HP-UX AAA Server A.08.00.01 Administrator's Guide

{

insert Authorize-Only-ActionId = "AuthorizeSession"

}

NOTE: If multiple HP-UX AAA Servers are configured as a group, enter

AuthorizeSessionServerGroup instead of AuthorizeSession.

6. Add the State attribute in the generated CoA-Request. In the /etc/opt/aaa/

sqlaccess.config file, add the following mapping in the

CreateDisconnectReq and CreateCoAReq SQLActions:

FUNC(gen_state) RAD(State, REPLY)

NOTE: If multiple HP-UX AAA Servers are configured as a group, the mapping

must be added in the CreateDisconnectReqServerGroup and

CreateCoAReqServerGroup SQLActions in the /etc/opt/aaa/

sqlaccess.config file.

Configuring for Proxy Functionality

In addition to disconnecting and changing the authorization of user sessions, the HP-UX

AAA Server can act as a proxy for Dynamic Authorization requests to a target Network

Access Server (NAS). AAA proxy is an entity that acts as a client as well as a server.

When a request is received from a Dynamic Authorization Client (DAC), the proxy

acts as a Dynamic Authorization Server (DAS). If the same request must be forwarded

to another AAA entity, the proxy acts as a DAC.

Requests are sent based on the configuration. For example, using advanced policy, you

can configure on the basis of user-realm or target NAS. The proxy HP-UX AAA Server

listens to Disconnect and CoA requests on a port that can be configured. The

configuration settings of this port are the same as that of authentication and accounting

proxy ports. The default port is 3799.

Figure 20-14 illustrates the Dynamic Authorization proxy functionality.

Figure 20-14 Proxy Functionality

Configuring for Dynamic Authorization 315