Manualshelf

HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
221222223224225226227228229230
## Set the RADIUS message type of the request to COA-Request.
insert Interlink-Packet-Code = "COA-Request"
Insert a Service-Type attribute. Assign Authorize-Only as the value of the attribute.
Append the following lines at the end of the /etc/opt/aaa/
client-request-init.grp file:
## Add Service-Type attribute with value "Authorize Only"
insert Service-Type = "Authorize-Only"
3. A CoA-Request, whose Service-Type attribute value is Authorize Only, must include
session and NAS identification attributes only. Therefore, the Filter-Id attribute must
be removed from the Change-Of-Authorization request. Add the following lines in the /etc/
opt/aaa/client-request-egress.grp file:
if( count(Service-Type) != 0 && Service-Type = "Authorize-Only" && Client-Action-Name = "COA")
{
## Delete the Filter-Id attribute.
delete Filter-Id
}
4. To handle a response to CoA-Request, whose Service-Type attribute value is
Authorize-Only, modify the client-reply-ingress.grp file. Add the following lines
at the beginning of the /etc/opt/aaa/client-reply-ingress.grp file:
if( count(Service-Type) != 0 && Service-Type = "Authorize-Only" )
{
if( Interlink-Packet-Code = "COA-NAK" && count(Error-Cause) != 0 &&
Error-Cause = "Request_Initiated" )
{
## Authorize Only request succeeded.
if( Client-Action-Name = "Disconnect" )
{
## Set the SQLAccess ActionID to be used for Disconnect success.
insert Client-Request-Cleanup-ActionId = "CleanupDisconnectedSession"
}
else
{
if( Client-Action-Name = "COA" )
{
## Set the SQLAccess ActionID to be used for COA success.
insert Client-Request-Cleanup-ActionId = "UpdateCOASession
"
## Set the Filter-Id based on the current time of day.
if( Time-Of-Day >= "08:00" && Time-Of-Day <= "20:00" )
{
insert Filter-Id = "daytime_filter"
}
else
{
insert Filter-Id = "nighttime_filter"
}
}
}
}
else
{
## Authorize Only request failed.
if( Client-Action-Name = "Disconnect" )
{
## Set the SQLAccess ActionID to be used for Disconnect failure.
insert Client-Request-Cleanup-ActionId = "SuspendDisconnectedSession"
}
else
{
if( Client-Action-Name = "COA" )
{
## Set the SQLAccess ActionID to be used for COA failure.
insert Client-Request-Cleanup-ActionId = "SuspendCOASession"
230 Configuring the HP-UX AAA Server for Dynamic Authorization