Manualshelf

HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
321322323324325326327328329330
1. Replace the radius.fsm file in the server's configuration directory with /opt/aaa/
examples/config/DNIS.fsm. For example, if the server's configuration directory is /etc/
opt/aaa/radius.fsm, then enter the following command:
# cp /opt/aaa/examples/config/DNIS.fsm /etc/opt/aaa/radius.fsm
NOTE: Take a backup of /etc/opt/aaa/radius.fsm before replacing it.
2. Modify the Start4 state, as shown below, so that the Xstring parameter points to the fully
qualified domain name or IP address of the server to which you are forwarding requests. The
server must be listed in the HP-UX AAA server’s clients file. The clients file entry is
needed to obtain the shared secret. For more information, see Chapter 7 (page 69) and
Chapter 9 (page 81). For more information on the clients file, see “The clients File
(page 386)
Start4: *.*.Forward RAD2RAD Start4a Xstring=192.168.0.0
3. Save and close the radius.fsm file.
4. Copy the sample decision file /opt/aaa/examples/config/DNIS.grp to the HP-UX
AAA server's configuration directory using the following command:
# cp /opt/aaa/examples/config/DNIS.grp /etc/opt/aaa/
Step 2 – Defining the DNIS Routing Policies
You must edit the DNIS.grp file to define DNIS routing policies. To edit the DNIS.grp file,
complete the following steps:
1. Edit the DNIS.grp decision file to reflect your station-based access policies. For example, to
change the Calling-Station and Called-Station numbers in the Controlled Access condition,
edit the DNIS.grp file as follows:
# Controlled Access
if ( (Calling-Station-Id = "7341234567") ||
(Called-Station-Id = "7341236543") )
{
exit "Forward"
}
You can enter additional attributes to these access groups if your policies require that other
conditions must be met.
Comment out any condition you do not need by placing a hash symbol (#) before each line.
The last line must remain unchanged so that it authenticates a user who does not match one
of the other conditions.
2. If you rename the DNIS.grp file, move it to the HP-UX AAA server's configuration directory
and edit radius.fsm so that the Start3 state Xstring parameter points to the correct file
name.
Sample Policy Implementations 327