Server Manager’s Proxy Attributes Screen
9-4 The Delete Proxy Screen
10-1 Server Manager’s Users Screen
10-2 The Add Users Screen
10-3 The Modify Users Screen
10-4 The Delete Users Screen
11-1 Server Manager’s Server Properties Screen
12-1 Server Manager’s Logfile Screen
12-2 Server Manager’s Statistics Screen
12-3 HP-UX AAA Server Statistics Example
12-4 Accounting Logfile Search Screen in Server Manager
12-5 Detailed Accounting Record for a Selected User
13-1 The Secure LAN Advisor For Securing WLANs
13-2  Server Manager’s Certificate Properties Screen
14-1 Sessions Search Filter Screen
14-2 Example Return for a Sessions Search
14-3 Example of a Session’s Attributes
15-1 The Users Screen
15-2 The Framed User Attributes Form
15-3 The Users Screen
15-4 The Framed User Attributes Form
17-1 SQL Access Components
17-2 RADIUS Attribute to SQL Statement Mapping
18-1 Authentication Process with Oracle
18-2 Oracle Database Table Format
22-1 SecurID Add Client Screen
22-2 SecurID Edit Client Screen
23-1 AAA Environment Components
23-2 HP-UX AAA Server Operation
24-1 Troubleshooting Flowchart
27-1 Default FSM State Transitions
C-1 RADIUS Request/Reply Message Format
C-2 Attribute-Value Pair Format

List of Tables

HP-UX AAA Server Administrator’s Guide Printing History
HP-UX 11i Releases
1-1 Commands, Utilities, and Daemons
3-1 File Locations Upon Installation
3-2 Files Generated During Operation
4-1 Server Start Options
4-2 radiusd Options
4-3 New Server Connection Screen Fields
6-1 Fields in the Connection Attributes Form
6-2 Icons in Server Manager’s Server Status Frame
7-1 Add Access Device Configuration Form Options
8-1 Fields in the Local Realm Attributes Form
8-2 Special Entries
8-3 Values for Configuring Realms for LDAP
8-4 Options
9-1 Proxy Configuration Options
9-2 Options for Forwarding Requests
9-3 Accounting Logging Options
10-1 General Attributes in the Add User Screen
11-1 DHCP Relay Properties
11-2 DNS Update Properties
11-3 Message Handling Properties
11-4 Certificate Path Properties
12-1 Filter Parameters for Searching Logfiles
12-2 Statistic Search Parameters
12-3 Accounting Logfile Search Parameters
12-4 Reasons Why The Record Was Generated
13-1 LAN Configuration Items
13-2 Supported EAP Methods and Their Features
16-1 LDAP Attributes
17-1 The sqlaccess.config Sample File
17-2 Database Access Parameters
17-3 Input Mapping Data Types and Syntax
17-4 Output Mapping Data Types and Syntax
17-5 RAD Mapping Parameters
17-6 DBC Mapping Parameters
17-7 DBP Mapping Parameters
17-8 Pre-defined Mapping Functions
17-9 Pre-defined Conversion Functions
18-1 Files Related to db_srv
18-2 AUTH_NET_USERS Table
24-1 Common Problems with the Server Manager
24-2 Common Problems with HP-UX AAA Server Startup
24-3 Common Configuration Problems
24-4 External Service Failure Problems
24-5 Common Authentication Failure Problems
24-6 EAP Problems
25-1 Debugging Levels in the HP-UX AAA Server
27-1 Predefined Event Names
27-2 Available Actions
27-3 Predefined FSM Tables
28-1 Default LAS Session Timing Parameters
28-2 Information Recorded by LOG_V2_o
28-3 A-V Pair Expression Operators
28-4 A-V Pair Expression Examples
29-1 Reply Item Attributes
29-2 Session Termination Causes
30-1 MIB Objects and Definitions
A-1 Supported IETF RFCs
A-2 Additional IETF RFCs Supported by HP-UX AAA Server
A-3 AAA RFCs Supported by HP-UX AAA Server
C-1 RADIUS Request/Reply Message Format Description
C-2 Attribute Value Pair Format Description

List of Examples

17-1 Define the Oracle Database Connection Parameters
17-2 Define the MySQL Database Connection Parameters
17-3 User and Password Input and Output Mappings
17-4 SQL Statement to Delete a Row
17-5 SQL Statement with Result Mapping - OCI
17-6 SQL Action with Null Source and Target Mappings
17-7 Timestamp Synchronization
17-8 FSM with Accounting Log via SQL Access
17-9 Remove Session Stored Procedure Definition
28-1 Examples of NAS-IPv6-Address Attribute Syntax
28-2 Examples of Framed-Interface-Id Attribute Syntax
28-3 Examples of Framed-IPv6-Prefix Attribute Syntax
28-4 Examples of Login-IPv6-Host Attribute Syntax
28-5 Example of a Framed-IPv6-Route Attribute Syntax
28-6 Example of a Framed-IPv6-Pool Attribute Syntax
   


About This Document  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© Hewlett-Packard Development Company, L.P.