Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home

HP-UX AAA Server A.06.01 Administrator's Guide: HP-UX 11.0, 11i v1, 11i v2
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
   
 

HP Part Number: T1428-90056

Published: E1004

© Copyright 2001-2004 Hewlett-Packard Development Company, L.P.

Table of Contents

About This Document
Intended Audience
New and Changed Documentation in This Edition
Publishing History
What’s in This Document
Typographical Conventions
Related Documents
HP Encourages Your Comments
I Part — Introduction
1 Overview: The HP-UX AAA Server
RADIUS Overview
Server Compatibility
RADIUS Topology
Establishing a RADIUS Session
Supported Authentication Methods
RADIUS Data Packets
Shared Secret
Product Structure
AAA Servers
AAA Server Manager Program
The 802.1x Advisor
Accessing the Server Manager
HP-UX AAA Architecture
Configuration Files
AATV Plug-Ins
The Software Engine: Finite State Machine
HP-UX AAA Server Commands, Utilities & Daemons
How The Software Handles An Access-Request
Authentication to Verify the Client and User
Authorization to Control Sessions and Access to Services
Session Logs For Accounting
Simple Network Management (SNMP) Support
Setting Up SNMP to Monitor the HP-UX AAA Server
VPN Tunneling
Establishing a Tunnel for a User
2 Migrating to Version A.06.01.x
Migration Overview
Steps for Migrating
3 Securing the HP-UX AAA Server
Changing the Default HP-UX AAA Server Settings
Changing the Default “localhost” Proxy Settings
Changing the Default “test_user” Settings
Changing the Default Tomcat User Name and Password
Changing the Default RMI Objects Secret
Environment Specific Security Procedures
Using SSL (HTTPS) for Secured Remote Server Manager Administration
Creating a Tomcat Identity Specifically for the HP-UX AAA Server
Running the HP-UX AAA Server as a Non-Root User
II Part — Administration
4 Configuration Screens
Overview
Access Device
Navigating the Define Access Device Screen
Creating or Modifying an Access Device
Deleting an Access Device
Proxies
Navigating the Define Access Device Screen
Creating or Modifying a Proxy
Deleting a Proxy
Local Host Entry
Realms
Navigating the Local Realms Screen
Creating or Modifying a Realm
Special Entries
Deleting a Realm
Users Files
Navigating the Define Users Screen
Adding or Modifying a User Profile
Deleting a User Profile
Server Properties
Navigating the Server Properties Screen
Modifying a Server Properties
DHCP Relay Properties
DNS Updates Properties
Message Handling Properties
SNMP Properties
Tunneling Properties
Certificate Path Properties
File Size Properties
Miscellaneous Properties
5 Server Connections
Overview
Establishing and Maintaining a Connection
Navigating the Connected AAA Servers Screen
Creating a New Server Connection
Modifying a Server Connection
Deleting a Server Connection
Managing Multiple Servers
6 Startup and Testing
Starting AAA Servers Using Server Manager
AAA Server Start Options
Server Manager’s Reload Feature
Starting AAA Servers From the Command Line
Configuring the AAA Server to Automatically Start Upon System Reboot
Stopping or Restarting AAA Servers
Using Server Manager
From the Command Line
Adding a AAA Server to Your Network
Testing The Server
Checking Server Status Using Server Manager
Generic Test Procedure
Reading Server’s Local Time Using Server Manager
7 Session Management
Session Logs
Displaying a Session
Stopping a Session
Session Limits
Setting Limits on a User-by-User Basis
Setting Limits for Users on a Global Basis
8 Proxing
Proxying
Forwarding Authentication Requests
Changing RADIUS Port Numbers
Forwarding Accounting Requests
9 Logging and Monitoring
Overview
Server Log Files
Using Server Manager to Retrieve Logfile Information
Using Server Manager to Retrieve Statistics
Accounting Log Files
Using Server Manager to Retrieve Accounting Logfiles
Format of Accounting Records in the Default Merit Style
Writing Livingston CDR Accounting Records
Livingston CDR Session Record Format
Changing the Accounting Log Filename
Changing the Accounting Log Rollover Interval
10 Assigning IP Addresses
Assigning Static IP Addresses
Assigning Dynamic IP Addresses Using DHCP
Defining DHCP Address Pools
Defining Address Pools for Specific Users
Associating Address Pools with Realms and Other Conditions
Configuring the AAA Server’s DHCP Properties
Configuring the DHCP Server
11 WLAN Security with the HP-UX AAA Server
Overview
The 802.1x Advisor
Preparing Your the WLAN
Determining Which EAP Authentication Method to Use
Steps for Securing WLANs with the HP-UX AAA Server
Digital Certificate Administration
Using the “Self-Signed” Digital Certificates Included with the HP-UX AAA Server
Installing Your Own Digital Certificates and Keys
12 Troubleshooting
Overview
Debug Output
Error Messages
Log File Error Messages
Error Messages on the Screen
radiusd Error Messages
Server Reply Messages
WLAN Troubleshooting Checklist
III Part — Managing and Authenticating Users
13 Defining User Profiles
Storing User Profiles
Storing User Profiles in the Default Users File
Grouping Users by Realm
14 ProLDAP™
Overview
LDAP Server Compatibility
Related LDAP Documentation
Authentication And Policy With ProLDAP
The LDAP Information Model
Creating an LDIF File
Using Indirection
Dynamic Access Control Decisions
Configuring the HP-UX AAA Server Software
Values for Configuring Realms for ProLDAP
Configuring the LDAP Server
Tuning the AAA Server to LDAP Server Connection
15 Oracle
Overview
Related AATV Plug-In Modules And Processes
The db_srv Package
Oracle Compatibility
The Oracle Database Structure
The Oracle Information Model
Creating an Oracle Table for Authentication
Setting Up the AAA Server And The Oracle Database
Configuring the HP-UX AAA Server Using Server Manager
Configuring the Oracle Database
Configuring and Running the db_srv Daemon
Scripts
16 SecurID
Overview
Related Documentation
Authentication Of User's
Configuring SecurID Authentication
Configuring the AAA Server for RSA Authentication
Identifying SecurID Users by User Name with Server Manager
Creating a SecurID Realm with Server Manager
Configuring the ACE/Server
Synchronizing the AAA Server with the ACE/Server
IV Part — Reference
17 The Finite State Machine (FSM)
Overview
States
Using Xstring to call Policy
Using Xstring to Call an Alternate authfile
Event Names
Predefined Names
Creating New Names
Actions
Custom State Tables
Tracking Versions
Examples
Interim Logging
Custom Logging Format
Proxy Accounting Messages
DNIS Routing
Dynamic Access Control
18 Configuration Files
Overview
HUP Processing
aaa.config
clients
Prefixed Users and authfile
users
Syntax of a User Entry
dictionary
Attribute Entries
Pruning Expressions
Value Entries
las.conf
LAS Session Timing Parameters
Tokenpool Configuration
Realm Configuration
vendors
log.config
Syntax of a Stream Entry in log.config
Default Entry
End Entry
Logging Multiple Streams
Decision Files
Expressions
Specifying Attributes in Group Entries
Using Indirection
Example Group Entries
19 Command Line Utilities
radcheck: For Checking AAA Server Status
Reply Messages, without debug flag
Exit Codes
radpwtst: For Testing Authentication
Message
Example
Exit Codes
raddbginc: For Setting Debug Output
Debug Levels
20 Attribute-Value Pairs
Overview
Specifying Attribute-Value Pairs
Attribute-Value Formats
Examples
Tagged Attributes
Attributes in User Profiles
Configuration Attributes
LAS Configuration
Check (and Deny) Items
Attributes Concerning the NAS
Other Attributes
Reply Items
General Attributes
Attributes Concerning Login Users
Attributes for Framed Users
Tunneling Attributes
Other Attributes
Attributes in Accounting Records
Additional Session Information
21 MIB Objects
Overview
MIB Objects
Glossary of Terms
Index

List of Figures

1-1 Generic AAA Network Topology
1-2 Client-Server RADIUS Transaction
1-3 RADIUS Request/Reply Message Format
1-4 Attribute-Value Pair Format
1-5 The 802.1x Advisor For Securing WLANs
1-6 The Server Manager User Interface
1-7 Authentication Process
1-8 Default FSM State Transitions
1-9 Default Action Sequence
1-10 Authentication Steps
1-11 Authorization Steps
4-1 Server Manager’s Load Configuration Screen
4-2 Server Manager’s Save Configuration Screen
4-3 Server Manager’s Access Device Screen
4-4 Server Manager’s Access Device Attributes Screen
4-5 Server Manager’s Proxy Screen
4-6 Server Manager’s Proxy Attributes Screen
4-7 Server Manager’s Local Realms Screen
4-8 Server Manager’s Local Realm Attributes Screen
4-9 Server Manager’s Users Screen
4-10 Server Manager’s General User Attributes
4-11 Server Manager’s Free User Attributes Screen
4-12 Server Manager’s Server Properties Screen
4-13 Server Manager’s Modify Server Variable Screen
5-1 Server Manager’s Connected Server Screen
5-2 Server Manager’s Add Server Connection Screen
5-3 Server Manager’s Server Status Frame
6-1 Return Value After Successfully Starting a AAA Server
6-2 Server Manager’s Start Options Screen
6-3 Algorithm for Determining Which FSM to Load
6-4 Server Manager’s Status Options Screen
7-1 Sessions Search Filter Screen
7-2 Example Return for a Sessions Search
7-3 Example of a Session’s Attributes
8-1 Proxy Set-up
8-2 Server Manager’s Proxy Attributes Screen
8-3 Proxy Realm Screen
9-1 Server Manager’s Logfile Screen
9-2 Server Manager’s Statistics Screen
9-3 AAA Server Statistics Example
9-4 Accounting Logfile Search Screen in Server Manager
9-5 Detailed Accounting Record for a Selected User
11-1 The 802.1x Advisor For Securing WLANs
11-2 Server Manager’s Certificate Properties Screen
14-1 Tree Structure of Complex Policy
15-1 Authentication Process with Oracle
15-2 Oracle Database Table Format
15-3 New Oracle Server Screen
16-1 SecurID Add Client Screen
16-2 SecurID Edit Client Screen

List of Tables

HP-UX AAA Server Administrator’s Guide Printing History
1-1 RADIUS Request/Reply Message Format Description
1-2 Attribute Value Pair Format Description
1-3 Commands, Utilities, & Daemons
4-1 Access Device Message Handling Options
4-2 Proxy Message Handling Options
4-3 Compatible Password Storing Methods for AAA Server and Client
5-1 Icons in Server Manager’s Server Status Frame
6-1 Server Start Options
6-2 radiusd Options
6-3 New Server Connection Text Boxes
6-4 Status Options Text Boxes
8-1 Accounting Logging Options
9-1 Filter Parameters for Searching Logfiles
9-2 Statistic Search Parameters
9-3 Accounting Logfile Search Parameters
9-4 Reasons Why The Record Was Generated
11-1 WLAN Configuration Items
11-2 Supported EAP Methods and Their Features
12-1 radiusd Error Messages
14-1 Attribute Type
14-2 Relational Operators
14-3 Boolean Operators
15-1 Files Related to db_srv
15-2 AUTH_NET_USERS Table
15-3 Options
17-1 Predefined Event Names
17-2 Available Actions
18-1 Default LAS Session Timing Parameters
18-2 Information Recorded by LOG_V2_o
18-3 A-V Pair Expression Operators
18-4 A-V Pair Expression Examples
19-1 radcheck Options
19-2 radpwtst Options
20-1 Reply Item Attributes
20-2 Session Termination Causes
21-1 MIB Objects and Definitions
   


About This Document  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2001-2004 Hewlett-Packard Development Company, L.P.