HP-UX AAA Server A.08.00.01 Administrator's Guide
Notes:
• Test = $Value$Pos$Len will add a new A-V pair to the request. It will not
update an existing pair. For example, when the request includes a Test = “String”
A-V pair, the expression Test = $Test$2$3 will append Test = “rin” to
the request, which results in both Test = “String” and Test = “rin” in the
request.
• Because the left-side attribute is handled differently than the right-side attribute
value, multiple attributes in a request can cause some unexpected indirection
results. Each instance of the left-side attribute is AND'd, but only the value of the
right-side attribute's last instance is used. For example, the expression Test <
$Test would evaluate to FALSE as (Test1 < 1) && (Test2 < 1) when the
request contains the A-V pairs Test1 = 1 and Test2 = 2.
Example Group Entries
This section discusses the syntax of sample decision files that are included in earlier
versions of the HP-UX AAA Server. For information on using the sample DNIS and
DAC decision files present in the current version of the HP-UX AAA Server, see
“Modifying the FSM for Specific Customizations ” (page 432)
• /opt/aaa/examples/config/DNIS.grp for DNIS routing
• /opt/aaa/examples/config/DAC.grp for dynamic access control
DNIS.grp for DNIS Routing
The following example shows a simple DNIS routing scheme. Refer to For an example
of a modified radius.fsm file that works with this decision file, see Chapter 12:
“Logging and Monitoring ” (page 138).
1 Group Controlled-Access {
2 Condition {
3 (Calling-Station-Id = 1234567890) ||
4 (Called-Station-Id = 8005551212)
5 }
6 Reply {
7 Authentication-Type = radius
8 Server-Name = flatland.com
9 Server-Port = 1812
10 Decision = Forward
11 }
12 }
13 Group Denied-Access {
14 Condition {
15 Called-Station-Id = 8001234567
16 }
17 Reply {
18 Authentication-Type = blackhole
19 Decision = Abandon
20 }
590 Syntax of the Decision Files in Earlier Versions of the HP-UX AAA Server