HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

171

172

173

174

175

176

177

178

179

180

}

ResyncSQN SQL action derives the SQN from Vendor-specific attribute (AKA-Synchronization-Token)

(AUTS) in the REPLY queue that is sent by the client when a synchronization failure occurs. The

first mapping retrieves the subscriber key for the corresponding real identity and the second mapping

inserts the derived SQN back to the database. A predefined sample GetResyncAkaSeqNum

mapping function is used to extract the SQN from AUTS. The mapping function inserts the extracted

SQN into REPLY queue after converting it into the hex string format.

SQLAction ResyncSQN {

{

input

RAD(Real-Username, REPLY) DBP(runame, 253, CHAR)

output

DBR(100:*) RET(NAK)

DBR(-1:*) RET(ERROR)

DBC(subscriber_key, 64, CHAR) FUNC(GetReSyncAkaSeqNum) AAAHexToBinaryString

DBR(0:0) RET(ACK)

DBR(*:*) RET(ERROR)

SQLStatement db_oci {

SELECT subscriber_key

FROM RAD_USERS_TABLE

WHERE user_name=:runame

}

{

input

RAD(AKA-Sequence-Number, REPLY) DBP(seqnum, 253, CHAR)

RAD(Real-Username, REPLY) DBP(ruser, 253, CHAR)

output

DBR(-1:*) RET(ERROR)

DBR(0:0) RET(ACK)

DBR(*:*) RET(NAK)

SQLStatement db_oci {

UPDATE RAD_USERS_TABLE set aka_sequence_number=:seqnum

where user_name=:runame

}

NOTE: The above SQL actions require the subscriber_key and the aka_sequence_number

columns to be added in the RAD_USERS_TABLE as string type. The mapping functions mentioned

in the above example are for demonstration purposes only. You must customize the mapping

functions based on the requirements. For more information on SQL Access Mapping functions, see

“SQL Access” (page 247). For information on how to write AATVs, see “Customizing the HP-UX

AAA Server Using the SDK” (page 328).

Global EAP-AKA Configuration in aaa.config

The aatv.EAP-AKA{} configuration block, located within the aaa.config file contains global

EAP-AKA configuration information. These parameters represent global default values, which do

not correspond to any realm-based parameter.

The following rules apply to the aatv.EAP-AKA{} configuration block parameters:

• The parameter names are case-insensitive.

• For parameters with on and off binary values, the values, enabled, yes, on, and true

are synonymous, and the values, disabled, no, off, and false are synonymous.

• String parameter values must be enclosed in single or double quotes.

The aatv.EAP-AKA{} configuration block, in aaa.config file, can contain any subset, including

empty subsets. These parameters are global. Table 45 lists the configuration block parameters.

EAP-AKA 177