HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

161

162

163

164

165

166

167

168

169

170

Table 40 The iaaaFile authfile Configuration Parameters (continued)

DescriptionParameter

The default value is User-Id.

For information on Policy-Pointer, see “Authorization

to Control Sessions and Access to Services ” (page 29).

Policy-Pointer

NOTE: This parameter is optional.

The following is an example of a iaaaFile configuration for credentials lookup:

eapsimrealm.com -SIM iaaaFile isp

{

Request-Attribute-For-Search Real-Username }

}

The following must is the sample content of the isp.users file:

######################################################################

## file: /etc/opt/aaa/isp.users

#######################################################################

123456789000000

Subscriber-Key = "\x01\x47\x17\x49\x11\xe3\x96\xc9\x63\x1a\xc1\xb9\x22\x86\xf0\x1f"

123456789000000

Subscriber-Key = "\x11\x1a\xf1\xc7\x11\x20\x26\x08\x4a\x58\xc7\xd8\x22\xe7\xca\x55"

123456789000000

Subscriber-Key = "\x11\x48\xf2\xd4\x68\x71\x59\x11\x3c\x81\x27\xe6\x14\xfb\x64\x66"

PROLDAP Authentication Type

The PROLDAP AATV is enhanced to support the Request-Attribute-For-Search attribute.

The Request-Attribute-For-Search attribute indicates the search attribute to use for a user

lookup. The attribute must be a string-type, such as, string, tag-str, and octets. The default value is

User-Id. When PROLDAP is used for EAP-SIM, the value of the

Request-Attribute-For-Search parameter must be Real-Username.

The LDAP Directory server must return the Subscriber-Key (Ki) on successful lookup.

The following is an example of PROLDAP authfile configuration for credentials lookup:

# This realm uses an LDAP database

eapsimrealm.com -SIM PROLDAP "LDAP_lookup"

{

Request-Attribute-For-Search Real-Username

Directory "Directory 1"

{

Host ldap1.ispx.com

Port 389

Administrator "cn=...,ou=...,ou=...,o=radius"

Password password

SearchBase "...,ou=...,o=radius"

Authenticate Search

}

NOTE: The comment field (xstring) (in the above example, "LDAP_lookup") in the realm

configuration must not have spaces.

SQL Access Authentication Type

To use the SQL Access authentication type, you must include the following entry in the authfile

eapsimrealm.com –SIM SQLAccess ActionId=RetrieveSimUser

EAP-SIM 165