Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home

HP-UX AAA Server A.06.02 Administrator's Guide: HP-UX 11i v1 and 11i v2
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
   
 

HP Part Number: T1428-90061

Published: E1105

© Copyright 2001-2005 Hewlett-Packard Development Company, L.P.

Table of Contents

About This Document
Intended Audience
New and Changed Information in This Edition
Publishing History
Document Organization
Typographic Conventions
HP-UX Release Name and Release Identifier
Related Documents
HP Encourages Your Comments
I Introduction
1 Overview: The HP-UX AAA Server
RADIUS Topology
Establishing a RADIUS Session
Product Structure
AAA Server Daemon, Libraries, and Utilities
AAA Server Manager Program
Documentation
HP-UX AAA Server Architecture
Configuration Files
AATV Plug-Ins
The Software Engine: Finite State Machine
HP-UX AAA Server Commands, Utilities & Daemons
Handling an Access Request
Authentication to Verify the Client and User
Authorization to Control Sessions and Access to Services
Session Logs For Accounting
IPv6 Addresses
IPv6 Support for External Services
RADIUS IPv6 Attributes
2 Installing and Securing the HP-UX AAA Server
Acquiring the HP-UX AAA Server Software
Installing and Uninstalling the HP-UX AAA Server
To Install the HP-UX AAA Server
To Uninstall the HP-UX AAA Server Software
HP-UX AAA Server File Locations
Securing the HP-UX AAA Server
Changing the Default HP-UX AAA Server Settings
Environment Specific Security Procedures
3 Enabling the HP-UX AAA Server for GUI-based Administration
Accessing the Server Manager
Starting and Stopping the RMI Objects
Starting and Stopping Tomcat
Testing the Installation
To Test the Installation
Starting AAA Servers Using Server Manager
AAA Server Start Options
Server Manager’s Reload Feature
Starting AAA Servers From the Command Line
Configuring the HP-UX AAA Server to Start Automatically Upon System Reboot
Stopping or Restarting HP-UX AAA Servers
Using Server Manager
From the Command Line
Adding a HP-UX AAA Server to Your Network
II Configuring the HP-UX AAA Server Manager Using the Server Manager GUI
4 The HP-UX AAA Server Manager Interface
Commonly Used Icons in the GUI
5 Managing HP-UX AAA Servers
Using the Server Connections Screen
Adding a New Server
Modifying Connection Attributes
Deleting a Server Connection
Managing Multiple Servers
Loading and Saving Your Configuration
6 Configuring RADIUS Clients Using the Access Devices Screen
Navigating the Access Devices Screen
Adding a RADIUS Client
Modifying a RADIUS Client’s Properties
Deleting a RADIUS Client
7 Configuring Realms
Using the Local Realms Screen
Adding a Realm
Modifying Realms
Special Entries
Deleting a Realm
Configuring Realms for LDAP and for Oracle
Configuring Realms for LDAP
Configuring Realms for Oracle
Configuring a SecurID Realm
8 Configuring Proxies
Navigating the Proxy Screen
Changing the Default localhost Proxy Settings
Creating or Modifying a Proxy
Forwarding Authentication Requests From a Proxy Server
Forwarding Authentication Requests to a Remote Server
Changing RADIUS Port Numbers
Forwarding Requests to Alternate RADIUS Ports
Forwarding Accounting Requests
Proxying Authentication and Accounting Messages to the Same Server
Proxying Accounting Requests to a Central Server
Deleting a Proxy
9 Configuring Users
Navigating the Users Screen
Changing the Default test_user Settings
Adding a User Profile
Tabs on the Add Users Screen
Adding Users for SecurID Authentication
Modifying User Profiles
Deleting a User Profile
To Delete a User Profile From the Default users File
To Delete a User Profile in a Local Realms File
10 Modifying Server Properties
Navigating the Server Properties Screen
DHCP Relay Properties
DNS Updates Properties
Message Handling Properties
SNMP Properties
Enable SNMP Support
Tunneling Properties
Tunneling Reply Items (Optional)
Certificate Properties
File Size Properties
Maximum Logfile Size
Miscellaneous Properties
Permit Microsoft Client Authenticate As Computer
11 Logging and Monitoring
Overview
Server Log Files
Using Server Manager to Retrieve Logfile Information
Using Server Manager to Retrieve Statistics
Accounting Log Files
Using Server Manager to Retrieve Accounting Logfiles
Format of Accounting Records in the Default Merit Style
Writing Livingston CDR Accounting Records
Changing the Accounting Log Filename
Changing the Accounting Log Rollover Interval
III Advanced Configuration Information
12 Securing LAN Access With EAP
Overview
The 802.1x Advisor
Preparing Your WLAN
Determining the EAP Authentication Method to Use
Securing WLANs with the HP-UX AAA Server
Digital Certificate Administration
Using the “Self-Signed” Digital Certificates
Installing Your Own Digital Certificates and Keys
13 Managing Sessions
Session Logs
Displaying Session Attributes
Stopping a Session
Session Limits
Setting Limits on a User-by-User Basis
Setting Limits for Users on a Global Basis
14 Assigning IP Addresses
Assigning Static IP Addresses
To Assign a Static IP (IPv4) Address to a Profile in Flat Files
To Assign a Static IPv6 Address to a Profile in Flat Files
To Assign Static Traditional IP (IPv4) Addresses to a User Profile in an LDAP LDIF File
To Assign Static IPv6 Addresses to a User Profile in an LDAP LDIF File
Assigning Dynamic IP Addresses Using DHCP
15 Troubleshooting
Testing The Server
Checking Server Status Using Server Manager
Generic Test Procedure
Reading Server’s Local Time Using Server Manager
Debug Output
Debug Levels
Error Messages
Log File Error Messages
Error Messages on the Screen
radiusd Error Messages
Server Reply Messages
Command-Line Troubleshooting Utilities
radcheck: For Checking AAA Server Status
radpwtst: For Testing Authentication
raddbginc: For Setting Debug Output
WLAN Troubleshooting Checklist
IV Integrating the HP-UX AAA Server With External Services
16 LDAP™ Authentication
LDAP Server Compatibility
Related LDAP Documentation
Authentication and Policy With LDAP
The LDAP Information Model
Creating an LDIF File
Using Indirection
Dynamic Access Control Decisions
Configuring the LDAP Server
17 Oracle Authentication
Related AATV Plug-In Modules And Processes
The db_srv Package
Oracle Compatibility
The Oracle Database Structure
The Oracle Information Model
Configuring the Oracle Database
Table Structure
Modifying the Table Structure
Supported Attributes
18 Simple Network Management Protocol (SNMP) Support
Setting Up SNMP to Monitor the HP-UX AAA Server
19 VPN Tunneling
Establishing a Tunnel for a User
20 Using DHCP
Required DHCP Server Features
Recommended DHCP Server Features
Defining DHCP Address Pools for Specific Users
To Associate an Address Pool with a User Profile in AAA Server Flat Files
To Associate an Address Pool with a User Profile in an LDAP LDIF File
Associating Address Pools with Realms and Other Conditions
21 Using SecurID
Authentication Of Users
Configuring SecurID Authentication
Configuring the AAA Server for RSA Authentication
Configuring the ACE/Server
Synchronizing the AAA Server with the ACE/Server
Related Documentation
V Reference
22 The Finite State Machine (FSM)
States
Using Xstring to call Policy
Using Xstring to Call an Alternate authfile
Event Names
Predefined Names
Creating New Names
Actions
FSM Tables
Custom State Tables
Tracking Versions
Examples
Interim Logging
Custom Logging Format
Proxy Accounting Messages
DNIS Routing
Dynamic Access Control
23 Configuration Files
HUP Processing
The aaa.config File
Variables in the aaa.config File
The clients File
Prefixed Users and authfile
Wildcard Support for IPv4 and IPv6
The users File
Syntax of a User Entry
Syntax of IPv6 Attributes
With Tunneling
The dictionary File
Attribute Entries
Pruning Expressions
Value Entries
The las.conf File
LAS Session Timing Parameters
Token Pool Configuration
Realm Configuration
The vendors File
Syntax of a vendors File
The log.config File
Syntax of a Stream Entry
Default Entry
End Entry
Logging Multiple Streams
Examples
Decision Files
Expressions
Specifying Attributes in Group Entries
Using Indirection
Example Group Entries
24 Attribute-Value Pairs
Specifying Attribute-Value Pairs
Attribute-Value Formats
Examples
Tagged Attributes
Attributes in User Profiles
Configuration Attributes
Check (and Deny) Items
Attributes Concerning the NAS
Other Attributes
Reply Items
General Attributes
Attributes Concerning Login Users
Attributes for Framed Users
Tunneling Attributes
Other Attributes
Attributes in Accounting Records
Additional Session Information
25 MIB Objects
MIB Objects
A Supported IETF RFCs
B Supported Authentication Methods
C RADIUS Data Packets
Data Packet Format
Attribute-Value Pair Format
Glossary of Terms
Index

List of Figures

1-1 Generic AAA Network Topology
1-2 Client-Server RADIUS Transaction
1-3 Authentication Process
1-4 Default Action Sequence
1-5 Authentication Steps
1-6 Authorization Steps
3-1 Return Value After Successfully Starting a AAA Server
3-2 Server Manager’s Start Options Screen
3-3 Algorithm for Determining Which FSM to Load
4-1 The HP-UX AAA Server Manager User Interface
5-1 Server Manager’s Connected Server Screen
5-2  The Add Connection Screen
5-3 The Modify Connection Screen
5-4 The Delete Server Connections Screen
5-5 Server Manager’s Server Status Frame
5-6 Server Manager’s Load Configuration Screen
5-7 Server Manager’s Save Configuration Screen
6-1 Server Manager’s Access Device Screen
6-2  Server Manager’s Access Device Attributes Screen
6-3 The Delete Access Device Screen
7-1 Server Manager’s Local Realms Screen
7-2 Server Manager’s Local Realm Attributes Screen
7-3 The Delete Local Realm Screen
7-4 New Oracle Server Screen
8-1 Proxy Configuration
8-2 Server Manager’s Proxy Screen
8-3 Server Manager’s Proxy Attributes Screen
8-4 The Delete Proxy Screen
9-1 Server Manager’s Users Screen
9-2 The Add Users Screen
9-3 The Modify Users Screen
9-4 The Delete Users Screen
10-1 Server Manager’s Server Properties Screen
11-1 Server Manager’s Logfile Screen
11-2 Server Manager’s Statistics Screen
11-3 AAA Server Statistics Example
11-4 Accounting Logfile Search Screen in Server Manager
11-5 Detailed Accounting Record for a Selected User
12-1 The 802.1x Advisor For Securing WLANs
12-2  Server Manager’s Certificate Properties Screen
13-1 Sessions Search Filter Screen
13-2 Example Return for a Sessions Search
13-3 Example of a Session’s Attributes
14-1 The Users Screen
14-2 The Framed User Attributes Form
14-3 The Users Screen
14-4 The Framed User Attributes Form
15-1 Server Manager’s Status Options Screen
16-1 Tree Structure of Complex Policy
17-1 Authentication Process with Oracle
17-2 Oracle Database Table Format
21-1 SecurID Add Client Screen
21-2 SecurID Edit Client Screen
22-1 Default FSM State Transitions
C-1 RADIUS Request/Reply Message Format
C-2 Attribute-Value Pair Format

List of Tables

HP-UX AAA Server Administrator’s Guide Printing History
HP-UX 11i Releases
1-1 Commands, Utilities, and Daemons
2-1 File Locations Upon Installation
2-2 Files Generated During Operation
3-1 Server Start Options
3-2 radiusd Options
3-3 New Server Connection Screen Fields
5-1 Fields in the Connection Attributes Form
5-2 Icons in Server Manager’s Server Status Frame
6-1 Add Access Device Configuration Form Options
7-1 Fields in the Local Realm Attributes Form
7-2 Special Entries
7-3 Values for Configuring Realms for LDAP
7-4 Options
8-1 Proxy Configuration Options
8-2 Options for Forwarding Requests
8-3 Accounting Logging Options
9-1 General Attributes in the Add User Screen
10-1 DHCP Relay Properties
10-2 DNS Update Properties
10-3 Message Handling Properties
10-4 Certificate Path Properties
11-1 Filter Parameters for Searching Logfiles
11-2 Statistic Search Parameters
11-3 Accounting Logfile Search Parameters
11-4 Reasons Why The Record Was Generated
12-1 WLAN Configuration Items
12-2 Supported EAP Methods and Their Features
15-1 Status Options Text Boxes
15-2 radiusd Error Messages
15-3 radcheck Options
15-4 radpwtst Options
16-1 Attribute Type
16-2 Relational Operators
16-3 Boolean Operators
17-1 Files Related to db_srv
17-2 AUTH_NET_USERS Table
22-1 Predefined Event Names
22-2 Available Actions
22-3 Predefined FSM Tables
23-1 Default LAS Session Timing Parameters
23-2 Information Recorded by LOG_V2_o
23-3 A-V Pair Expression Operators
23-4 A-V Pair Expression Examples
24-1 Reply Item Attributes
24-2 Session Termination Causes
25-1 MIB Objects and Definitions
A-1 Supported IETF RFCs
A-2 Additional IETF RFCs Supported by HP-UX AAA Server
A-3 AAA RFCs Supported by HP-UX AAA Server
C-1 RADIUS Request/Reply Message Format Description
C-2 Attribute Value Pair Format Description

List of Examples

1-1 Collision Detection
23-1 Examples of NAS-IPv6-Address Attribute Syntax
23-2 Examples of Framed-Interface-Id Attribute Syntax
23-3 Examples of Framed-IPv6-Prefix Attribute Syntax
23-4 Examples of Login-IPv6-Host Attribute Syntax
23-5 Example of a Framed-IPv6-Route Attribute Syntax
23-6 Example of a Framed-IPv6-Pool Attribute Syntax
   


About This Document  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2001-2005 Hewlett-Packard Development Company, L.P.