Manualshelf

HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
341342343344345346347348349350
HP-UX AAA Server Operation
Figure 100 depicts the HP-UX AAA Server operation from the troubleshooting perspective.
Figure 100 HP-UX AAA Server Operation
The HP-UX AAA Server operation consists of the following steps:
1. The user or device that requires authentication communicates with the RADIUS client and
provides authentication credentials such as user name and password. At this stage, incorrect
supplicant configuration or invalid credentials can lead to authentication failures or an
unresponsive HP-UX AAA Server.
NOTE: Troubleshooting the supplicant is outside the scope of this chapter. See your supplicant
vendor’s documentation for troubleshooting information.
2. The RADIUS client (for example, access point or NAS) sends a RADIUS Access-Request Message
to the HP-UX AAA Server.
At this stage, incorrect client configuration and bad RADIUS messages can lead to
authentication or accounting failures, or an unresponsive HP-UX AAA Server.
3. The HP-UX AAA Server examines the request and validates the user credentials based on the
configured authentication mechanism.
At this stage, incorrect HP-UX AAA Server configuration, internal errors, or invalid credentials
passed to it by the RADIUS client can cause authentication/accounting failures. These cases
may cause the HP-UX AAA Server to ignore the RADIUS client’s request.
4. Based on the configured authentication mechanism, the HP-UX AAA Server can contact one
or more external services:
a. The HP-UX AAA Server can contact an external service such as a database or LDAP
directory server to retrieve user information and perform authentication.
b. The HP-UX AAA Server can forward the request to a proxy HP-UX AAA Server for
authentication.
c. The HP-UX AAA Server can contact a DHCP server for IP address management.
If the external service is busy, unavailable, or invalid credentials are passed to it by the HP-UX
AAA Server, the HP-UX AAA Server will not authenticate the user and may not respond.
5. If authentication is successful, the HP-UX AAA Server returns an Access-Accept message along
with provisioning attributes to the RADIUS client.
The RADIUS client allows the supplicant to connect to the configured network service.
At this stage, incorrect attributes returned to the RADIUS client (or incorrect attributes expected
by the RADIUS clients) can prevent the supplicant from connecting to the network service.
HP-UX AAA Server Operation 343