HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

391

392

393

394

395

396

397

398

399

400

pruning in the clients file, see “The clients File” (page 386). The pruning to apply is defined by

pruning expressions in the dictionary's attribute entries.

These optional expressions are defined in an attribute entry as follows:

(ack, nak, chall, {NOLOG | ENCAPS | NOENCAPS | CONFIG | INTERNAL})

NOTE: If any value is omitted, but the comma is present for that value, that value will use its

default. If the expression is omitted, all values use their defaults.

ack, nak, chall, determine how many instances of the attribute may be added to an

Access-Accept (ack), an Access-Reject (nak), or an Access-Challenge

(chall) reply. They can be specified as one of the following values:

• 0: no attributes of this kind are part of the final reply. This is the default value.

• 1: at most, one attribute of this kind can be part of the final reply.

• *: any number of attributes of this kind can be part of the final reply.

NOTE: Since the default values for ack, nak, and chall are 0, added vendor-specific attributes

will not be returned to the NAS in any replies if you do not include a pruning expression.

{NOLOG | ENCAPS | NOENCAPS} define how the server reacts to the attribute:

• NOLOG: the attribute will not be added to the logfile or session logs.

• ENCAPS (or ENCAPSULATE): the attribute will be encapsulated in the vendor-specific attribute,

regardless of the vendor. This is a default value.

• NOENCAPS: the attribute will not be encapsulated within the vendor-specific attribute.

• CONFIG: the attribute is a configuration item.

• INTERNAL: the attribute is internal to the server and will be removed from incoming and

outgoing RADIUS messages.

NOTE: ENCAPS and NOENCAPS keywords are mutually exclusive. If you specify both, only the

last one will apply. CONFIG is mutually exclusive from NOLOG, ENCAPS, NOENCAPS, and

INTERNAL.

Examples:

ATTRIBUTE Framed-Protocol 7 integer (1, 0, 0)

ATTRIBUTE User-Realm 223 string (*, 0, 0, NOENCAPS)

# Interlink Networks Vendor Specific Extensions

# Interlink.Attr Address-Pool 1 string (0,0,0,INTERNAL)

Interlink.Attr Date-Time 2 string (0,0,0,INTERNAL)

Value Entries

Syntax of Dictionary Value entries is shown below:

VALUE attribute-name value-name integer-encoding

NOTE: Vendor-specific value identifier strings are defined in the vendors file and may be used

in place of the default strings VALUE. For more information, see “Syntax of a vendors File”

(page 395).

attribute-name is replaced by the name of the attribute that this value is associated with.

value-name is replaced by the name of the value.

integer-encoding is replaced with the actual value code used in the A-V pair data format.

Examples

392 Configuration Files