Manualshelf

HP-UX AAA Server A.08.00.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
311312313314315316317318319320
Configuring for Dynamic Authorization Proxy Functionality
To configure the HP-UX AAA Server for Dynamic Authorization proxy functionality,
you must configure the routing tables for the requests in the /etc/opt/aaa/
proxy-egress.grp proxy egress policy file.
You can configure the routing tables on the basis of attributes, such as user's realm and
target NAS (authenticator), in the incoming request.
Configuring on the Basis of User's Realm
To configure routing tables based on the user's realm, add the following lines in the
/etc/opt/aaa/proxy-egress.grp file:
if( Interlink-Packet-Code = "Disconnect-Request" ||
Interlink-Packet-Code = "COA-Request" )
{
if( (count(User-Name) > 0) && substr(User-Name after "@") = "<realm>" )
{
modify Interlink-Proxy-Target = "<Hostname or IP Address of Proxy Target Server>"
}
}
Configuring on the Basis of NAS
To configure routing tables based on NAS (authenticator), add the following lines in
the /etc/opt/aaa/proxy-egress.grp file:
if( Interlink-Packet-Code = "Disconnect-Request" ||
Interlink-Packet-Code = "COA-Request" )
{
if( count(NAS-Identifier) > 0 && NAS-Identifier = "<DNS name of NAS>" )
{
modify Interlink-Proxy-Target = "<Hostname or IP Address of Proxy Target Server>"
}
}
NOTE: The HP-UX AAA Server configuration must include all the remote proxy
servers that forward messages to or receive forwarded messages from this HP-UX AAA
Server. If a remote proxy server is not included in the configuration, the server does
not handle or forward requests to it. The Proxies screen in the HP-UX AAA Server
Manager allows you to add, modify, or delete a remote proxy server in the server
configuration. For information on how to configure Proxies, see Chapter 9 (page 113).
Configuring for Failover
The HP-UX AAA Server supports failover functionality for dynamic authorization
requests. You can configure a secondary server to which the requests must be sent in
case the primary server fails to respond.
To configure a secondary server, add the following lines in the /etc/opt/aaa/
client-request-egress.grp file:
insert Client-Request-Secondary-Server = <hostname or IP address of secondary server>
316 Configuring the HP-UX AAA Server for Dynamic Authorization