HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

231

232

233

234

235

236

237

238

239

240

Figure 77 Proxy Functionality

Configuring for Dynamic Authorization Proxy Functionality

To configure the HP-UX AAA Server for Dynamic Authorization proxy functionality, you must

configure the routing tables for the requests in the /etc/opt/aaa/proxy-egress.grp proxy

egress policy file.

You can configure the routing tables on the basis of attributes, such as user's realm and target

NAS (authenticator), in the incoming request.

Configuring on the Basis of User's Realm

To configure routing tables based on the user's realm, add the following lines in the /etc/opt/

aaa/proxy-egress.grp file:

if( Interlink-Packet-Code = "Disconnect-Request" ||

Interlink-Packet-Code = "COA-Request" )

{

if( (count(User-Name) > 0) && substr(User-Name after "@") = "<realm>" )

{

modify Interlink-Proxy-Target = "<Hostname or IP Address of Proxy Target Server>"

}

Configuring on the Basis of NAS

To configure routing tables based on NAS (authenticator), add the following lines in the /etc/

opt/aaa/proxy-egress.grp file:

if( Interlink-Packet-Code = "Disconnect-Request" ||

Interlink-Packet-Code = "COA-Request" )

{

if( count(NAS-Identifier) > 0 && NAS-Identifier = "<DNS name of NAS>" )

{

modify Interlink-Proxy-Target = "<Hostname or IP Address of Proxy Target Server>"

}

NOTE: The HP-UX AAA Server configuration must include all the remote proxy servers that forward

messages to or receive forwarded messages from this HP-UX AAA Server. If a remote proxy server

is not included in the configuration, the server does not handle or forward requests to it. The Proxies

screen in the HP-UX AAA Server Manager allows you to add, modify, or delete a remote proxy

server in the server configuration. For information on how to configure Proxies, see Chapter 9

(page 81).

Configuring for Failover

The HP-UX AAA Server supports failover functionality for dynamic authorization requests. You can

configure a secondary server to which the requests must be sent in case the primary server fails to

respond.

To configure a secondary server, add the following lines in the /etc/opt/aaa/

client-request-egress.grp file:

insert Client-Request-Secondary-Server = <hostname or IP address of secondary server>

232 Configuring the HP-UX AAA Server for Dynamic Authorization