Designing a Secure Wireless LAN with the HP-UX AAA RADIUS Server
60
atcttls.com -DEFAULT EAP ""
{
EAP-Type TTLS
}
hpntatc.com -DEFAULT NTLM NTLM Authentication
hpatc.com -DEFAULT ProLDAP ""
{
Filter-Type CIS
Directory "hpatcux3"
{
Host hpatcux3.rose.hp.com
Port 389
Administrator "cn=Directory Manager"
Password "ldapldap"
SearchBase "ou=People,ou=ldap-ux,dc=hp,dc=com"
Authenticate bind
}
}
The new hpntatc.com realm is created by adding the single line (in bold above) to the file.
Observe the hpatc.com realm with the ProLDAP configuration and the atcttls.com realm for the
TTLS tunnel.
The next step is to create an authentication type record by editing:
• /etc/opt/aaa/dictionary
VALUE Authentication-Type EAP 30
VALUE Authentication-Type SAMDatabase 31
VALUE Authentication-Type iaaaAuthenticate 32
VALUE Authentication-Type iaaaCheckPW 33
VALUE Authentication-Type iaaaFile 34
VALUE Authentication-Type iaaaPass 35
VALUE Authentication-Type iaaaRealm 36
VALUE Authentication-Type iaaaUsers 37
VALUE Authentication-Type NTLM 38
VALUE Authentication-Type Unassigned 39
Adding the single line for NTLM (in bold above) creates the new NTLM Authentication-Type,
which will now be visible in the Server Manager display of the hpntatc.com realm.
With the AAA RADIUS Server Manager, load the new configuration, then stop and start the
server. In the Local Realms screen, observe the configured realms from the /etc/opt/aaa/authfile
configuration: