HP-UX AAA Server A.08.00.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

401

402

403

404

405

406

407

408

409

410

1 START:

2 *.+AUTHEN.ACK PREPROC Preauth

3 *.+AUTHENTICATE.ACK PREPROC Preauth

4 Preauth:

5 *.PREPROC.ACK iaaaUsers UsersCheck

6 *.PREPROC.NAK REPLY Hold

7 . . .

Lines 1-3

*.+AUTHEN.ACK or +AUTHENTICATE.ACK indicates that the received

message is an Access-Request. PREPROC indicates the action, which

calls the custom PREPROC software module. PREPROC is programmed

to parse User-Name, strip out the extraneous information, and assign

the result to the User-Id attribute. (The server uses User-Id to locate a

stored user profile.) If PREPROC is successful it returns an ACK event

name; otherwise, it returns a NAK. Preauth indicates the next state the

FSM must proceed to, after PREPROC returns an ACK or NAK event name.

Line 4

As described for steps 1 to 3, Preauth is the next state after PREPROC

has parsed User-Name and returned an ACK or NAK value.

Line 5

If PREPROC returns an ACK value, handling of the request continues

normally with the modified user name.

Line 6

If PREPROC returns a NAK value, the request will be rejected.

NOTE: When listing an event, you need to specify the last action only if it is required

for the finite state table to correctly determine the next action. In this case, the Preauth

events *.*.ACK and *.*.NAK on lines 5 and 6 would also work.

Interim Logging

To indicate that a session is still active, the client will send an accounting message at

regular intervals (defined by the client) during the session. To generate session logs

when the server receives this accounting message, you need to modify one line in the

AACTlog state. The following example uses the default radius.fsm FSM file.

*.*.ACCT_ALIVE LOG REPLYHold

The REPLY action has been replaced with LOG, which is the Action that writes the

session log. If you want to log other accounting messages, you must change the action

to LOG for the event that corresponds to the message that must be logged.

NOTE: A AAA Server-provided state table, logall.fsm, will log all accounting

messages.

Custom Logging Format

Using a custom-logging format requires that you write or obtain a plug-in that will

generate a session log. In each instance when you want to use your custom format, you

must replace the LOG action in the state table with the name of the appropriate action

402 Customizing the HP-UX AAA Server Using the Finite State Machine