Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX AAA Server A.07.00 Administrator's Guide: HP-UX 11i v1, 11i v2, and 11i v3 > Chapter 28 Configuration Files

The clients File
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

The server configuration must include all the clients (NASs, RADIUS proxy servers, and other network devices) that can communicate with the HP-UX AAA Server. If a client is not included in the configuration, the server discards its messages.

The /etc/opt/aaa/clients file contains the identifying information for these clients.

IMPORTANT: Configuration files have a maximum input line length of 255 characters.
No checking is done to ensure that a configuration statement has not exceeded this limit.

Syntax of a Client Entry

Name Shared-Secret Type=vendor:{NAS|PROXY}options Version Prefix

An IPv4 example of a client that is a NAS:

192.0.2.0 secret type=Ascend+USR:NAS+RAD_RFC+ACCT_RFC v1

An IPv4 example of a client that is a proxy:

192.0.2.0:3400 secret type=Ascend+USR:PROXY+RAD_RFC+ACCT_RFC v1

An IPv6 example of a client that is a NAS:

fedc:ba98:7654:3210:fedc:ba98:7654:3210 secret type=Ascend+USR:NAS+RAD_RFC+ACCT_RFC v1

An IPv6 example of a client that is a proxy:

[fedc:ba98:7654:3210:fedc:ba98:7654:3210]:3400 secret type=Ascend+USR:PROXY+RAD_RFC+ACCT_RFC v1
NOTE: In case of a Proxy, if the Name field is an IPv6 literal address then you must separate the address from the port by enclosing the address in square brackets.

A DNS name example of a client that is a NAS:

danish secret type=Ascend+USR:NAS+RAD_RFC+ACCT_RFC v1

A DNS name example of a client that is a proxy:

danish:3400 secret type=Ascend+USR:PROXY+RAD_RFC+ACCT_RFC v1

Prefixed Users and authfile

In the clients file, it is possible to specify a prefix for a client. When an Access-Request is matched to a client, the HP-UX AAA Server will search for the users profile in the prefix.users file. Likewise, if the user profile indicates the Realm authentication type, the server will search for an entry that matches the users realm in the prefix.authfile file.

Wildcard Support for IPv4 and IPv6

To allow access from any IP address or from any IP address of a particular subnet, specify a wildcard pattern in the etc/opt/aaa/clients file. Wildcard IP addresses are specified by using the high order components followed by the asterisk wildcard. Following are some examples of valid IPv4 wildcard patterns:

*
192.*
192.0.*
192.0.2.*

Following are some examples of invalid IPv4 wildcard patterns:

*.0
192.0*

To allow access from any IPv6 address or from a group of IPv6 addresses, specify an IPv6 wildcard pattern. The allowed IPv6 wildcard patterns are constructed by appending an ‘*’ to a partial IPv6 address or by specifying a single ‘*’. Following are some examples of valid IPv6 wildcard patterns:

*
fedc:ba98:7654:3210:fe*
fedc:ba98:7654:3210:fedc:ba98:*

The special IPv6 syntax of compressing zeroes using "::" is not allowed in IPv6 Wildcard patterns. Following example is incorrect:

fedc::ba98:fe*


The aaa.config File
  		 


The users File  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© Hewlett-Packard Development Company, L.P.