HP-UX AAA Server A.08.00.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

111

112

113

114

115

116

117

118

119

120

Table 9-1 Proxy Configuration Options (continued)

FunctionOption

Select any of the check boxes to specify additional message-handling options.

The following options are valid:

Response Options

RAD_RFC Verifies that the Access-Request conforms with the RADIUS

RFC. Nonconforming messages are dropped.

ACCT_RFC Verifies that the Accounting-Request conforms with the

Accounting RFC. Nonconforming messages are dropped.

CHECK_ALL Checks all attributes to determine if the request is a duplicate

(for messages from a proxy server). This occurs if the remote

server sends nonstandard messages that are not easily

detected as duplicates.

PRUNE Forces pruning as if the response is being returned to an

access device. When this option is checked, the Generic

vendor prunes all vendor-specific attributes before a message

is returned to the proxy server. This can be used to help

prevent problems that might occur if unencapsulated vendor

attribute is not correctly mapped in the vendors file.

The server prunes vendor-specific attributes for a given vendor if that vendor

is not properly defined in the vendors file, and its attributes are not properly

defined in the dictionary file.

IMPORTANT: If you have specified the Prune response option for the proxy

server and the HP-UX AAA server is using the MS-CHAP protocol for

authentication, you must select Microsoft as one of the vendors.

3. If you are adding a new proxy entry, click Create to submit the new proxy to the

Server Manager.

If you are modifying an existing entry, click Modify to submit changes made to

the proxy entry to the Server Manager.

Click Cancel to return to the Proxy screen without making any changes to your

server configuration.

4. From the navigation tree, click Save Configuration.

5. On the Save Configuration screen that appears, click Save.

NOTE: Clicking Save saves the entire server configuration (access devices, proxies,

local realms, users, and server properties) to the servers you specify.

Forwarding Authentication and Dynamic Authorization Requests From a Proxy Server

To forward authentication requests from a proxy server, complete the following steps:

1. Follow the steps listed in “Creating or Modifying a Proxy” (page 114).

2. In the Proxy Configuration Form, configure the options described in Table 9-2.

Creating or Modifying a Proxy 117