Designing a Secure Wireless LAN with the HP-UX AAA RADIUS Server

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

The default authentication protocol for the enterprise-wide Windows client platform was the

Microsoft proprietary NTLMv1 protocol. The HP-UX AAA RADIUS Server does not have built-in

proprietary Windows NTLM authentication protocol compatibility for retrieving login usernames

and passwords from Windows domain controllers. However, the Software Developer’s Kit that is

available with the product provides the tools required to customize the AAA server to access the

Windows domain controller and pull the user data for the Wireless LAN login authentication.

B.2 Case Study Component Assembly

The case study utilizes the EAP method (EAP-TTLS) and many of the configuration settings from

the examples in previous chapters. The only significant difference is the source data store of the

user profiles. Listing the components of the case study AAA configuration clarifies the new

components that are required for the implementation:

• HP-UX AAA RADIUS Server 6.1.2 (and dependencies): existing

• HP-UX AAA RADIUS Server SDK: New

o Only available through HP-UX support contract and process, or account team

o Used to develop and deploy AAA NTLM plug-in

• HP-UX AAA RADIUS Server configuration modifications: New

o Provides the NTLM plug-in for AAA libraries

o Configuration file modifications for NTLM plug-in

o Configure realm

• Supplicant configuration modifications: New

o Configure new profile

B.2.1 AAA SDK – NTLM Plug-In

The key addition to the customization of the existing AAA configuration is the SDK - Software

Developer’s Kit. The SDK is a product file set consisting of:

• Sample files

• Documentation

Access Point

(

SSID

)

LAN

laptop client

(

MACaddr1

)

Windows Domain

Controller – User

in Data Store

Netscape

Directory Server

– User Enterprise

Data Store

HP-UX AAA

RADIUS Serve

Requires

Windows

Domain

Controller