Manualshelf

HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
71727374757677787980
Figure 24 User Storage Parameters for Database Access via SQL
5. In the User Storage Parameters Field, select one of the following options:
RADIUS Attribute: Specify the RADIUS attribute in the <vendorID>:<attribute>
format. This RADIUS attribute must contain the SQL action used for authentication. If
vendorID is not specified, 0 that corresponds to standard RADIUS attribute will be used.
NOTE: The <vendorID> component must be a value that is defined in the vendors
file and the <attribute> component must be a value that is defined in the dictionary
file.
SQL Action Id: Select the SQL action from the drop-down list.
IMPORTANT: Ensure that the appropriate SQL action is selected from the drop-down list.
Selecting an incorrect SQL action can result in an authentication failure or unintentional changes
to the database records.
6. Complete any remaining optional fields as necessary for your configuration.
7. Click Create. If the realm is successfully created, the Local Realms screen will list the new
realm.
8. From the navigation tree, click Save Configuration
If you have multiple remote servers, you will be prompted to select and confirm the servers
where the realm configuration will be applied.
Configuring Realms for LDAP
This section discusses how to configure realms for Lightweight Directory Access Protocol (LDAP).
These realms can be configured only after setting up the LDAP server. See Chapter 21: “LDAP
Authentication” (page 244) for information on setting up an LDAP server.
To configure each realm using LDAP, you must specify the directory server, search base, and other
parameters necessary to find profiles for the users in the realm.
Complete the following steps to configure realms for LDAP:
1. From the navigation tree, click Local Realms.
2. On the Local Realms screen, click New Local Realm to open the Local Realm Attributes screen.
3. In the Name field, enter the name of the realm to map to the defined LDAP location. This name
does not have to be a DNS host name. However HP recommends that the realm name
corresponds with the domain name. This way, the user recognizes the user@realm syntax
which resembles their e-mail address.
4. In the User Authentication Field, select the authentication methods to authenticate users for the
realm. If you are using TTLS-PAP, TTLS-MSCHAP, or TTLS-CHAP, select Enable RADIUS Standard.
For all other methods, select Enable EAP and choose at least one EAP method from the
drop-down list.
5. In the User Profile Storage field, select LDAP.
The user storage parameters for LDAP appear when you select LDAP from the User Profile
Storage drop-down list. These parameters identify a section of the directory tree on one or
more LDAP servers where the HP-UX AAA software will attempt to retrieve user profiles.
Configuring Realms for Authentication using an External Server 77