Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX AAA Server A.06.00 Administration and Authentication Guide: HP-UX 11.0, 11i v1 > Chapter 4 Startup and Testing

Starting AAA Servers From the Command Line
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

radiusd is a daemon process that services user authentication and accounting requests from RADIUS clients. Authentication and accounting requests come to radiusd in the form of UDP packets conforming to the RADIUS protocol.

radiusd runs as a daemon that you can start from the command line or through an inetd service.

Syntax of radiusd

radiusd [-c workdir] [-C] [-d configdir] [-da aatvdir] [-dl logdir] [-di ipcdir] [-dr rundir] [-dd datadir] [-dm meritdir] [-p authport] [-q acctport] [-f fsm] [-l [-n] [-pp authproxy] [-qq acctproxy] [-g logtype] [-t timeout] [-v] [-z] [-x] [-x] [-x] [-x]

Table 4-2 radiusd Options

Option Description
-c Working-directory Set current working directory. This can be useful for determining the location of system generated files, such as core files.
-C tokcachedirEnable token caching.
-d Config-directory Directory where the configuration files are located. If omitted, the default is /etc/opt/aaa.
-da AATV-directory Directory where the AATV libraries are located. If omitted, the default is /opt/aaa/aatv.
-dl Logfile-directory Directory where the log and debug files are located. If omitted, the default is /var/opt/aaa/logs.
-di IPC-directory Directory where the files generated for shared memory operation are located. If omitted, the default is /var/opt/aaa/ipc.
-dr Run-directory Directory where the server's process id file (radiusd.pid) is located. If omitted, the default is /var/opt/aaa/run.
-dd Data-directory Directory where the active session file (session.las) is located. If omitted, the default is /var/opt/aaa/data.
-dm Accounting-directory Directory where Merit style accounting log files (session logs) are located. If omitted, the default is /var/opt/aaa/acct.
-p Authentication-port UDP port number to listen for auth requests on. If omitted, the local host services will be queried to obtain the port for radius (see services(4)). If unable to obtain the port from host services, the RADIUS standard default of 1812 will be used.
-q Accounting-port UDP port number to listen for acct requests on. If omitted, the local host services will be queried to obtain the port for radacct (see services(4)). If unable to obtain the port from host services, the RADIUS standard default of 1813 will be used.
-f FSM Allows the user to specify an alternate FSM table file instead of the default radius.fsm file. The default FSM (/etc/opt/aaa/radius.fsm) follows Merit style accounting behavior.
-l Log-format

strftime(3) format for naming logfiles. The -l option specifies the logfile name format with timestamp precision and dictates when a logfile will start logging. For example, the following specifies the logging to start every hour:
$ ./radiusd -l logfile.%Y%m%d%H

-n Reset the session table. If omitted, the default is to restore the session table from a previous run.
-pp Authentication-proxy UDP port number to forward (proxy) authentication requests from.
-qq Accounting-proxy UDP port number to forward (proxy) accounting requests from.
-g LogtypeSelect logfile, syslog, or stderr logging.
-t Timeout Inactivity timeout value (minutes) when radiusd is started via inetd.
-v Displays AAA server version.
-z Empty (zap) the logfile & debug file if -x used.
-x Add to debug flag value, refer to Chapter 8 “Troubleshooting ”.

 

NOTE: radiusd determines what action to take when receiving requests based upon a finite state machine that it loads into memory when the server is started. The finite state machine that the server uses is configurable, but it is static after server startup. The server uses the following algorithm to determine what finite state machine to load into memory:

Figure 4-3 Algorithm for Determining Which FSM to Load

Algorithm for Determining Which FSM to Load
IMPORTANT: When started by inetd service, radiusd times out if it does not receive a message after fifteen minutes. With the -t Timeout option, you can override this value. If the value is set to 0, it will wait indefinitely and never timeout and terminate. It will wait forever for a request.

Configuring the AAA Server to Automatically Start Upon System Reboot

You can configure the HP-UX AAA Server (radiusd) and RMI objects to start automatically after a system reboot.

  • Set the RADIUSD variable in /etc/rc.config.d/radiusd.conf to 1. The default setting is 0.

    CAUTION: Modifying any of the content in /sbin/init.d/radiusd.rc other than radiusd options may result in a system that will not boot.


Starting AAA Servers Using Server Manager
  		 


Stopping or Restarting AAA Servers  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2003 Hewlett-Packard Development Company, L.P.