HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

441

442

443

444

445

446

447

448

449

450

25 }

26 }

Line 1 Names the first group entry Controlled-Access.

Lines 2 to 5 If the user calls from 1234567890, or calls into 8005551212, the user

belongs to this group.

Lines 7 to 9 The Authentication-Type attribute indicates that requests from members of

this group must be proxied. The Server-Name and Server-Port attributes

specify flatland.com:1812 as the remote server that must receive the proxied

request.

Line 10 The Decision attribute returns the Forward value to the FSM as an event.

The radius.fsm file must be modified to recognize this event and to call

the RADIUS module when it occurs. For more information, see Chapter 12:

“Logging and Monitoring ” (page 99).

Line 13 Names the second group entry Denied-Access.

Lines 14 to 16 If the user calls into 8001234567, the user belongs to this group.

Lines 18 The Authentication-Type attribute indicates that the request must be ignored.

Line 19 The Decision attribute returns the Abandon value to the FSM as an event.

The radius.fsm file must be modified to recognize this event to end the

request when it occurs. For more information, see Chapter 12: “Logging

and Monitoring ” (page 99).

Line 22 Names the third group Normal. Requests that do not match with the previous

two groups are matched to this group, because this group entry does not

include a condition section.

Line 24 This line uses indirection to pass the current event ($Interlink-Proxy-Action)

to the FSM. As a result, the HP-UX AAA Server handles the request as if

DNIS routing did not occur.

DAC.grp for Dynamic Access Control

The example discussed in this section shows a simple DAC decision scheme based on the value

of an Access-Group attribute.

• Allow access to users in the weekday group during a weekday

• Allow access to users in the daytime group during the day

• Allow access to users in the nighttime group during the night

• Otherwise, deny access to users

For an example of a modified radius.fsm file that works with this decision file, see Chapter 12:

“Logging and Monitoring ” (page 99). This decision file works only if the Access-Group attribute

is added to the dictionary file and user profiles as a configuration item. For more information,

see “The dictionary File ” (page 390).

1 Group Weekday-Access {

2 Condition {

3 (Access-Group = weekday) &&

4 ((Day-Of-Week >= Monday) && (Day-Of-Week <= Friday))

5 }

6 Reply {

7 Decision = ACK

8 Reply-Message = "Weekday access allowed"

9 }

10 }

11 Group Daytime-Access {

12 Condition {

13 (Access-Group = daytime) &&

14 ((Time-Of-Day >= 06:00) && (Time-Of-Day <= 20:00))

15 }

16 Reply {

Example Group Entries 445