Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX AAA Server A.06.01 Administrator's Guide: HP-UX 11.0, 11i v1, 11i v2 > Chapter 4 Configuration Screens

Server Properties
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

You can modify server variables to override built-in defaults. Server startup options will override a corresponding server property setting.

Navigating the Server Properties Screen

Figure 4-12 Server Manager’s Server Properties Screen

Server Manager’s Server Properties Screen

  • Selecting an existing variable or the following icon will display a form of the corresponding server variable for modification:

  • Selecting the following icon will display a context sensitive HTML help screen:

Modifying a Server Properties

When modifying a server variable, you supply a value for the parameter through a form’s fields. For example, the SNMP property:

Figure 4-13 Server Manager’s Modify Server Variable Screen

Server Manager’s Modify Server Variable Screen

DHCP Relay Properties

Refer to “Configuring the AAA Server’s DHCP Properties”.

DNS Updates Properties

The following is a list of the DNS Updates Properties:

DNS Refresh Interval (optional)

Time (in seconds) used to periodically refresh the IP addresses for Access Devices and Proxies that are configured by host name. If no value is specified, 3600 (one hour) is used.

DNS Refresh Time Frame (optional)

When the DNS Refresh Interval for a host name has expired, all other host names that will be refreshed within the specified number of seconds are refreshed immediately. If no value is specified, 60 is used.

Message Handling Properties

The following is a list of the Message Handling Properties:

Hold Replies (optional)

The time in seconds to store requests (and the associated replies) in the retransmission queues. The Hold Replies time is calculated from the time when the replies were initially sent. If no value is specified, 6 will be used.

NOTE: Requests that are forwarded (proxied) to another server are not held in the retransmission queues.A value of zero will cause the replies to be held for 30 seconds.

Global Retry Limit (optional)

Specifies the maximum number of retransmissions received before a RETRY event occurs. Processing RETRY events requires customization of the Finite State Machine (FSM). Refer to Chapter 17 “The Finite State Machine (FSM) ” for more information on the FSM.

Special Duplicate Limit (optional)

Specifies the limit for processing requests that appear to be duplicates (created by early implementations of MS-CHAP on some older PPP clients). If no value is specified, 0 will be used. See also the Global Retry Limit.

Max. Accounting Requests (optional)

The maximum number of Accounting Requests to be stored in a retransmission queue. When this limit is exceeded, all new accounting requests are discarded. It is recommended that this value match the value used for Max. Authentication Requests. If no value is specified, 1000 will be used.

Hold Accounting Requests (optional)

The time in seconds each accounting request should be held after the Hold Replies time. This option is used for support purposes only. If no value is specified, 0 will be used.

Max. Authentication Requests

The maximum number of Authentication Requests to be stored in a retransmission queue. When this limit is exceeded, all new accounting requests are discarded. It is recommended that this value match the value used for Max. Accounting Requests. If no value is specified, 1000 will be used.

NOTE: When this authentication queue limit is exceeded, the server stops responding to the Status command.

Hold Authentication Requests (optional)

The time in seconds each authentication request should be held after the Hold Replies time. This option is used for support purposes only. If no value is specified, 0 will be used.

Max. Send Message Size (optional)

The maximum size in bytes for an outbound RADIUS packet. If no value is specified, 16536 will be used.

Max. Receive Message Size

The maximum size in bytes allowed for an inbound RADIUS packet. If no value is specified, 16536 will be used.

SNMP Properties

The following is a list of the SNMP Properties:

Enable SNMP Support

When this option is set to Yes, the HP-UX AAA Server will automatically check the network for an SNMP master agent to communicate with, and the server can be monitored by an SNMP workstation. When set to No, the server will not communicate with an SNMP master agent and cannot be monitored by an SNMP workstation. The preselected value is No.

Tunneling Properties

The following is a list of the Tunneling Properties:

Tunneling Reply Items (optional)

The drop down menu lets you specify the behavior when the HP-UX AAA Server receives an Access-Request that does not contain any Tunnel Hint attributes (like Tunnel-Type). The options are:

  • Return-Configured-Tunnel-Attributes: Allow the return of tunnel attributes in the authentication reply.

  • Return-No-Tunnel-Attributes: Do not return any tunnel attributes in the authentication reply.

  • Reject-Access-Request: Fail the authentication by silently discarding the Access-Request.

If no value is selected, Return-Configured-Tunnel-Attributes will be used.

Certificate Path Properties

The following is a list of the Certificate Path Properties:

Certificate Path

For TLS, TTLS, and PEAP. Fully-qualified file name to the AAA server certificate in .pem or .cer format.

Private Key Path

Fully-qualified file name to a file in .pem or .cer format that contains the private key used to generate the AAA server certificate. This file cannot be encrypted.

Certificate Authority Path

For TLS only. Fully-qualified file name to the CA certificate for the client certificate. Used by the AAA server to authenticate client certificates. The CA certificate for the client certificate must be in .pem format.

Random Seed Path

For TLS, TTLS, and PEAP. Fully-qualified file name to the random seed used to generate keys.

Certificate Revocation List Path

For TLS. Fully-qualified file name to a list of prohibited client certificates. File must be in .pem or .cer format.

Client User Name Attribute

For TLS. The HP-UX AAA Server receives both the user’s name and a client certificate with TLS. Identify which attribute inside the client certificate to compare against the user name, or disable the user name-to-certificate checking. If enabled, the user name and user name attribute inside the certificate must be identical—including any realm component, for example: username@organization.com.

File Size Properties

The following is a list of the File Size Properties:

Maximum Logfile Size

The maximum size (in bytes) of the server’s logfiles and accounting logfiles. The minimum value for this parameter is 65,536 and the maximum is 2,147,483,647.

Miscellaneous Properties

The following is a list of the Miscellaneous Properties:

Permit Microsoft Client Authenticate As Computer

Enable (Yes) to support the Microsoft authenticate as computer feature. The Microsoft supplicants must also be configured to authenticate as computers. If this parameter is enabled (Yes), the AAA Server will ignore any "host/" prefix in the user name passed from the client request. The default setting is Yes (enable). If this parameter is enabled, the HP-UX AAA server will still authenticate supplicants that do not have authenticate as a computer configured.



Users Files
  		 


Chapter 5 Server Connections  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2001-2004 Hewlett-Packard Development Company, L.P.