HP-UX AAA Server A.08.02 Administrator's Guide
Table 122 A-V Pair Expression Examples
DescriptionExpression Example
Allows access if either the calling number or the called
number match the specified values.
Calling-Station-Id = 123456789
||Called-Station-Id = 8005551212
Allows access if the day of the week is between Monday
and Friday.
Day-Of-Week => Monday &&Day-Of-Week <=
Friday
Allows access when one of the following is true:((Calling-Station-Id = 123456789
||Calling-Station-Id = 987654321)
• The calling number matches either specified value, and
the called number matches the specified number.
&&Called-Station-Id = 8005551212)
||!(Day-Of-Week => Monday &&Day-Of-Week <=
Friday)
• The day of the week is not between Monday and Friday.
Your expressions can be as short or as long as you like. Only one group match can be made for
each request. You can use short expressions, and manage each distinct decision (DNIS routing,
dynamic access control, membership in groups, and so on) in a separate file. Alternatively, you
can also create a single file with longer expressions that cover a wide range of decision criteria.
Specifying Attributes in Group Entries
You can create decision groups for provisioning with the A-V pairs that may be used in a user
profile for session logging with accounting attributes. For more information, see Chapter 12:
“Logging and Monitoring ” (page 99). In addition, you can use the following attributes to define
a group condition or reply.
Dynamic Access Control
Day-Of-Week A string representing the day of the week (spelled out or three letter abbreviation),
or a number from 0 to 6, where 0 represents Sunday and 6 represents Saturday. This attribute is
compared to the current system clock of the system hosting the HP-UX AAA Server that is making
the comparison.
Date-Time 24 hour clock in yyyy:mm:dd:hh:mm format. This attribute is compared to the current
system clock of the system hosting the HP-UX AAA Server that is making the comparison.
Time-of-Day 24 hour clock in hh:mm format. This attribute is compared to the current system
clock of the machine hosting the AAA server that is making the comparison. Hours must be two
digits, for example, 08:00, not 8:00.
Internal Values
Decision Assign a value to this attribute that corresponds to a predefined, or custom event is
returned to the FSM when the group entry's condition is evaluated to true.
Interlink-Packet-Code An integer value that indicates what type of RADIUS message has
been received: either 1 (Access-Request) or 4 (Accounting-Request).
Interlink-Proxy-Action A string determined by information in an Access-Request or
Accounting-Request. This indicates the name of the starting event in the FSM when the HP-UX AAA
Server receives a RADIUS message. You can preempt this value by beginning radius.fsm with an
*.*.ACK event that invokes the POLICY action, which can then determine the start event based on
a policy decision.
User-Id After the HP-UX AAA Server parses the NAI, it assigns the user name to this attribute.
User-Realm After the AAA server parses the NAI, it assigns the realm to this attribute.
Using Indirection
You can also use indirection to compare or assign attribute values to each other. Follow a Test
Operator $Value$Pos$Len syntax, where Test is the attribute to check or assign a value to, and
Value is the attribute with the value to check against or assign to the Test attribute; Operator is the
relative or Boolean operator to use. $Pos and $Len are optional parameters that allow you to
Specifying Attributes in Group Entries 443