Manualshelf

HP-UX AAA Server A.08.02.10 Administrator's Guide HP-UX 11i v3 (T1428-90093, November 2013)

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
221222223224225226227228229230
Figure 67 Multiple HP-UX AAA Servers in a Group for Dynamic Authorization
In Figure 67, sessions in the database that must either be disconnected or changed are distributed
among the live HP-UX AAA Servers within the group. Each HP-UX AAA Server within the group
subsequently, initiates Disconnect or CoA message exchanges with the authenticator for the
sessions assigned to it.
The requirement to distribute Disconnect and CoA messages is met as follows:
In the default reference implementation, the session status is always prefixed with the server
name to ensure that the sessions created by a particular HP-UX AAA Server is processed only
by that HP-UX AAA Server. However, when an HP-UX AAA Server belongs to a group, sessions
created by the HP-UX AAA Server can be processed by any other HP-UX AAA Server in the
same group. Therefore, the group name must be prefixed to the session status, and the initial
status must be <groupname>_ACTIVE.
The live HP-UX AAA Servers must be easy to identify at any point of time. For this purpose, a
new database table, called RAD_SERVER_TABLE is included. This table includes two columns:
server_name and update_time. The value of the server_name column is
<groupname>_<server_name>. All the HP-UX AAA Servers include a TimedEvent
SQLAction, which periodically updates the update_time in this table. Using this table we
can determine the list of HP-UX AAA Servers that are live by verifying the update_time. A
stored procedure, called update_server_table is used to update the RAD_SERVER_TABLE.
The stored procedures, distribute_disconnect_sessions and
distribute_coa_sessions, are used to distribute the sessions. These stored procedures
determine the list of sessions to which Disconnect and CoA requests must be sent, and
ensure that the requests are distributed among the live HP-UX AAA Servers. The
RAD_SERVER_TABLE is used to determine the list of live HP-UX AAA Servers.
For more information on these stored procedures and tables, see the following:
For Oracle — /opt/aaa/examples/sqlaccess/oracle-1/
dbsetup.sql.dynauth_server_group
For MySQL — /opt/aaa/examples/sqlaccess/mysql-1/
dbsetup.sql.dynauth_server_group
Configuring for Dynamic Authorization 221