Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX AAA Server A.06.00 Administration and Authentication Guide: HP-UX 11.0, 11i v1 > Chapter 4 Startup and Testing

Testing The Server
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

This section describes how to test and fine-tune the server configuration before putting it into a production environment.You can test the server using different approaches. This section covers starting the server and minimally testing the server using Server Manager, radcheck, and radpwtst. These utilities will verify that the server can be accessed and that the users are authenticated correctly. To troubleshoot problems that occur during testing, you can refer to Chapter 8 “Troubleshooting ”, which covers debug output and error messages.

Checking Server Status Using Server Manager

You can determine if a given AAA server in your network is operational by selecting the Status button.

  1. Select the Administration link in the Navigation Tree.

  2. Select the desired servers in the Server Status frame.

  3. Select the Status button.

The result will be displayed in the Message frame. If the server has a self referring client entry, the message will contain more information than what is described in the following section.

Status Reply Messages

A successful status check will reply with a message similar to the following example: 

1  MF: vp=va/vf auth=aa/af waldo=wa/wf redo=ra/rf
2  DNS-MF: client=ca/cf addr=da/df name=na/nf
3  CLIENT-MF: vendor=10/0 vendor_list=68/34 (found=34)
4  Status: g authen, h unconfirmed, i connected, j suspended, k unknown
5  Status: l disconn, m reject, n no-token, o cancel, p collision
6  LAS-MF: sess= x/x  str= x/x abs= x/x db= x/x
7  pool-name: q/r/s-date/t-timestamp
8  number of pools: n
9  auth queue: a/b(a/b), acct queue: c/d(c/d), maxtime: t (time)
10 auth stats: a/n/r, acct stats: a/n/r
11 authfile: x, clients: y, users: z, fsmid: f, time
12 fsmid: STD, dictid: 1.14, vendid: 1.4
13 cleanup_delay: 6, avg-delay 0 (of 100)
14 Version  version  config codes
15 Name (UDP-port) is responding on standard output.
16 (n retries)
Lines 1 to 3

Memory allocation information in the format of =allocated/freed for A-V pairs, authreqs, clients, IP addresses, DNS names, vendors, and vendor lists.

Lines 4 to 5

The number of requests that have been accepted and rejected.

Lines 6

The number of defined realms, clients, and user profiles. In addition, the FSM ID and the server's start time.

Lines 7 to 8

These lines will appear for each defined token pool.

  • q is the total number of tokens configured in pool-name

  • r is the current number of tokens in use

  • s is the token high-water-mark recorded at date

  • t is the high-water-mark recorded at timestamp since the previous midnight

Line 9

The maximum/current number of authentication and account requests (size/number replied to, as well as the longest amount of time a request has been in the queue.

Line 10

Authentication and Account status information

Lines 11

Status values related to AAA activity.

Lines 12

Version information for the finite state table, dictionary, and vendors files.

You can specify this information by adding a line to the each file that follows the syntax, %FilenameID Version-String, where Filename is:

  • fsmid in a finite state table

  • dictid in the dictionary file

  • vendorsid in the vendors file

Line 12 to 13

One or more lines may appear at this location and describe each forking type AATV currently found in the queried server. Following the AATV name, the following values will also appear:

  • The configured number of maximum child processes allowed

  • A number showing the current number of child processes

  • The high-water mark for child processes and the time when it occurred

  • The high-water mark for queued child processes and the time when it occurred

  • The current number of child processes in the queue and the last queued time

NOTE: A trailing question mark ("?") for any of the time values indicates that the event has not occurred.
Line 14

Server version and build information.

Line 15

A success message. If radcheck fails, one of the following messages will appear:

  • No reply from RADIUS server Name (UDP-port)

  • Received non-matching id in server response

  • Received invalid reply digest from server

  • No such server: Name

Line 16

Number of retries. Only appears when greater than 0.

Exit Codes

  • 0 - Successful completion
    -2 or 254 - Remote server had errors
    -1 or 255 - Local errors
    1 - Timeout errors

Options for Checking AAA Server Status Using the Server Manager

Selecting the Options icon displays the Status Options Screen shown below. Use this screen to specify values for command arguments.

Figure 4-4 Server Manager's Status Options Screen

Server Manager's Status Options Screen

Table 4-4 Status Options Text Boxes

Option

Description

Timeout (seconds)

An Alternate timeout value (in seconds) instead of the default of 5.

Status Port

Specifies the UDP port used to report the server status. It must match the port specified in Server options.

Number of Retries

Maximum number of retries instead of default 3.

 

Generic Test Procedure

These steps offer a general procedure to follow when testing the server from the command line. You may wish to develop additional procedures for further testing of your server configuration.

NOTE: When using Unix-PW (Passwd) authentication, you may need to run the server as root to complete some of the testing steps below.

  1. Log in as root or aaa user and s tart the server with one level of debugging.
    For example (from the AAA product bin directory, /opt/aaa/bin by default):
    % radiusd -x &
    Refer to “Debug Levels ” for more information about debugging.

    NOTE: & is a generic UNIX command line option that will run radiusd in the background.

  2. If you can use multiple windows, open a new window for running the client utilities (radcheck and radpwtst).

  3. Check the server status with radcheck, for example:
    % radcheck servername.com
    Where servername.com is the host name of the system where radiusd daemon is running. Refer to “Checking Server Status Using Server Manager” for complete information about the radcheck utility.
    A message will appear that will summarize configuration information and status. If the server is operational, the final line in the message will be:
    "[Host Name](Authentication-port)" is responding
    If your server configuration does not pass radcheck successfully you may have problems with an incomplete or incorrect /etc/opt/aaa/clients file configuration.

  4. Authenticate a test user with radpwtst. (You will first need to add a user profile to the server configuration.), for example:
    % radpwtst -s server.com -w password user
    Refer to “radpwtst: For Testing Authentication” for complete information about radpwtst utility.
    If your server configuration does not pass radpwtst successfully, you may have an incomplete or incorrect /etc/opt/aaa/clients file, /etc/opt/aaa/authfile, or user profile in the server configuration.
    Another possible problem could be radiusd may not be running or the owner of the process running it is not allowing access to the password file.

CAUTION: After completing the above steps, you need to properly terminate the test AAA Server process (radiusd) to avoid confusion later. To terminate the test process, enter kill pid on the command line where pid is the radiusd process ID.

Reading Server's Local Time Using Server Manager

Server Manager's Time button provides the ability for an administrator to read the local time of the AAA servers selected in the Server Status frame. You can access the Time button by selecting the Administration link from the Navigation Tree. Time is the system time as set by the system administrator.



Adding a AAA Server to Your Network
  		 


Chapter 5 Session Management  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2003 Hewlett-Packard Development Company, L.P.