Manualshelf

HP-UX AAA Server A.08.00.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
311312313314315316317318319320
1. To configure the HP-UX AAA Server to send Disconnect and CoA requests in
the default mode, complete the procedure described in the following files:
For Oracle — /opt/aaa/examples/sqlaccess/oracle-1/README
For MySQL — /opt/aaa/examples/sqlaccess/mysql-1/README
2. Modify the /etc/opt/aaa/client-request-init.grp file as follows:
For Authorize Only mode, the RADIUS message type for both Disconnect
and CoA requests must be CoA-Request. Therefore, replace the following
lines:
## Set the RADIUS message type of the request to Disconnect-Request.
insert Interlink-Packet-Code = "Disconnect-Request"
with
## Set the RADIUS message type of the request to COA-Request.
insert Interlink-Packet-Code = "COA-Request"
Insert a Service-Type attribute. Assign Authorize-Only as the value of
the attribute. Append the following lines at the end of the /etc/opt/aaa/
client-request-init.grp file:
## Add Service-Type attribute with value "Authorize Only"
insert Service-Type = "Authorize-Only"
3. A CoA-Request, whose Service-Type attribute value is Authorize Only,
must include session and NAS identification attributes only. Therefore, the
Filter-Id attribute must be removed from the Change-Of-Authorization request.
Add the following lines in the /etc/opt/aaa/client-request-egress.grp
file:
if( count(Service-Type) != 0 && Service-Type = "Authorize-Only" && Client-Action-Name = "COA")
{
## Delete the Filter-Id attribute.
delete Filter-Id
}
4. To handle a response to CoA-Request, whose Service-Type attribute value is
Authorize-Only, modify the client-reply-ingress.grp file. Add the
following lines at the beginning of the /etc/opt/aaa/
client-reply-ingress.grp file:
if( count(Service-Type) != 0 && Service-Type = "Authorize-Only" )
{
if( Interlink-Packet-Code = "COA-NAK" && count(Error-Cause) != 0 &&
Error-Cause = "Request_Initiated" )
{
## Authorize Only request succeeded.
if( Client-Action-Name = "Disconnect" )
{
## Set the SQLAccess ActionID to be used for Disconnect success.
insert Client-Request-Cleanup-ActionId = "CleanupDisconnectedSession"
}
else
{
if( Client-Action-Name = "COA" )
{
Configuring for Dynamic Authorization 313