HP-UX AAA Server A.08.00.01 Administrator's Guide
Subscriber-Key = "\x01\x47\x17\x49\x11\xe3\x96\xc9\x63\x1a\xc1\xb9\x22\x86\xf0\x1f"
123456789000000
Subscriber-Key = "\x11\x1a\xf1\xc7\x11\x20\x26\x08\x4a\x58\xc7\xd8\x22\xe7\xca\x55"
123456789000000
Subscriber-Key = "\x11\x48\xf2\xd4\x68\x71\x59\x11\x3c\x81\x27\xe6\x14\xfb\x64\x66"
PROLDAP Authentication Type
The PROLDAP AATV is enhanced to support the Request-Attribute-For-Search
attribute. The Request-Attribute-For-Search attribute indicates the search
attribute to use for a user lookup. The attribute must be a string-type, such as, string,
tag-str, and octets. The default value is User-Id. When PROLDAP is used for EAP-SIM,
the value of the Request-Attribute-For-Search parameter must be
Real-Username.
The LDAP Directory server must return the Subscriber-Key (Ki) on successful lookup.
The following is an example of PROLDAP authfile configuration for credentials
lookup:
# This realm uses an LDAP database
eapsimrealm.com -SIM PROLDAP "LDAP_lookup"
{
Request-Attribute-For-Search Real-Username
Directory "Directory 1"
{
Host ldap1.ispx.com
Port 389
Administrator "cn=...,ou=...,ou=...,o=radius"
Password password
SearchBase "...,ou=...,o=radius"
Authenticate Search
}
}
NOTE: The comment field (xstring) (in the above example, "LDAP_lookup") in
the realm configuration must not have spaces.
SQL Access Authentication Type
To use the SQL Access authentication type, you must include the following entry in
the authfile :
eapsimrealm.com –SIM SQLAccess ActionId=RetrieveSimUser
Also, you must include the RetrieveSimUser SQL action in the sqlaccess.config
file.
The following SQL Action RetrieveSimUser is configured to return the subscriber
key. After successfully retrieving from a SQL compliant database (db_oci) the SQL
Action returns RETRIEVE_SUCCESS, else it returns RETRIEVE_ERROR.
226 Configuring EAP-SIM and EAP-AKA Authentication Methods