Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX AAA Server A.06.00 Getting Started Guide: HP-UX 11.0, 11i v1 > Chapter 3 Basic Configuration Tasks

Storing User Profiles
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

The user information that determines how an access request is authenticated and authorized is configured in a profile as a set of A-V pairs. These user profiles are grouped by realm and may be stored in flat text files or an external source such as an Oracle database or and LDAP server. Realms are recognized by the realm component of a user's Network Access Identifier. If you have a small AAA deployment without several realm-specific configurations, you can define a default realm and store it in the users file.

Storing User Profiles in the Default Users File

When the AAA server receives a request, before it checks for profiles grouped by realms, it first checks the default users file for a matching profile. Use the following steps to store user profiles in the default users file:

  1. Access the Server Manager.

  2. Load the configuration from the appropriate AAA server by selecting the Load Configuration link from the Navigation Tree.

  3. Select the Users link from the Navigation Tree.

  4. Select the New User link.

  5. The User Attributes screen will appear. In the User Name text box, enter the name of the user profile.

  6. In the Password text box, enter the value to match to the value to compare to the Password attribute value in the request.

  7. You may enter values in the remaining fields to control the users session. These fields are optional and correspond to RADIUS A-V pairs that are explained in more detail in the HP-UX AAA Server Administration and Authentication Guide.

  8. Select the Create button.

  9. Select Save Configuration from the Navigation Frame. If you have multiple remote servers, you will prompted to select and confirm which servers you wish to add the access device entry to.

CAUTION: Save Configuration will save the entire server configuration (access devices, proxies, local realms, users, and server properties) to the servers you specify.

Storing Wireless User Profiles Locally

If you want to authenticate users with EAP, you will need to identify the wireless access point (WAP), the users' realms, and the user profiles. For more information about EAP, refer to the HP-UX AAA Server Administration and Authentication Guide. Use the following steps to store wireless user profiles locally:

  1. Select the Access Devices link

  2. Select the New access device link from the Access Device screen. The Access Device Attributes screen appears.

  3. In the Name field identify the IP address or DNS name of the WAP.

  4. In the Shared secret field identify the encryption key, or shared secret, between the WAP and the AAA server.

  5. From the Vendor drop-down list, select Generic or the WAP vendor if the vendor appears in the vendors file.

  6. Select any of the Options check boxes to define additional instructions to handle the Access-Request.

  7. Select the Create button.

  8. For each individual user that will be authenticated through EAP, you will need to add a user profile to the RADIUS server. Select the Users link.

  9. Select the New User link from the Users screen. The Users Attributes screen appears.

  10. In the User Name field identify the user profile by user name and the users realm (user@realm).

  11. From the Authentication Type drop-down list, select Realm.

  12. Complete any of the remaining optional fields as necessary for your configuration.

  13. Select the Create button.

  14. Repeat steps 8 to 13 for each user profile that you need to configure.

  15. For each realm using EAP, you must associate the realm name with the type of EAP to perform. Select the Local Realms link.

  16. Select the New local realm link from the Local Realms screen. The Local Realm Attributes screen appears.

  17. In the Name field identify the name of the realm that will use EAP.

  18. From the Authentication Type drop-down list, select EAP as the authentication type. The extended parameters for EAP will appear

  19. From Extended Parameters select the EAP type(s) to use.

  20. Complete any of the remaining optional fields as necessary for your configuration.

  21. Select the Create button.

  22. Repeat steps 15 to 21 as necessary for your configuration.

  23. Select the Save Configuration link from the Navigation Frame. If you have multiple remote servers, you will prompted to select and confirm which servers you wish to add the access device entry to.

CAUTION: Save Configuration will save the entire server configuration (access devices, proxies, local realms, users, and server properties) to the servers you specify.

Grouping Users by Realm

While the HP-UX AAA Server can authenticate an individual user, you may want to authenticate and provision a group of users according to a common criteria, like an authentication type. One method of grouping users is according to the realm that they belong to. A realm is derived from a user's Network Access Identifier, for example: name@sample.com where sample.com is the realm. Use the following steps to store user profiles in a flat text file grouped by realm:

  1. Access Server Manager.

  2. Select the Local Realms link from the Navigation Tree and then select the New local realm link

  3. In the Name field, enter the users realm.

  4. From the Authentication Type drop-down list, select File.

  5. In the DNS or filename text box, enter a name for the file that will store the profiles. If the file does not already exist, it will automatically be created when you save the realm definition.

    NOTE: You can configure different realms to save users profiles in the same file.

  6. Select the Create button.

  7. Return to the Local Realms screen to add user profiles to the realm.

  8. From the Local Realms screen, select the following icon for the realm that you wish to add user profiles for:

  9. From the Users screen select the New User link.

  10. In the User Name text box, enter the name of the users profile.

  11. In the Password text box, enter the value to match to the value to compare to the Password attribute value in the request.

  12. You may enter values in the remaining fields to control the users session. These fields are optional and correspond to RADIUS A-V pairs that are explained in more detail in the "A-V Pairs" chapter of HP-UX AAA Server Administration and Authentication Guide.

  13. Select the Create button in the User Attributes screen.

  14. Repeat steps 9 to 13 for each user profile you wish to add to the realm.

  15. Repeat these steps to add additional realms and groups of users.

  16. Select Save Configuration from the Navigation Frame. If you have multiple remote servers, you will prompted to select and confirm which servers you wish to add the access device entry to.

CAUTION: Save Configuration will save the entire server configuration (access devices, proxies, local realms, users, and server properties) to the servers you specify.


Chapter 3 Basic Configuration Tasks
  		 


Adding and Modifying Users  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2003 Hewlett-Packard Development Company, L.P.