HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

161

162

163

164

165

166

167

168

169

170

Also, you must include the RetrieveSimUser SQL action in the sqlaccess.config file.

The following SQL Action RetrieveSimUser is configured to return the subscriber key. After

successfully retrieving from a SQL compliant database (db_oci) the SQL Action returns

RETRIEVE_SUCCESS, else it returns RETRIEVE_ERROR.

SQLAction RetrieveSIMUser {

{

input

RAD(Real-Username, REPLY) DBP(runame, 253, CHAR)

output

DBR(100:0) RET(RETRIEVE_ERROR)

DBR(-1:*) RET(ERROR)

DBC(subscriber_key, 64, CHAR) FUNC(StoreInSubscriberKey) AAAHexToBinaryString

DBR(0:0) RET(RETRIEVE_SUCCESS)

DBR(*:*) RET(RETRIEVE_ERROR)

SQLStatement db_oci {

SELECT subscriber_key

FROM RAD_USERS_TABLE

WHERE user_name=:runame

}

NOTE: The subscriber_key column must be added in RAD_USERS_TABLE.

StoreInSubscriberKey is the pre-defined mapping function, which stores the binary string

into Subscriber-Key attributes respectively and inserts these AV-Pairs into

AUTHREQ_REPLY_QUEUE.

For more information on SQL Access, see Chapter 22 (page 247).

Realm-Based EAP-SIM Configuration Information in EAP.authfile

The EAP.authfile entry for a realm that supports EAP-SIM can contain an optional {}

configuration block following the EAP-Type SIM specification. This block contains realm-specific

EAP-SIM configuration information, such as the algorithm to use for the realm users, Fast-Reauth

and Psueodnym parameters discussed later in the chapter. For more information on Fast-Reauth

and Psueodnym, see “Pseudonym Identities” (page 184).

If certain parameters are not specified in the EAP-Type SIM{} configuration block, default values

are assigned. For those parameters that do not have a default value, you must specify those values

to ensure that the capability is supported.

The following rules apply to the EAP-Type SIM{} configuration block parameters:

• The parameter names are case-insensitive.

• For parameters with on and off binary values, the values, enabled, yes, on, and true

are synonymous, and the values, disabled, no, off, and false are synonymous.

• String parameter values must be enclosed within single or double quotes.

The EAP-Type SIM{} configuration block can contain any subset, including empty subsets. The

EAP.authfile configuration parameters are described in Table 17–3.

Table 41 EAP.authfile Configuration Parameters

DescriptionParameter

Specifies the default A3 algorithm for the realm. If an A3

algorithm is needed to produce the GSM triplets for this

A3 Algorithm

user's authentication, then the A3 algorithm specified in

this field is used. There is no default value. For information

166 Configuring EAP-SIM and EAP-AKA Authentication Methods