HP-UX AAA Server A.08.02.10 Administrator's Guide HP-UX 11i v3 (T1428-90093, November 2013)

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

221

222

223

224

225

226

227

228

229

230

2. Copy the SQLAction definition for StartSessionServerGroup from

• For Oracle — /opt/aaa/examples/sqlaccess/oracle-1/

sqlaccess.config.dynauth_server_group

• For MySQL — /opt/aaa/examples/sqlaccess/mysql-1/

sqlaccess.config.dynauth_server_group

/etc/opt/aaa/sqlaccess.config, and replace <groupname> with the name of the

group.

3. To create sessions using the new SQLAction, modify the FSM as follows:

Replace the following line in /etc/opt/aaa/radius.fsm:

*.*.ACK SQLAccess Tunneling xstring="ActionID=StartSession"

with

*.*.ACK SQLAccess Tunneling xstring="ActionID=StartSessionServerGroup"

NOTE: If you have modified the StartSession SQLAction to suit your environment, the

changes must be merged with StartSessionServerGroup SQLAction.

On HP-UX AAA Servers dedicated to dynamic authorization, complete the following steps:

1. Retrieve a copy of the dbsetup.sql.dynauth_server_group script from the following

locations and store it in the /tmp directory on the database system:

• For Oracle — /opt/aaa/examples/sqlaccess/oracle-1/

dbsetup.sql.dynauth_server_group

• For MySQL — /opt/aaa/examples/sqlaccess/mysql-1/

dbsetup.sql.dynauth_server_group

2. To create the necessary tables and stored procedures, you must execute the script.

For Oracle, enter the following command at the SQL prompt:

SQL> @ /tmp/dbsetup.sql.dynauth_server_group

For MySQL, enter the following command at the mysql prompt:

mysql> source /tmp/dbsetup.sql.dynauth_server_group

3. Copy sqlaccess.config.

For Oracle, enter the following command at the prompt:

$ cp /opt/aaa/examples/sqlaccess/oracle-1/sqlaccess.config

/etc/opt/aaa/sqlaccess.config

For MySQL, enter the following command at the prompt:

$ cp /opt/aaa/examples/sqlaccess/mysql-1/sqlaccess.config

/etc/opt/aaa/sqlaccess.config

4. Configure the Database Connection (DBID) section in /etc/opt/aaa/sqlaccess.config.

• For Oracle — In the Database Connection (DBID) section of sqlaccess.config file,

replace <aaaoracleuser>, <aaaoracleuserpassword>, <hostname>,

<port>, and <SID> , with the Oracle username, password, hostname on which

database is installed, database server port number, and OracleSID.

• For MySQL — In the Database Connection (DBID) section of the sqlaccess.config

file, replace the variables <mysqlaaauser> and <mysqlaaauserpassword> with

the MySQL username and password, and set ODBCDatastore to the ODBC Data Source.

5. Append the required SQLActions after replacing <groupname> with the name of the group.

For Oracle, enter the following command at the prompt:

226 Configuring the HP-UX AAA Server for Dynamic Authorization