HP-UX AAA Server A.07.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

441

442

443

444

445

446

447

448

449

450

21 }

22 Group NORMAL {

23 Reply {

24 Decision = $Interlink-Proxy-Action

25 }

26 }

Line 1 Names the first group entry Controlled-Access.

Lines 2 to 5 If the user calls from 1234567890, or calls into 8005551212, the

user belongs to this group.

Lines 7 to 9 The Authentication-Type attribute indicates that requests from

members of this group must be proxied. The Server-Name and

Server-Port attributes specify flatland.com:1812 as the remote

server that must receive the proxied request.

Line 10 The Decision attribute returns the Forward value to the FSM as

an event. The radius.fsm file must be modified to recognize

this event and to call the RADIUS module when it occurs. For

more information, see Chapter 12: “Logging and Monitoring ”

(page 129).

Line 13 Names the second group entry Denied-Access.

Lines 14 to 16 If the user calls into 8001234567, the user belongs to this group.

Lines 18 The Authentication-Type attribute indicates that the request

must be ignored.

Line 19 The Decision attribute returns the Abandon value to the FSM

as an event. The radius.fsm file must be modified to recognize

this event to end the request when it occurs. For more

information, see Chapter 12: “Logging and Monitoring ”

(page 129).

Line 22 Names the third group Normal. Requests that do not match

with the previous two groups are matched to this group, because

this group entry does not include a condition section.

Line 24 This line uses indirection to pass the current event

($Interlink-Proxy-Action) to the FSM. As a result, the HP-UX

AAA Server handles the request as if DNIS routing did not

occur.

DAC.grp for Dynamic Access Control

The example discussed in this section shows a simple DAC decision scheme based on

the value of an Access-Group attribute.

• Allow access to users in the weekday group during a weekday

• Allow access to users in the daytime group during the day

• Allow access to users in the nighttime group during the night

• Otherwise, deny access to users

For an example of a modified radius.fsm file that works with this decision file, see

Chapter 12: “Logging and Monitoring ” (page 129). This decision file works only if the

Example Group Entries 449