Upgrading from Version A.06.00.x to Version A.08.00.01

To upgrade the configuration files, complete the following steps:

Backup your existing HP-UX AAA server configuration.
Install the HP-UX AAA Server A.08.00.01 without removing your existing HP-UX AAA Server software.
Copy the following files from /etc/opt/aaa.old/ to /etc/opt/aaa/. You do not need to modify these files when migrating to A.08.00.01:
- The clients file
- The las.conf file
- The iaaaAgent.conf file
- The engine.config file
- The DAC.grp file and additional policy files
- New or modified certificate files (to be copied from /etc/opt/aaa.old/security/ to /etc/opt/aaa/security/)
Update the following A.08.00.01 files in /etc/opt/aaa/ to include any modifications you made for your legacy configuration. Perform this step to include your legacy configuration in the new A.08.00.01 file format. Refer to the copy of your legacy files in /etc/opt/aaa.old/ and update the corresponding A.08.00.01 files listed below:
- The vendors file
- The log.config file
- The radius.fsm file
- The dictionary file
- The aaa.config file

Copy your legacy users files from /etc/opt/aaa.old/ to /etc/opt/aaa/ (including the default users file and all files with the .users extension). Update the users files as follows:

Remove all DEFAULT, dumbuser, pppuser, and slipuser entries. The following shows example entries for each:

DEFAULT

DEFAULT Authentication-Type = Realm 
Filter-Id = "unlim"

dumbuser

dumbuser Authentication-Type = None 
Service-Type = Login, 
Login-Service = Telnet, 
Login-IP-Host = 255.255.255.255

pppuser

pppuser Authentication-Type = None 
Service-Type = Framed, 
Framed-Protocol = PPP, 
Framed-IP-Netmask = 255.255.255.0, 
Framed-Routing = None, 
Framed-MTU = 1500, 
Framed-Compression = Van-Jacobson-TCP-IP

slipuser

slipuser Authentication-Type = None 
Service-Type = Framed, 
Framed-Protocol = SLIP, 
Framed-IP-Netmask = 255.255.255.0, 
Framed-Routing = None, 
Framed-MTU = 1500, 
Framed-Compression = Van-Jacobson-TCP-IP

Remove all Authentication-Type=Realm and Authentication-Type=File strings from the remaining user entries. The following is a sample sed command you can modify to remove these entries:
$ sed -e ’s/Authentication-Type[ ]*=[ ]*Realm[ ,,]*//g’-e ’s/Authentication-Type[ ]*=[ ]*File[ ,,]*//g’ <users or *.users file name>

Use Server Manager to re-configure all of your legacy realm and outbound proxy entries on A.08.00.01. Refer to your legacy authfile at /etc/opt/aaa.old/authfile:
- Use Server Manager’s Proxies link to re-configure entries in /etc/opt/aaa.old/authfile with the following syntax:
  realm.com RADIUS <Realm_host_name>
- Use Server Manager’s Local Realms link to re-configure the realm entries as they appear in /etc/opt/aaa.old/authfile.
- If you have configured realm for EAP-LEAP, ORACLE or SecurID authentication, complete the Migration procedure listed in “Upgrading from Versions A.07.00, A.06.02, A.06.01, or A.07.01 to Version A.08.00.01”.
If you are using a Netscape Directory server, update the RADIUS schema file for the directory server. Copy /opt/aaa/examples/proldap/55iaaa-radius.ldif to the Netscape Directory server. Stop and restart slapd after copying the schema file to the Netscape server.
If you are using an OpenLDAP server, update the RADIUS schema file for the directory server. Copy /opt/aaa/examples/proldap/iaaa-radius.ldif to the OpenLDAP server. Stop and restart slapd after copying the schema file to the OpenLDAP server.

Upgrading from Version A.06.00.x to Version A.08.00.01

Technical documentation

» Table of Contents

» Glossary

» Index