HP-UX AAA Server A.07.01 Administrator's Guide
4. Select the Free tab on top of the Modify Users screen.
5. Enter the address pool for the user in the Reply Item field, for example:
Address-Pool=<Name-of-pool>
6. Click Modify.
To Associate an Address Pool with a User Profile in an LDAP LDIF File
1. From the command line, open the LDIF file the user profile is stored in.
2. Add the following lines to the user profile:
aaaReply: Interlink:Address-Pool=<Name-of-pool>
Associating Address Pools with Realms and Other Conditions
Use the following steps to associate address pools with realms and other conditions
by modifying HP-UX AAA Server decision files. Refer to Chapter 24: “Customizing
the HP-UX AAA Server Using the Finite State Machine” (page 270) andChapter 25
(page 283) for more information. The following steps and examples associate an IP
address pool named test_pool with a realm named test.com.
1. Create a policy file in/etc/opt/aaa/dhcp.grp as follows:
Group NORMAL {
Condition {
(User-Realm = test.com)
}
Reply {
Decision = ACK
Interlink:Address-Pool = "test_pool"
}
}
Group NORMAL {
Reply {
Decision = ACK
}
}
2. Define a new state named CheckTestPolicy to check for the policy you created
in Step 1. Replace the following lines in /etc/opt/aaa/radius.fsm as follows:
Replace:
UserDone:
*.*.ACK POLICY AuthWait
*.*.NAK REPLY Hold
With:
UserDone:
*.*.ACK POLICY CheckTestPolicy
*.*.NAK REPLY Hold
CheckTestPolicy
*.*.ACK POLICY AuthWait Xstring=decisionfile:dhcp.grp
*.*.NAK REPLY Hold
Associating Address Pools with Realms and Other Conditions 261