HP-UX AAA Server A.08.02.10 Administrator's Guide HP-UX 11i v3 (T1428-90093, November 2013)
Format of Accounting Records in the Default Merit Style...................................................103
Time-Based Values..................................................................................................104
Client A-V Pairs......................................................................................................104
User Entry A-V Pairs................................................................................................104
Session Tracking.....................................................................................................104
Writing Livingston CDR Accounting Records....................................................................105
Livingston CDR Session Record Format.......................................................................105
Changing the Accounting Log Filename.........................................................................106
Changing the Accounting Log Rollover Interval................................................................106
Rolling Over the Log File and Accounting Stream and Setting the Log Level.........................106
III Advanced Configuration Information........................................................108
13 Securing LAN Access With EAP..........................................................113
Overview........................................................................................................................113
The Secure LAN Advisor..............................................................................................113
Preparing Your LAN ........................................................................................................114
Determining the EAP Authentication Method to Use..............................................................114
Securing WLANs with the HP-UX AAA Server......................................................................116
Digital Certificate Administration........................................................................................116
Using the “Self-Signed” Digital Certificates.....................................................................117
Installing Your Own Digital Certificates and Keys.............................................................117
Installing Server Certificates and Keys.......................................................................118
Installing Client Certificates and Keys........................................................................118
Defining Certificate Locations on the HP-UX AAA Server..............................................118
14 Managing Sessions...........................................................................120
Session Logs....................................................................................................................120
Displaying Session Attributes........................................................................................120
Stopping a Session......................................................................................................121
Session Limits..................................................................................................................121
Setting Limits on a User-by-User Basis.............................................................................121
Setting Timeout Values............................................................................................121
Establishing a Filter.................................................................................................121
Limiting Access Points (NAS-Port, NAS-ID, Calling-Station ID, and others).......................122
Denying Access (Called-Station-ID and others)............................................................122
Limiting Simultaneous Sessions.................................................................................122
Setting Limits for Users on a Global Basis.......................................................................123
Setting Limits for All User Profiles Grouped by Realms..................................................123
15 Assigning IP Addresses......................................................................124
Assigning Static IP Addresses............................................................................................124
To Assign a Static IP (IPv4) Address to a Profile in Flat Files...............................................124
To Assign a Static IPv6 Address to a Profile in Flat Files....................................................125
To Assign Static Traditional IP (IPv4) Addresses to a User Profile in an LDAP LDIF File...........126
To Assign Static IPv6 Addresses to a User Profile in an LDAP LDIF File................................126
Assigning Dynamic IP Addresses Using DHCP.....................................................................127
16 OATH Standards-Based OTP Authentication..........................................128
OTP and OATH Overview.................................................................................................128
HP-UX AAA Server and OATH Support...............................................................................129
Supported OTP Functions for RADIUS Standard Password (PAP) and MS-CHAP v2....................130
Components Required to Configure OTP Authentication.........................................................131
Configuring OTP Authentication on the HP-UX AAA Server ...................................................131
OTP Authentication Configuration Flowchart...................................................................131
Basic or Typical Configuration.......................................................................................134
Advanced Configuration..............................................................................................135
6 Contents