Designing a Secure Wireless LAN with the HP-UX AAA RADIUS Server

enable authentication for Wireless LAN or network access in the enterprise IT infrastructure.

Policy decisions can also be implemented when using the LDAP directory, such as the following:

• Restriction by time-of-day

• Restriction by access location

• Maximum session time

• Limit number of simultaneous users

• Limit number of sessions per realm/group

For enterprises using non-LDAP user data stores, the HP-UX AAA RADIUS Server can also

authenticate against flat files, ORACLE databases, or customized schemes using the available

Software Developers Kit (SDK). A subsequent case study illustrates how the SDK can be utilized

to customize the AAA RADIUS Server to authenticate against a Windows Domain Controller using

NTLM (a Windows authentication protocol).

4.2 AAA RADIUS and the User Authentication Database

User-based security with 802.1X requires that a user’s identification be presented and

authenticated before network access is granted. Therefore, user profiles must be stored in a

central location where they can be accessed for comparison to the incoming user authentication

request. Defining users in multiple repositories for specific purposes is inefficient and potentially

insecure, so utilizing an existing or new central user database is a distinct advantage when

designing a Wireless LAN infrastructure with AAA RADIUS. The HP-UX AAA RADIUS Server has

several options for accessing user repositories.