HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

221

222

223

224

225

226

227

228

229

230

6. Enter the following values in the respective fields, within the Client Action Properties

window:

Name: COA

Timer Value: 60

Max Requests: 0

10. To activate the changes, restart the HP-UX AAA Server.

Dynamic Authorization in Authorize Only Mode

To ensure simplicity of translation between RADIUS and DIAMETER, RFC 5176 describes a different

sequence of message exchanges between the HP-UX AAA Server and the NAS for Disconnect

and CoA. Figure 76 illustrates dynamic authorization in authorize only mode.

Figure 76 Dynamic Authorization in Authorize Only Mode

The sequence of steps involved in the message exchange is as follows:

1. The HP-UX AAA Server sends a CoA-Request that includes the Service-Type attribute.

The value of attribute is Authorize Only. Therefore, the mode is called Authorize Only.

In addition to the Service-Type attribute, the CoA-Request includes session identification

attributes, a State attribute, and NAS identification attributes. The CoA-Request

does not contain any other attribute.

2. If the NAS supports the Authorize Only mode, it responds with a CoA-NAK containing the

Service-Type and Error-Cause attributes. The value of the Service-Type attribute is

Authorize Only and the value of the Error-Cause attribute is Request Initiated.

3. Subsequently, the NAS sends an Access-Request to the HP-UX AAA Server, including a

Service-Type attribute and the State attribute that was sent by the HP-UX AAA Server in

the initial CoA-Request. The value of the Service-Type attribute is Authorize Only.

4. The HP-UX AAA Server responds to the Access-Request with an Access-Accept to

reauthorize the session or an Access-Reject to disconnect it.

Configuring for Dynamic Authorization in Authorize Only Mode

To configure the HP-UX AAA Server for dynamic authorization in the Authorize Only mode, complete

the following steps:

1. To configure the HP-UX AAA Server to send Disconnect and CoA requests in the default

mode, complete the procedure described in the following files:

• For Oracle — /opt/aaa/examples/sqlaccess/oracle-1/README

• For MySQL — /opt/aaa/examples/sqlaccess/mysql-1/README

2. Modify the /etc/opt/aaa/client-request-init.grp file as follows:

• For Authorize Only mode, the RADIUS message type for both Disconnect and CoA

requests must be CoA-Request. Therefore, replace the following lines:

## Set the RADIUS message type of the request to Disconnect-Request.

insert Interlink-Packet-Code = "Disconnect-Request"

with

Configuring for Dynamic Authorization 229