Manualshelf

Designing a Secure Wireless LAN with the HP-UX AAA RADIUS Server

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
51525354555657585960
59
This configuration modification affects only the username and user password. The 802.1X EAP
method is unchanged, and the distributed WEP keys are unchanged. Therefore, the access point
configuration is unaffected.
B.3.3 Authentication Server (AAA RADIUS Server) and NTLM Plug-In
The resulting output of the development effort for the NTLM plug-in is a compiled binary library
named aaa_ntlm.sl. The NTLM plug-in is simply added to the /opt/aaa/aatv sub-directory, and
the server is stopped and restarted so that the libraries are re-read:
# ll /opt/aaa/aatv
total 28016
-r-xr-x--- 1 root aaa 72192 Jul 14 19:52 EAP_GTC_AATV.sl
-r-xr-x--- 1 root aaa 97104 Jul 14 19:52 EAP_LEAP_AATV.sl
-r-xr-x--- 1 root aaa 85288 Jul 14 19:52 EAP_MD5_AATV.sl
-r-xr-x--- 1 root aaa 173840 Jul 14 19:52 EAP_MSCHAP_AATV.sl
-r-xr-x--- 1 root aaa 1803896 Jul 14 19:52 EAP_PEAP_AATV.sl
-r-xr-x--- 1 root aaa 1772912 Jul 14 19:52 EAP_TLS_AATV.sl
-r-xr-x--- 1 root aaa 1802656 Jul 14 19:52 EAP_TTLS_AATV.sl
-r-xr-x--- 1 root aaa 12288 Sep 29 10:04 aaa_ntlm.sl
-r-xr-x--- 1 root aaa 440248 Jul 14 19:52 decisionfile.sl
-r-xr-x--- 1 root aaa 341200 Jul 14 19:52 dhcpRelayAatv.sl
-r-xr-x--- 1 root aaa 307160 Jul 14 19:52 dumpSession.sl
-r-xr-x--- 1 root aaa 100312 Jul 14 19:52 evaluate.sl
-r-xr-x--- 1 root aaa 95944 Jul 14 19:52 iaaaAuth.sl
-r-xr-x--- 1 root aaa 171352 Jul 14 19:52 mschap.sl
-r-xr-x--- 1 root aaa 542688 Jul 14 19:52 oracleAatv.sl
-r-xr-x--- 1 root aaa 1112440 Jul 14 19:52 oracleAatvProcess
-r-xr-x--- 1 root aaa 847136 Jul 14 19:52 proldap.sl
-r-xr-x--- 1 root aaa 320080 Jul 14 19:52 securidAatv.sl
-r-xr-x--- 1 root aaa 425960 Jul 14 19:52 securidAatvProcess
-r-xr-x--- 1 root aaa 3296784 Jul 14 19:52 snmpAgent.sl
-r-xr-x--- 1 root aaa 115992 Jul 14 19:52 tacplus.sl
-r-xr-x--- 1 root aaa 131696 Jul 14 19:52 tunneling.sl
-r-xr-x--- 1 root aaa 172384 Jul 14 19:52 vlogit.sl
#
After stopping and starting the AAA server, the NTLM plug-in is now an active library for the AAA
server. The next step is to configure the AAA server for the Windows domain controller access.
B.3.4 Authentication Server (AAA RADIUS Server) Configuration
The primary configuration task for the customization of the HP-UX AAA RADIUS Server is to
create a new realm for the users that will be authenticating to the Windows domain controller
using the NTLM protocol and plug-in. However, NTLM is not included with the standard server
authentication types. Thus, NTLM is not offered as a configurable authentication protocol in the
Server Manager GUI on the AAA RADIUS server. So the NTLM protocol must be added manually
by editing the AAA RADIUS configuration files.
The first step is to create the new NTLM realm by editing:
/etc/opt/aaa/authfile
# cat /etc/opt/aaa/authfile