Manual HP (Hewlett-Packard) 11I V1

64 pages 0.32 mb
Download

Go to site of 64

Summary
  • HP (Hewlett-Packard) 11I V1 - page 1

    HP-UX AAA Server A.06.01 Getting Started Guide HP-UX 11.0, 11i v1, 11i v2 Manufacturing P art Number : T1428-90058 E 10 04 U .S .A. © Copyright 2001-2004 Hewlett-P ackard Development Company , L.P. ...

  • HP (Hewlett-Packard) 11I V1 - page 2

    ii Legal Notices The information in this document is subject to change without notice. Hewlett-P ackard makes no warranty of any kind with regard to this manual, including , but not limited to , the implied warranties of merchantability and fitness f or a particular purpose . Hewlett-Pac kard shall not be held liable for errors contained herein or ...

  • HP (Hewlett-Packard) 11I V1 - page 3

    Contents iii About This Document 1. Introduction to AAA Server RADIUS Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 RADIUS T opology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Establishing a RADIUS Session . . ...

  • HP (Hewlett-Packard) 11I V1 - page 4

    Contents iv Storing User Profiles in the Default Users File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 Grouping Users by Realm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Adding and Modifying Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ...

  • HP (Hewlett-Packard) 11I V1 - page 5

    v About This Document This document provides an overview of the HP-UX AAA Server and explains how to install and start the product. The document also provides steps to basic configuration tasks for beginning users. Refer to the HP-UX AAA Server Administrator’ s Guide for complete HP-UX AAA Server documentation. The document printing date and par ...

  • HP (Hewlett-Packard) 11I V1 - page 6

    vi Publishing History The following table shows the printing history of this document. The first entry in the table corresponds to this document, while previous releases are listed in descending order . What’ s in This Document • Chapter 1, Introduction to AAA Server , contains an overview of product features and basic information about using ...

  • HP (Hewlett-Packard) 11I V1 - page 7

    vii NO TE Emphasizes or supplements parts of the text. Y ou can disregard the information in a note and still complete a task. IMPORT ANT Notes that provide information that are essential to completing a task. CA UTION Describes an action that must be avoided or followed to prevent a loss of data. Related Documents In addition to this Getting Start ...

  • HP (Hewlett-Packard) 11I V1 - page 8

    viii ...

  • HP (Hewlett-Packard) 11I V1 - page 9

    Chapter 1 1 1 Introduction to AAA Server This chapter contains an overview of product features and basic information about using the HP-UX AAA Server . ...

  • HP (Hewlett-Packard) 11I V1 - page 10

    Introduction to AAA Ser ver RADIUS Overview Chapter 1 2 RADIUS Overview The Remote Authentication Dial In User Service (RADIUS) protocol is widely used and implemented to manage access to network services. It defines a standard for information exchange between a Network Access Server (NAS) and an authentication, authorization, and accounting (AAA) ...

  • HP (Hewlett-Packard) 11I V1 - page 11

    Introduction to AAA Ser ver RADIUS Overview Chapter 1 3 Figure 1-1 Generic AAA Network T opology Establishing a RADIUS Session The handling of a user request is series of message exchanges that attempts to provide the user with a network service by establishing a session for the user . This transaction can be described as a series of actions that e ...

  • HP (Hewlett-Packard) 11I V1 - page 12

    Introduction to AAA Ser ver RADIUS Overview Chapter 1 4 transaction between a RADIUS AAA server and a client (a NAS in this example). When the user’ s workstation connects to the client, the client sends an Access-Request RADIUS data packet to the AAA server . Figure 1-2 Client-Server RADIUS Transaction When the server receives the request, it va ...

  • HP (Hewlett-Packard) 11I V1 - page 13

    Introduction to AAA Ser ver RADIUS Overview Chapter 1 5 Accounting-Request—triggered by the user , by the client, or an interruption in service—to stop the session. Again, the server will acknowledge the Accounting-Request with an Accounting-Response. Supported Authentication Methods The following list describes the authentication methods the H ...

  • HP (Hewlett-Packard) 11I V1 - page 14

    Introduction to AAA Ser ver RADIUS Overview Chapter 1 6 mechanisms . This flexibility also allows EAP to be implemented in a way (LEAP , for example) that is more suitable for wireless and mobile environments than other authentication protocols. EAP allows authentication to take place directly between the user and server without the intervention b ...

  • HP (Hewlett-Packard) 11I V1 - page 15

    Introduction to AAA Ser ver RADIUS Overview Chapter 1 7 defined wa y of extending RADIUS . Conflicts can occur when the RFC is not followed. In those cases , the server can map the attributes to unique internal values for processing. F or a full description of RADIUS attribute-value pairs , see the Administrator’s Guide . Shared Secret Encrypti ...

  • HP (Hewlett-Packard) 11I V1 - page 16

    Introduction to AAA Ser ver Product Structure Chapter 1 8 Product Structure The HP-UX AAA Server , based on a client/server architecture , consists of the following components which may be installed independently: • HP-UX AAA Server daemon, libraries, and utilities • The AAA Server Manager is the user interface that performs administration and ...

  • HP (Hewlett-Packard) 11I V1 - page 17

    Introduction to AAA Ser ver Product Structure Chapter 1 9 The 802.1x Advisor The 802.1x Advisor is an HTML tutorial/help system in the Server Manager GUI that walks you through the tasks and Server Manager screens for securing WLANs with the HP-UX AAA Server . The 802.1x Advisor provides information only—it does not edit configuration files. F ...

  • HP (Hewlett-Packard) 11I V1 - page 18

    Introduction to AAA Ser ver Product Structure Chapter 1 10 Accessing the Server Manager The Server Manager provides access to the AAA server management functions and configuration files . From a remote client workstation, administrators can access the AAA Server Manager interface through a W eb browser . An administrator can create a AAA configu ...

  • HP (Hewlett-Packard) 11I V1 - page 19

    Introduction to AAA Ser ver Product Structure Chapter 1 11 Some advanced features of the HP-UX AAA Server cannot be configured through the Server Manager interface. F or example , if you want to define session management parameters, policies, or vendor -specific attributes, you must manually edit the configuration files . Refer to the HP-UX AA ...

  • HP (Hewlett-Packard) 11I V1 - page 20

    Introduction to AAA Ser ver AAA Server Architecture Chapter 1 12 AAA Server Architecture The HP-UX AAA Server Architecture consists of three primary components: • Configuration files . By editing these flat text files, with either the Server Manager user interface or with a text editor , you can provide the information necessary for the serve ...

  • HP (Hewlett-Packard) 11I V1 - page 21

    Introduction to AAA Ser ver AAA Server Architecture Chapter 1 13 <realm name>.users The same information as the users file, but this user information is associated with a particular realm. These files are only necessary to perform File type authentication for a defined realm. Realms are recognized by the realm component of the user’ s Ne ...

  • HP (Hewlett-Packard) 11I V1 - page 22

    Introduction to AAA Ser ver AAA Server Architecture Chapter 1 14 Y ou can find out more information about these files by referring to the HP-UX AAA Server Administrator’ s Guide . Each configuration file also contains comments with examples . AA TV Plug-Ins Define actions to perform functions, suc h as authenticating requests, authorizing, a ...

  • HP (Hewlett-Packard) 11I V1 - page 23

    Introduction to AAA Ser ver HP-UX AAA Server Features Chapter 1 15 HP-UX AAA Server F eatures General F eatures • Compliant with RADIUS protocol RFC 2865 and 2866 standards • Supports multiple vendor NASs with a single server (multi-vendor dictionary that includes Nortel®, Cisco®, Lucent®, and others) • Configurable dictionary that allows ...

  • HP (Hewlett-Packard) 11I V1 - page 24

    Introduction to AAA Ser ver HP-UX AAA Server Features Chapter 1 16 • Supports multiple user definition ( realm ) files keyed by realm (File type authentication) • Authentication of users defined in an LDAP server (ProLDAP™ type authentication), including support of {clear} indicator for clear text passwords • Authentication of users de? ...

  • HP (Hewlett-Packard) 11I V1 - page 25

    Introduction to AAA Ser ver HP-UX AAA Server Features Chapter 1 17 • “Self-signed” AAA Server digital certificates created during installation allow for a secured TLS , TTLS, and PEAP environment without ha ving to generate your own certificates • Generates server activity logfiles, compressed daily • Optional debug levels for greater ...

  • HP (Hewlett-Packard) 11I V1 - page 26

    Introduction to AAA Ser ver HP-UX AAA Server Features Chapter 1 18 ...

  • HP (Hewlett-Packard) 11I V1 - page 27

    Chapter 2 19 2 Installing and Starting the HP-UX AAA Server This chapter leads you through the steps to install and start the HP-UX AAA Server . ...

  • HP (Hewlett-Packard) 11I V1 - page 28

    Installing and Star ting the HP-UX AAA Ser ver Getting the HP-UX AAA Server Software Chapter 2 20 Getting the HP-UX AAA Server Software Y ou can get the most recent version of the HP-UX AAA Server software at the HP Softw are Depot: http://software.hp.com . ...

  • HP (Hewlett-Packard) 11I V1 - page 29

    Installing and Star ting the HP-UX AAA Ser ver Installing the HP-UX AAA Server Chapter 2 21 Installing the HP-UX AAA Server IMPORT ANT Be sure to review the HP-UX AAA Server Release Notes before installation. The Release Notes list the requirements for each release, inc luding: installation, patch, and browser requirements . Y ou can access the Rel ...

  • HP (Hewlett-Packard) 11I V1 - page 30

    Installing and Star ting the HP-UX AAA Ser ver Starting the HP-UX AAA Ser ver Chapter 2 22 Starting the HP-UX AAA Server NO TE Refer to the Securing the HP-UX AAA Server section in the HP-UX AAA Server Administrator’ s Guide for information on securing your HP-UX AAA Server . Use the following steps to start the HP-UX AAA Server and the Server Ma ...

  • HP (Hewlett-Packard) 11I V1 - page 31

    Installing and Star ting the HP-UX AAA Ser ver T esting the Installation Chapter 2 23 T esting the Installation T o quickly test the server installation, you will use Server Manager to add a loopback connection to a AAA server , start the server , and then check its status for a response . Use the following steps to test the server installation: St ...

  • HP (Hewlett-Packard) 11I V1 - page 32

    Installing and Star ting the HP-UX AAA Ser ver T esting the Installation Chapter 2 24 Step 10. V erify your HP-UX AAA Server is installed and operating correctly by using the testing user (named test_user) created during installation. After test_user is authenticated and the AAA server sends an Access-Accept, the client sends an Accounting-Request ...

  • HP (Hewlett-Packard) 11I V1 - page 33

    Installing and Star ting the HP-UX AAA Ser ver Installation Defaults Chapter 2 25 Installation Defaults The HP-UX AAA Server can be run as root user , however non-root user is recommended. A user and group, both named aaa , will be created during installation. The HP-UX AAA Server can be run as non-root user , using the default aaa user created dur ...

  • HP (Hewlett-Packard) 11I V1 - page 34

    Installing and Star ting the HP-UX AAA Ser ver Installation Defaults Chapter 2 26 /opt/aaa/examples/orac le • create.sql : SQL script to create Oracle users table • delete.sql : Sample SQL script to delete Oracle user records • insert.sql : Sample SQL script to add Oracle user records /opt/aaa/examples/prol dap ProLDAP schema and sample LDIF ...

  • HP (Hewlett-Packard) 11I V1 - page 35

    Installing and Star ting the HP-UX AAA Ser ver Installation Defaults Chapter 2 27 /etc/opt/aaa Configuration files: • aaa.config : runtime and tunneling configuration file • authfile : realm to authentication-type mapping file • clients : client to shared secret mapping file • db_srv.opt : configuration script for db_srv environment ...

  • HP (Hewlett-Packard) 11I V1 - page 36

    Installing and Star ting the HP-UX AAA Ser ver Installation Defaults Chapter 2 28 The following table lists the files generated during operation and located in /var/opt/aaa/ by default: T able 2-2 Files Generated During Operation Directory File /acct/session.yyyy-mm-dd.log Default session accounting logs, Merit style /data/session.las Currently ac ...

  • HP (Hewlett-Packard) 11I V1 - page 37

    Installing and Star ting the HP-UX AAA Ser ver Commands, Utilities, & Daemons Chapter 2 29 Commands, Utilities, & Daemons T able 2-3 Commands, Utilities, & Daemons Command Description db_srv The db_srv daemon performs Oracle database access operations for authentication on behalf of one or more remote HP-UX AAA Servers. radcheck Sends a ...

  • HP (Hewlett-Packard) 11I V1 - page 38

    Installing and Star ting the HP-UX AAA Ser ver UnInstalling the HP-UX AAA Server Software Chapter 2 30 UnInstalling the HP-UX AAA Server Software Use the following steps to uninstall the HP-UX AAA Server: Step 1. Select Administration in the Navigation Tree . V erify the AAA server you want to stop is selected in the Server Status Frame . Click the ...

  • HP (Hewlett-Packard) 11I V1 - page 39

    Chapter 3 31 3 Basic Configuration T asks This chapter explains a few basic configuration tasks . Refer to the HP-UX AAA Server Administrator’ s Guide for complete information on configuring the HP-UX AAA Server . ...

  • HP (Hewlett-Packard) 11I V1 - page 40

    Basic Configuration T asks Storing User Profiles Chapter 3 32 Storing User Profiles The user information that determines how an access request is authenticated and authorized is configured in a profile as a set of A-V pairs. These user profiles are grouped by realm and may be stored in flat text files or an external source such as an Orac l ...

  • HP (Hewlett-Packard) 11I V1 - page 41

    Basic Configuration T asks Storing User Profiles Chapter 3 33 the method you choose is compatible with the client password hashing method. The following table lists the supported client password hashing methods and each storage hash you should use for each method: Step 9. Y ou may enter values in the remaining fields to control the users session ...

  • HP (Hewlett-Packard) 11I V1 - page 42

    Basic Configuration T asks Storing User Profiles Chapter 3 34 Step 3. In the Name field, enter the realm name. Step 4. Select Authentication from the Realm Type drop-down list. Step 5. Select Users File in the User Profile Storage drop-down list. Step 6. Select the Users Profile Grouped by Realm button in the User Storage P arameters field. I ...

  • HP (Hewlett-Packard) 11I V1 - page 43

    Basic Configuration T asks Storing User Profiles Chapter 3 35 CA UTION Save Configuration will save the entire server configuration (access devices , proxies , local realms , users , and server properties) to the servers you specify . ...

  • HP (Hewlett-Packard) 11I V1 - page 44

    Basic Configuration T asks Adding and Modifying Users Chapter 3 36 Adding and Modifying Users User profiles associate information with a user name for authentication and authorization. This information is defined by attribute-value pairs. The server configuration must inc lude profiles for all the users that can access services through the AAA ...

  • HP (Hewlett-Packard) 11I V1 - page 45

    Basic Configuration T asks Adding and Modifying Users Chapter 3 37 User Name: V alue to compare to the User-Name attribute value in the request. It must be less than 64 characters . &, “, ~, , /,%, $, ‘, and space characters may not be used. IMPORT ANT Y ou must enter the user’s fully-qualified name when adding to the default users fi ...

  • HP (Hewlett-Packard) 11I V1 - page 46

    Basic Configuration T asks Adding and Modifying Users Chapter 3 38 Figure 3-2 Server Manager’s F ree User Attributes Screen T o add attributes to the list boxes, follow the Attribute = V alue syntax. A-V pairs may be listed one per line. When adding a new user profile , you select the Create button to submit it to the AAA Server Manager . When ...

  • HP (Hewlett-Packard) 11I V1 - page 47

    Basic Configuration T asks Session Logging and Monitoring Chapter 3 39 Session Logging and Monitoring Y ou can view the log files that record the details of each AAA transaction or the session logs that record information about each user's session. Y ou can also access information for active sessions and manually terminate a session if neces ...

  • HP (Hewlett-Packard) 11I V1 - page 48

    Basic Configuration T asks Session Logging and Monitoring Chapter 3 40 Step 4. Select a session. The AAA server manager will display the attributes for the selected session. Step 5. Select the OK button when you are done reading the session. Stopping a Session This procedure is intended for sessions that were terminated on the access device but ar ...

  • HP (Hewlett-Packard) 11I V1 - page 49

    Basic Configuration T asks Session Logging and Monitoring Chapter 3 41 Figure 3-4 Server Manager’s Logfile Screen ...

  • HP (Hewlett-Packard) 11I V1 - page 50

    Basic Configuration T asks Session Logging and Monitoring Chapter 3 42 Search P arameters Y ou can filter what dates and times to retrieve from the logfile. NO TE Y ou can filter what data to retrieve according to the type of messages. F or each message type, you indicate whether the message type should or should not be retrieved by selecting t ...

  • HP (Hewlett-Packard) 11I V1 - page 51

    Basic Configuration T asks Session Logging and Monitoring Chapter 3 43 Viewing Server Statistics Selecting the Statistics link from Server Manager’s Na vigation Tree allows you to retrieve a count of events that occurred on the AAA server within a time range. The statistics are displayed using a bar graph. Figure 3-5 Server Manager’s Statistic ...

  • HP (Hewlett-Packard) 11I V1 - page 52

    Basic Configuration T asks Securing WLANs with the HP-UX AAA Server Chapter 3 44 Securing WLANs with the HP-UX AAA Server The HP-UX AAA Server provides security framework to support EAP authentication mechanisms for WLAN users . The HP-UX AAA Server allows authentication of wireless users with password or non-password based mechanisms and supports ...

  • HP (Hewlett-Packard) 11I V1 - page 53

    Glossar y of T er ms Chapter 4 45 4 Glossary of T erms 802.1x Advisor The 802.1x Advisor is an HTML tutorial/help system in the Server Manager GUI that walks you through the tasks and Server Manager screens for securing WLANs with the HP-UX AAA Server . AAA Abbreviation for Authentication, Authorization, and Accounting. AAA Server A software applic ...

  • HP (Hewlett-Packard) 11I V1 - page 54

    Glossar y of T er ms Chapter 4 46 Administrator Special user , known by the system on which the AAA server is running and is able to configure and to manage the AAA server . Application Service Provider Third-party entities that manage and distribute software-based services and solutions to customers across a wide area network from a central data ...

  • HP (Hewlett-Packard) 11I V1 - page 55

    Glossar y of T er ms Chapter 4 47 Client NAS , proxy server , or other networking device that uses the AAA server services to authenticate and authorize users. Common Open P olicy Service A query and response protocol that can be used to exchange policy information between a policy server (P olicy Decision Point or PDP) and its clients (P olicy Enf ...

  • HP (Hewlett-Packard) 11I V1 - page 56

    Glossar y of T er ms Chapter 4 48 When a user requests access to a service of a specific configuration, a client may provide this information in an Access-Request as a hint to the AAA server . The server may reject the request based on the hints or supply the service as specified by the hints, by the server’ s configuration, or by a combinati ...

  • HP (Hewlett-Packard) 11I V1 - page 57

    Glossar y of T er ms Chapter 4 49 See Integrated Services Digital Network . LAS See Local Authorization Server . LDAP See Lightweight Directory Access Protocol . Lightweight Directory Access Protocol Used for directories providing naming, location, management, security , and other services for Internet networking, abbreviated as LDAP . Lightweight ...

  • HP (Hewlett-Packard) 11I V1 - page 58

    Glossar y of T er ms Chapter 4 50 See P assword Authentication Protocol . P assword Authentication Protocol A simple password protocol that transmits a user name and password across the network, unencrypted, abbreviated as P AP . PEAP (Protected EAP) Functionally very similar to TTLS , but does not encapsulate legacy authentication methods. PEAP fe ...

  • HP (Hewlett-Packard) 11I V1 - page 59

    Glossar y of T er ms Chapter 4 51 A NAS or other device that sends requests to an AAA server . RAS See Remote Access Server . Realm A realm is a logical group of users, who usually can be authenticated using one particular method. Grouping users into realms simplifies the management of those users in a distributed environment. F or example, an ISP ...

  • HP (Hewlett-Packard) 11I V1 - page 60

    Glossar y of T er ms Chapter 4 52 See Simultaneous Access T oken . Server Manager A W eb-based graphical user interface which provides an interface between an administrator and the AAA servers. In addition to creating , modifying, and deleting entries in many of the server’s configuration files , an administrator may start and stop the AAA serv ...

  • HP (Hewlett-Packard) 11I V1 - page 61

    Glossar y of T er ms Chapter 4 53 A token pool contains a number of tokens belonging to some organization and having a given name . These tokens may be shared among one or more realms . Tunneling A secure connection between a client workstation and an intranet or other network, that provides a VPN to a user . This connection may be a voluntary tunn ...

  • HP (Hewlett-Packard) 11I V1 - page 62

    Glossar y of T er ms Chapter 4 54 ...

  • HP (Hewlett-Packard) 11I V1 - page 63

    55 Index Numerics 802.1x Advisor , 9 A acquiring HP-UX AAA Server software , 20 C Challenge Handshake Authentication Protocol , 5 CHAP (Challenge Handshake Authentication Protocol) , 5 check items , 37 configuration files , 12 D db_srv (Oracle daemon) , 29 E EAP (Extensible Authentication Protocol) , 5 EAP-GTC (Generic T oken Card) , 6 EAP-LEAP ( ...

  • HP (Hewlett-Packard) 11I V1 - page 64

    Index 56 user sessions , 39 W Wireless LAN , 9 , 44 Wireless LAN , Authentication , 9 Wireless LAN , securing , 9 , 44 ...

Manufacturer HP (Hewlett-Packard) Category Server

Documents that we receive from a manufacturer of a HP (Hewlett-Packard) 11I V1 can be divided into several groups. They are, among others:
- HP (Hewlett-Packard) technical drawings
- 11I V1 manuals
- HP (Hewlett-Packard) product data sheets
- information booklets
- or energy labels HP (Hewlett-Packard) 11I V1
All of them are important, but the most important information from the point of view of use of the device are in the user manual HP (Hewlett-Packard) 11I V1.

A group of documents referred to as user manuals is also divided into more specific types, such as: Installation manuals HP (Hewlett-Packard) 11I V1, service manual, brief instructions and user manuals HP (Hewlett-Packard) 11I V1. Depending on your needs, you should look for the document you need. In our website you can view the most popular manual of the product HP (Hewlett-Packard) 11I V1.

A complete manual for the device HP (Hewlett-Packard) 11I V1, how should it look like?
A manual, also referred to as a user manual, or simply "instructions" is a technical document designed to assist in the use HP (Hewlett-Packard) 11I V1 by users. Manuals are usually written by a technical writer, but in a language understandable to all users of HP (Hewlett-Packard) 11I V1.

A complete HP (Hewlett-Packard) manual, should contain several basic components. Some of them are less important, such as: cover / title page or copyright page. However, the remaining part should provide us with information that is important from the point of view of the user.

1. Preface and tips on how to use the manual HP (Hewlett-Packard) 11I V1 - At the beginning of each manual we should find clues about how to use the guidelines. It should include information about the location of the Contents of the HP (Hewlett-Packard) 11I V1, FAQ or common problems, i.e. places that are most often searched by users in each manual
2. Contents - index of all tips concerning the HP (Hewlett-Packard) 11I V1, that we can find in the current document
3. Tips how to use the basic functions of the device HP (Hewlett-Packard) 11I V1 - which should help us in our first steps of using HP (Hewlett-Packard) 11I V1
4. Troubleshooting - systematic sequence of activities that will help us diagnose and subsequently solve the most important problems with HP (Hewlett-Packard) 11I V1
5. FAQ - Frequently Asked Questions
6. Contact detailsInformation about where to look for contact to the manufacturer/service of HP (Hewlett-Packard) 11I V1 in a specific country, if it was not possible to solve the problem on our own.

Do you have a question concerning HP (Hewlett-Packard) 11I V1?

Use the form below

If you did not solve your problem by using a manual HP (Hewlett-Packard) 11I V1, ask a question using the form below. If a user had a similar problem with HP (Hewlett-Packard) 11I V1 it is likely that he will want to share the way to solve it.

Copy the text from the picture

Comments (0)