Manualshelf

HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
211212213214215216217218219220
“Configuring for Failover” (page 232)
“Security Consideration in Dynamic Authorization” (page 233)
Migrating Existing SQL Access Deployments for Dynamic Authorization
If session management using SQL Access is already configured based on the reference
implementation files delivered with HP-UX AAA Server version A.07.01 or earlier, you must complete
the following additional steps for the Disconnect and CoA functionalities:
1. To add the additional columns required for dynamic authorization, modify the session table
as follows:
If you are using Oracle, enter the following at the SQL prompt:
SQL> alter table RAD_SESS_TABLE add
(
session_timeout number(11),
from_host varchar2(253),
session_status varchar2(253),
sess_mod_time TIMESTAMP,
filter_id varchar2(253)
);
If you are using MySQL, enter the following at the mysql prompt:
mysql> alter table RAD_SESS_TABLE add
(
session_timeout INT,
from_host varchar(253),
session_status varchar(253),
sess_mod_time TIMESTAMP,
filter_id varchar(253)
);
2. To insert values in the new columns while creating a session, modify the StartSession SQL
action. Following is the list of new columns in the session table, and their corresponding values:
1. session_timeout Specifies the value configured in the Session-Timeout attribute.
You can configure the Session-Timeout attribute using either the user profile or through
policy. The following mapping is used to insert this value:
For Oracle,
RAD(Session-Timeout, REPLY) DBP(sess_timeout, 11, INT)
For MySQL,
RAD(Session-Timeout, REPLY) DBP(9, 11, INT)
2. from_host — Specifies the host from which the authentication request was received.
The get_from_host mapping function retrieves this value. The following mapping is
used to insert this value:
For Oracle,
FUNC(get_from_host) DBP(from_host, 253, CHAR)
For MySQL,
FUNC(get_from_host) DBP(10, 253, CHAR)
3. session_status — Specifies the status of the session. The initial state is set to
<server_name>_ACTIVE. The get_server_name mapping function retrieves a unique
value for <server_name>. The following mapping is used to insert this value:
For Oracle,
FUNC(get_server_name) DBP(server_name, 259, CHAR)
For MySQL,
218 Configuring the HP-UX AAA Server for Dynamic Authorization