Table 7-1 Fields in the Local Realm Attributes Form
Option
Function
Name
Name of the realm that must be mapped.
This name does not have to be a DNS host name. However HP recommends
that the realm name match a domain name. The user will then be able
to recognize the user@realm syntax that resembles their email address.
Realm Type
Identifies whether the realm is an Authentication
or Tunneling realm. Choose any of the following options according
to your needs:
Authentication:
Select this option if the realm is not going to be used for tunneling.
PEAP Tunnel: Select this
option if the realm is the tunneling realm when using PEAP.
TTLS Tunnel: Select this
option if the realm is the tunneling realm for TTLS.
User Profile Storage
To indicate the location where the AAA
server must retrieve user profiles from:
The users file: Choose this option to store user information locally in
AAA Server flat files. Choosing this option allows you to administer
user information with Server Manager.
NOTE: Server Manager can administer user information stored locally
in AAA server flat files only.
LDAP, Oracle, OS Security
Database, or SecurID / ACE server: For more information, see the
individual chapters for each system in this guide.
No Store: EAP-TLS Certificates:
If you are using TLS, you are not required to store user information
because the TLS certificates provide the user information needed
for authentication. Choose this option if you are using TLS and
do not want to store user information.
No Store: Allow All Users:
Choose this option to allow all requests from a realm.
No Store: Deny All Users:
Choose this option to deny all requests from a realm.
User Storage Parameters
Identify the users file that you will populate
with user profiles.
Security Method
Indicates the authentication methods
to authenticate users from the realm. If you are using TTLS-PAP,
TTLS-MSCHAP, or TTLS-CHAP, click Password Authentication. For all
other methods, click EAP Authentication and choose at least one
EAP method from the drop-down list.
Alias
An optional, paranthesized list of one
or more aliases, delimited by commas. Each realm alias is equivalent
to the realm name. An alias is provided for user convenience or
other purposes, such as to save typing when logging on to your network.
Aliases are allowed on wild card entries and are interpreted as
meaning *.alias.
Filter ID
Allows the optional specification of
a packet filter name to be associated with authentication through
this realm name. It overrides any explicit filter name specified
in a user profile.
Session Tracking
Determines if session tracking is enabled
for a realm. When you enable session tracking, accounting records
are generated for a realm and active sessions can be searched using
the Session option on the navigation tree.
To add a new realm, click Create to submit the new realm to the
Server Manager. To return to the Realms screen without
making any changes to your server configuration, click Cancel.
Printable version
