Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 www.docs.hp.com: HP-UX AAA Server A.06.01.02.04 Release Notes > Chapter 1 HP-UX AAA Server A.06.01.02.04

Migrating to Version A.06.01.x
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

There are significant structure and feature differences between the HP-UX AAA Server A.06.01.x and previous versions of the product that affect the configuration files. The information in this chapter explains the steps you must perform to migrate to A.06.01.x from previous versions.

NOTE: Contact your HP Support representative if you need assistance with your migration.

Steps for Migrating

The following is a list of the directories you will use when migrating to the HP-UX AAA Server A.06.01.x from legacy versions:

  • /etc/opt/aaa/: A.06.01.x working directories.

  • /etc/opt/aaa.old/: configuration files from your legacy AAA server installation.

  • /opt/aaa/newconfig/etc/opt/aaa/: backup of the default A.06.01.x files for reference.

Use the following steps to migrate to the HP-UX AAA Server A.06.01.x from legacy versions:

  1. Backup your existing AAA server configuration.

  2. Install the HP-UX AAA Server A.06.01.x without removing your existing HP-UX AAA Server software.

  3. Copy the following files from /etc/opt/aaa.old/ to /etc/opt/aaa/. You do not need to modify these files when migrating to A.06.01.x:

    • clients

    • las.conf

    • iaaaAgent.conf

    • db_srv.opt

    • engine.config

    • DAC.grp and additional decision/policy files

  4. Update the following A.06.01.x files in /etc/opt/aaa/ to include any modifications you made for your legacy configuration. Perform this step to include your legacy configuration in the new A.06.01.x file format. Refer to the copy of your legacy files in /etc/opt/aaa.old/ and update the corresponding A.06.01.x files listed below:

    • vendors

    • log.config

    • radius.fsm

    • dictionary

    • aaa.config

  5. Copy your legacy users files from /etc/opt/aaa.old/ to /etc/opt/aaa/ (including the default users file and all files with the .users extension). Update the users files as follows:

    • Remove all DEFAULT, dumbuser, pppuser, and slipuser entries. The following shows example entries for each:

      DEFAULT

      DEFAULT Authentication-Type = Realm
      Filter-Id = "unlim"

      dumbuser

      dumbuser Authentication-Type = None
          Service-Type = Login,
          Login-Service = Telnet,
          Login-IP-Host = 255.255.255.255

      pppuser

      pppuser Authentication-Type = None
          Service-Type = Framed,
          Framed-Protocol = PPP,
          Framed-IP-Netmask = 255.255.255.0,
          Framed-Routing = None,
          Framed-MTU = 1500,
          Framed-Compression = Van-Jacobson-TCP-IP

      slipuser

      slipuser Authentication-Type = None
          Service-Type = Framed,
          Framed-Protocol = SLIP,
          Framed-IP-Netmask = 255.255.255.0,
          Framed-Routing = None,
          Framed-MTU = 1500,
          Framed-Compression = Van-Jacobson-TCP-IP

    • Remove all Authentication-Type=Realm and Authentication-Type=File strings from the remaining user entries. The following is a sample sed command you can modify to remove these entries:

      $ sed -e ’s/Authentication-Type[ ]*=[ ]*Realm[ ,,]*//g’-e ’s/Authentication-Type[ ]*=[ ]*File[ ,,]*//g’ <users or *.users file name>

  6. Use Server Manager to re-configure all of your legacy realm and outbound proxy entries on A.06.01.x. Refer to your legacy authfile at /etc/opt/aaa.old/authfile:

    • Use Server Manager’s Proxies link to re-configure entries in /etc/opt/aaa.old/authfile with the following syntax: 

      realm.com     RADIUS     <Realm_host_name>

    • Use Server Manager’s Local Realms link to re-configure the realm entries as they appear in /etc/opt/aaa.old/authfile.

  7. If you are using a Netscape Directory server, update the RADIUS schema file for the directory server. Copy /opt/aaa/examples/proldap/55iaaa-radius.ldif to the Netscape Directory server. Stop and restart slapd after copying the schema file to the Netscape server.

  8. If you are using an OpenLDAP server, update the RADIUS schema file for the directory server. Copy /opt/aaa/examples/proldap/iaaa-radius.ldif to the OpenLDAP server. Stop and restart slapd after copying the schema file to the OpenLDAP server.

NOTE: After completing the migration to the HP-UX AAA Server A.06.01.x, the configuration secrets in /opt/aaa/remotecontrol/rmiserver.properties and /opt/hpws/tomcat/webapps/aaa/WEB-INF/gui.properties will be the default values. Refer to “Changing the Default RMI Objects Secret” in the Administrator’s Guide for information on changing these secrets.


Supplicants Support and Interoperability
  		 


Index  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2001 - 2003 Hewlett-Packard Development Company, L.P.