HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

231

232

233

234

235

236

237

238

239

240

}

NOTE: The following requirement is applicable for Oracle only. If DHCP is enabled, replace

the following line in the /etc/opt/aaa/client-reply-ingress.grp file:

insert Client-Request-Cleanup-ActionId = "CleanupDisconnectedSession"

with

insert Client-Request-Cleanup-ActionId = "CleanupDisconnectedSession-DHCP"

If multiple HP-UX AAA Servers are configured as a group, enter

UpdateCoASessionServerGroup, SuspendDisconnectedSessionServerGroup

and SuspendCoASessionServerGroup instead of UpdateCoASession,

SuspendDisconnectedSession, and SuspendCoASession respectively.

5. Set the Authorize-Only-ActionId attribute to the SQL Access action ID that must be

used for Access-Request, whose Service-Type attribute value is Authorize Only.

Add the following lines in the /etc/opt/aaa/request-ingress.grp file:

## Set the SQLAccess Action ID to be used for Authorize Only type requests.

if( count(Service-Type) != 0 && Service-Type = "Authorize-Only" )

{

insert Authorize-Only-ActionId = "AuthorizeSession"

}

NOTE: If multiple HP-UX AAA Servers are configured as a group, enter

AuthorizeSessionServerGroup instead of AuthorizeSession.

6. Add the State attribute in the generated CoA-Request. In the /etc/opt/aaa/

sqlaccess.config file, add the following mapping in the CreateDisconnectReq and

CreateCoAReq SQLActions:

FUNC(gen_state) RAD(State, REPLY)

NOTE: If multiple HP-UX AAA Servers are configured as a group, the mapping must be

added in the CreateDisconnectReqServerGroup and CreateCoAReqServerGroup

SQLActions in the /etc/opt/aaa/sqlaccess.config file.

Configuring for Proxy Functionality

In addition to disconnecting and changing the authorization of user sessions, the HP-UX AAA

Server can act as a proxy for Dynamic Authorization requests to a target Network Access Server

(NAS). AAA proxy is an entity that acts as a client as well as a server. When a request is received

from a Dynamic Authorization Client (DAC), the proxy acts as a Dynamic Authorization Server

(DAS). If the same request must be forwarded to another AAA entity, the proxy acts as a DAC.

Requests are sent based on the configuration. For example, using advanced policy, you can

configure on the basis of user-realm or target NAS. The proxy HP-UX AAA Server listens to

Disconnect and CoA requests on a port that can be configured. The configuration settings of

this port are the same as that of authentication and accounting proxy ports. The default port is

3799.

Figure 77 illustrates the Dynamic Authorization proxy functionality.

Configuring for Dynamic Authorization 231