Designing a Secure Wireless LAN with the HP-UX AAA RADIUS Server
48
Save the AAA server configuration, then stop and start the server. The AAA Server is now ready
to retrieve user profiles from the LDAP directory server.
NOTE: User profile data must be entered into the directory server. For this configuration, the
following data was entered:
• Login Name: atcuser
• Password: atcpass
On the client, the supplicant software should be running. Choose Connection from the left-side
navigation window. Select “Connect to network”, and SNSLATC, then click on the Connect button
at the bottom of the window. The supplicant will negotiate the 802.1X TTLS authentication
sequence, except now the user data is retrieved from the LDAP directory server. On the HP-UX
Netscape Directory Server in the example, the user profile retrieval can be verified on the HP-UX
command line:
# tail -10 /var/opt/netscape/servers/slapd-hpatcux3/logs/access
[25/Sep/2003:17:03:18 -0700] conn=59 fd=46 slot=46 connection from 15.43.212.197 to 15.43.212.199
[25/Sep/2003:17:03:18 -0700] conn=59 op=0 BIND dn="uid=ATCUSER,ou=People,ou=ldap-
ux,dc=hp,dc=com" method=128 version=2
[25/Sep/2003:17:03:18 -0700] conn=59 op=0 RESULT err=49 tag=97 nentries=0 etime=0
[25/Sep/2003:17:03:18 -0700] conn=59 op=1 UNBIND
[25/Sep/2003:17:03:18 -0700] conn=59 op=1 fd=46 closed - U1
The AAA server made the request from 15.43.212.197 to the LDAP server at 15.43.212.199.
The Server Manager has written the configuration to the underlying AAA configuration file, where
the LDAP Directory server options can be observed:
• /etc/opt/aaa/authfile
# cat /etc/opt/aaa/authfile
NULL -DEFAULT Deny ""