HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

321

322

323

324

325

326

327

328

329

330

Table 96 Attributes Typically Used in Policy Group Conditions and Replies

DescriptionAttribute

This attribute contains the code from the RADIUS packet header. It can have

an Access-Request or an Accounting-request value.

Interlink-Packet-Code

This attribute contains an event which indicates the type of the request. This

is also the event which will be delivered to the FSM (as per the default FSM).

If this policy returns ACK, it can have one of the following values:

Interlink-Proxy-Action

• AUTHEN - This value indicates a normal access request.

• AUTH_ONLY - This value indicates an Authenticate-Only type request.

• AUTHENTICATE- This value indicates a proxied access request, or an

inner authentication request in the case of tunneled EAP methods like TTLS

or PEAP.

• ACCT - This value indicates an accounting request.

• LAS_ACCT - This value indicates a proxied accounting request.

• MGT_POLL - This values indicates a server status request (radcheck

request)

This attribute contains information about whether this is a normal request or

a continuation of an in-progress EAP conversation. It can have a REQUEST

or CONTINUATION value.

Interlink-Request-Type

This attribute contains the reply status. It can have one of the following values:Interlink-Reply-Status

• ACK - This results in an Access-Accept response being sent for an

Access-Request and an Accounting-Response for Accounting-Request.

• ACC_CHAL - This results in an Access-Challenge response being sent for

an Access-Request. No response is sent for an Accounting-Request.

• NAK - This results in an Access-Reject response being sent for an

Access-Request. No response is sent for an Accounting-Request.

This attribute contains the name of the proxy target, which is normally

configured in one of the authfiles. The proxy target can be overridden in this

policy file by modifying this attribute.

Interlink-Proxy-Target

Contains the userid portion of the NAI (userid@realm) after the server parses

the NAI

User-ID

Contains the realm portion of the NAI (userid@realm) after the server parses

the NAI

User-Realm

A string that contains the time of day when the request was received. It uses

a 24-hour clock in the hh:mm format.

Time-of-Day

An integer that represents the day of the week when the request was received,

where 0 represents Sunday and 6 represents Saturday.

Day-Of-Week

A string that contains the date and time when the request was received. It

uses a 24-hour clock in the yyyy:mm:dd:hh:mm format.

Date-Time

Modifying the FSM for Specific Customizations

To invoke policies from within the FSM, you must use the POLICY AATV. The policy to be evaluated

must be passed in the xstring parameter. The xstring parameter uses the following URL syntax:

decisionfile:// <name of decision file>

For example, if MyPolicy.policy is a decision file present in the configuration directory, then

use the following URL as the value of xstring parameter for the POLICY AATV to invoke this

policy:

decisionfile://MyPolicy.policy

For more information on FSM modifications, and the xstring parameter, see Chapter 26

(page 290).

324 Customizing the HP-UX AAA Server Using Policies