HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

221

222

223

224

225

226

227

228

229

230

Configuring for Disconnect and CoA Request Processing

This section describes the procedure to configure all the HP-UX AAA Servers in a group to perform

authentication, accounting, and dynamic authorization. To dedicate some HP-UX AAA Servers in

a group for dynamic authorization, see “Dedicated HP-UX AAA Servers for Dynamic Authorization”

(page 224).

To configure for Disconnect and CoA request processing when multiple HP-UX AAA Servers

belong to a group, complete the following steps:

1. Configure the HP-UX AAA Server to enable session management using SQL.

For information on how to enable session management using SQL, see Chapter 22 (page 247)

2. Retrieve a copy of the dbsetup.sql.dynauth_server_group script from the following

directories and store it in the /tmp directory on the database system:

• For Oracle — /opt/aaa/examples/sqlaccess/oracle-1/

dbsetup.sql.dynauth_server_group

• For MySQL — /opt/aaa/examples/sqlaccess/mysql-1/

dbsetup.sql.dynauth_server_group

3. To create the necessary tables and stored procedures, you must execute the script.

For Oracle, enter the following command at the SQL prompt:

SQL> @ /tmp/dbsetup.sql.dynauth_server_group

For MySQL, enter the following command at the mysql prompt:

mysql> source /tmp/dbsetup.sql.dynauth_server_group

4. Replace <groupname> with the name of the group and append the required SQLActions.

For Oracle, enter the following command at the prompt:

$ sed "s/<groupname>/test_group/g"

/opt/aaa/examples/sqlaccess/oracle-1/sqlaccess.config.dynauth_server_group

>> /etc/opt/aaa/sqlaccess.config

For MySQL, enter the following command at the prompt:

$ sed "s/<groupname>/test_group/g"

/opt/aaa/examples/sqlaccess/mysql-1/sqlaccess.config.dynauth_server_group

>> /etc/opt/aaa/sqlaccess.config

5. To create sessions using the new SQL action, modify the FSM as follows:

Replace the following line in /etc/opt/aaa/radius.fsm:

*.*.ACK SQLAccess Tunneling xstring="ActionID=StartSession"

with

*.*.ACK SQLAccess Tunneling xstring="ActionID=StartSessionServerGroup"

NOTE: If you have modified the StartSession SQLAction to suit your environment, the

changes must be merged with StartSessionServerGroup SQLAction.

6. To copy the following policy files, enter the following commands at the HP-UX prompt:

• $ cp /opt/aaa/examples/config/client-request-init.grp.dynauth

/etc/opt/aaa/client-request-init.grp

• $ cp /opt/aaa/examples/config/client-reply-ingress.grp.dynauth

/etc/opt/aaa/client-reply-ingress.grp

NOTE: If some policies have already been configured in the /etc/opt/aaa/

client-request-init.grp and /etc/opt/aaa/client-reply-ingress.grp

files, you must append the policies instead of copying.

Configuring for Dynamic Authorization 221