Designing a Secure Wireless LAN with the HP-UX AAA RADIUS Server

• Include files

• Make files

• Configuration files

• Additional tools

The SDK can be used by developers to code their own C libraries that provide programmatic

interfaces to non-standard user data stores, authentication methods, and other configuration

components. The AAA server has a modular design that allows custom libraries to be easily

added to the product.

The SDK was used to develop a custom HP-UX AAA RADIUS Server plug-in module that provided

Windows native authentication protocol access to the HP-UX AAA RADIUS server.

B.2.2 Windows SMB Authentication

Windows clients use a protocol called SMB to communicate with authentication servers. There

are several public domain SMB client implementations available from public domain sources. One

resource that lists several options is the SAMBA project (http://www.samba.org)

B.2.3 Authentication Modules

The authentication sequence proceeds through the solution modules as diagramed below:

1. Client initiates standard EAP-TTLS WLAN authentication protocol

2. AAA RADIUS configuration calls NTLM plug-in for user/password retrieval

3. NTLM plug-in calls libsmb library

4. libsmb looks up Windows domain and domain controller

5. User-submitted password hash is authenticated on Windows DC

6. Authentication results are returned to AAA RADIUS server

7. Client access is granted or denied.

B.3 Configuring HP-UX AAA RADIUS with NTLM Plug-In

Using the existing Wireless LAN configuration for EAP-TTLS with certificates for mutual

authentication and an LDAP Netscape Directory Server user login data store, the configuration

AAA RADIUS

ntlm plug-in

libsmb

Auth

Windows Domain

Controlle

ntlm

use

/pass

HP-UX

Access

int

(SS

)

laptop client

(MACaddr1)

smb.conf

domain name

domain controller