Upload
duce
View
32
Download
4
Tags:
Embed Size (px)
DESCRIPTION
Bridgewater ATP
Citation preview
Acceptance Test Plan
Version 1.0
April 19, 2023
The manufacturer (MFR) reserves the right to make changes to this document and the products which it describes without notice. The MFR shall not be liable for technical or editorial errors or omissions made herein; nor for incidental or consequential damages resulting from the furnishing, performance, or use of this material or of the accompanying Software or any files derived from the Software.
Bridgewater Systems Corporation
303 Terry Fox Dr.
Suite 500
Ottawa, Ontario
Canada K2K 3J1
Phone: +1 613 591-6655Fax: +1 613 591-6656
http://www.bridgewatersystems.com
Bridgewater Systems Technical Support
North America: 1-877 943-3772
Mexico: 00-1-800-514-3772
International: 1-800 943-37726
Bridgewater and the Bridgewater logo are trademarks of Bridgewater Systems Corporation.
Other company or product names referenced may be the trademark or registered trademark of their respective companies.
©1997-2007 Bridgewater Systems Corporation. All rights reserved.
Table 1. Revision History
Date Release Version Comments
April 19, 2023 1.0 1.0 Original
Related Bridgewater documents
AAA Service Controller API Guide
AAA Service Controller User Guide
Bridgewater Installation Guide
Bridgewater SNMP Guide
Master Glossary
Monitoring and Logging User Guide
Oracle Database Reference Guide
Resource Management Server User Guide
Revenue Collector and Formatter Administrator Guide
Service Manager User Guide
These documents are available on the Bridgewater external web site:www.bridgewatersystems.com.
Bridgewater ATP Version 1.0
Contents
Introduction....................................................................................................................4
Prerequisites.................................................................................................................. 4
Time required................................................................................................................. 4
Documentation...............................................................................................................4
Customer-specific packages.................................................................................4
Pre-installation tasks.....................................................................................................5
Jumpstart the servers.....................................................................................................5
Verify the DVD or FTP site contents...............................................................................5
Create a directory for the packages................................................................................5
Copy the packages and scripts from the DVD or FTP site...............................................5
Operating system setup check lists................................................................................6
Remote access.....................................................................................................6
Server information................................................................................................6
Install the Oracle database...........................................................................................7
Install the database package..........................................................................................7
Start or stop the daemon................................................................................................7
Verify the database type and confirm that it responds to requests...................................7
Check for broken database jobs, including replication and purging jobs...........................8
Check the log file............................................................................................................8
Install the packages.......................................................................................................9
TimesTen database.......................................................................................................9
RMS............................................................................................................................ 10
SNMP.......................................................................................................................... 10
Verify the SNMP process....................................................................................11
Check the MIBs..................................................................................................11
April 19, 2023 Page 1
Bridgewater ATP Version 1.0
Installation troubleshooting........................................................................................12
Shutting down the server..............................................................................................12
Destination for email messages....................................................................................12
BWSraddmu................................................................................................................13
BWSwsoc Oracle Client package.................................................................................13
Set up the server for testing.......................................................................................14
Configure the Provisioning Server.................................................................................14
Verify the Provisioning Server process.........................................................................17
Verify the Provisioning CLU API...................................................................................17
Configure the Accounting Framework...........................................................................18
Verify the Accounting Framework process....................................................................19
Verify the RADIUS process..........................................................................................19
Install the Service Manager..........................................................................................20
Verify access to the Service Manager...........................................................................21
Verify database replication...........................................................................................22
Test the installation.....................................................................................................23
Configure a PDSN........................................................................................................23
Create the DEFAULT Service Profile............................................................................24
Configure Profiles and a User.......................................................................................25
Create a Gold User Profile Set in the organization you just created...............................26
Create a Gold User......................................................................................................26
Configure and run tracetool..........................................................................................28
Add a tracetool client..........................................................................................28
Start tracetool.....................................................................................................28
Run radtest.................................................................................................................. 29
View accounting records...............................................................................................36
Page 2 April 19, 2023
Bridgewater ATP Version 1.0
Verify RADIUS operation using radtest.........................................................................37
Verify tracetool operation using radtest.........................................................................37
Verify radpet operation.................................................................................................38
Verify the monitoring operation.....................................................................................38
Verify the Oracle backup operation...............................................................................38
Verify accounting flat file generation.............................................................................39
Verify SNMP query functions........................................................................................39
Verify system operation after a reboot..........................................................................39
Appendix A...................................................................................................................40
Middleware Server.......................................................................................................40
Verify the Middleware process.............................................................................40
Web and FTP Server...................................................................................................41
Verify the Web server process............................................................................41
DHCP Server (Client Configuration)..............................................................................41
Application Authorization Server (AppAuth)..................................................................42
LDAP Integration..........................................................................................................42
RADIUS Proxy.............................................................................................................42
System Monitoring (Monitoring Utility – BWSbmon)......................................................42
Session State Register (SSR)......................................................................................42
Prepaid Integrator (PPI)...............................................................................................43
Prepaid operation................................................................................................43
Postpaid operation..............................................................................................44
CALEA Controller.........................................................................................................44
Calea TimesTen database..................................................................................44
Installation Acceptance Form........................................................................................45
April 19, 2023 Page 3
Bridgewater ATP Version 1.0
IntroductionThe purpose of this Acceptance Test Plan (ATP) is to verify the installation and general operation of Bridgewater products. It is not intended to verify all functionality in Bridgewater products.
The ATP includes installation procedures, basic configuration procedures, and basic test tools and utilities.
PrerequisitesTo be able to successfully perform the installation, configuration, and execution of the test tools and utilities described in this ATP, the following skills are recommended:
Some familiarity with Bridgewater products (for example, a review of the documentation for the applicable products, and an understanding of the system architecture).
Common Unix commands
Solaris operating system
Time requiredExecution can be accomplished in as little as 2-4 hours but may take longer, depending on the problems encountered and the skill level and experience of the tester.
DocumentationWe recommend that you print a copy of the Bridgewater Installation Guide to assist you with the installation process. The following chapters are especially useful:
Chapter 1: Component packages
This chapter lists all the packages required for each Bridgewater component.
Chapter 4: Installation checklists
This chapter contains checklists for recording any information requested during the installation. This is especially useful if you don’t use default names and passwords and need to remember them later.
Chapter 6: Package installation
This chapter contains all known package prompts. They are listed in the order in which they should be installed, based on package and component dependencies.
Customer-specific packages
For information about installing customer-specific packages, see the applicable installation and user guides.
Page 4 April 19, 2023
Bridgewater ATP Version 1.0
Pre-installation tasksThis section describes the tasks required or recommended before you start the installation.
Jumpstart the serversBefore you start the installation and test execution, you may want to clean the test platforms and install fresh copies of the operating system and recommended patches.
You can use the pre-installation script to jumpstart with a flash image, rather than installing the operating system from scratch. This takes less time and is the preferred method to guarantee a properly installed operating system.
Note: All local hard disks are erased during the jumpstart procedure. Make sure you back up any data that you want to keep before you begin.
Verify the DVD or FTP site contentsVerify that the list of packages corresponds to the release list and matches the list in the Bridgewater Installation Guide.
Create a directory for the packagesConnect to your server and create a directory for the packages and executables.
Copy the packages and scripts from the DVD or FTP siteInsert the DVD into the drive and copy the files to the directory you created on your server, or connect to the FTP server that contains the files and copy them to the directory on your server.
April 19, 2023 Page 5
Bridgewater ATP Version 1.0
Operating system setup check lists
Remote access
General
VPN client
VPN username
VPN password
VPN endpoint IP address
Server access (SSH)
AAA SC 1 IP
AAA SC 1 access username
AAA SC 1 access password
AAA SC 1 root username
AAA SC 1 root password
AAA SC 2 IP
AAA SC 2 access username
AAA SC 2 access password
AAA SC 2 root username
AAA SC 2 root password
Server information
OS version
OS server model
OS CPU
OS memory
OS cluster patches
Partioning
Network interfaces
Hosts
Crontabs
NTP
Policies
Page 6 April 19, 2023
Bridgewater ATP Version 1.0
Install the Oracle database
Install the database packageInstall either the Oracle Enterprise (BWSwsoe) or Oracle Standard (BWSwsos) database package. You must unzip these packages before you install them.
1. Determine the type of Oracle database to be installed, so that you can respond appropriately to the prompts: MDEF, Master, Snapshot, or Standalone.
2. Move to the directory where the database package is located:
cd /<dirctory_name>
3. Unzip the package:
gunzip <package_name>.Z
4. Install the database:
pkgadd –d <package_name>
Below are the most common commands for checking the Oracle database. For more information, see the Oracle Database Reference Guide.
Start or stop the daemon
/etc/init.d/oracle start or /etc/init.d/oracle stop
Verify the database type and confirm that it responds to requests
1. Log in as root
2. Switch to Oracle user:
su - oracle
3. Change to the Widespan scripts directory:
cd /widespan/scripts
4. Verify the Oracle database type:
./servertype.sh
The result should show the database type. For an MDEF database, it should also show the replication status, which should be NORMAL.
April 19, 2023 Page 7
Bridgewater ATP Version 1.0
Check for broken database jobs, including replication and purging jobs
1. Log in as root
2. Switch to Oracle user:
su - oracle
3. Access SQLPLUS:
sqlplus
r6
r6
4. At the sql prompt, type:
select count (*) from dba_jobs where broken = 'Y';
The count should be 0 for each server.
Check the log file
tail -100f /u01/app/oracle/admin/wsp/bdump/alert_wsp.log
To verify that the processes are running, type:
ps –ef|grep ora
Page 8 April 19, 2023
Bridgewater ATP Version 1.0
Install the packagesThis section provides the high-level instructions.
For detailed information, see the Bridgewater Installation Guide.
1 Move to the /stage/ directory:
cd /stage/
2. Find the required packagepkgadd -d /<directory_name>
3. Do one of the following:
a If the package appears in the list, type Crt-D, then type its number and press Enter.
b For more packages, press Enter.
Note: The database script package installation may take up to an hour..
4 Repeat step 3 until all desired packages have been installed.
After each package installation, a messages is displayed stating that BWS<package_name> has been installed.
Note: In Solaris 8, after a package has been installed, the beginning of the package list is automatically displayed. The list does not appear automatically in Solaris 10.
TimesTen databaseIf you are installing the TimesTen database package, you must run the setup script after the package has been installed:
cd /TimesTenSoftware
./setup.sh –record /TimesTenSoftware/install.log
Below are the most common commands for checking the Oracle database. For more information, see the AAA Service Controller User Guide.
To start or stop the daemon, type:
/etc/init.d/tt_tt51 start or /etc/init.d/tt_tt51 stop
To check the log file, type:
tail -100f /var/adm/messages
To verify that the processes are running, type:
ps –ef|grep Times
April 19, 2023 Page 9
Bridgewater ATP Version 1.0
RMSThe Resource Management Server (RMS) tracks the global use of dynamic resources such as active dial-up sessions across the network.
When you install the BWSwsrms package, you will see a prompt for the size of the TimesTen database in megabytes. Valid values are between 10 and 2048. For smaller servers, you may want to keep this number at or under 128.
Below are the most common commands for checking the RMS. For more information, see the RMS User Guide.
To access the host configuration file for editing, type:
/Widespan/config/rmshosts.conf
To access the RMS configuration file for editing, type:
/Widespan/config/rms/rms.conf
To start or stop the daemon, type:
/etc/init.d/wsrms start or /etc/init.d/wsrms stop
To check the log file, type:
tail -100f /var/adm/messages
To verify that the processes are running, type:
ps –ef|grep rms
SNMPBridgewater products communicate with the SNMP master agent for authentication, authorization and access control for SNMP requests, registration and deregistration of subagents and their MIB metrics, and trap event processing.
When the SNMP package, BWSsnmp, is installed, the option to run the SNMP master agent in addition to, or instead of, the standard Solaris agent is selected.
The SNMP master agent provides the same core agent services as the Solaris agent, including the agent protocol engine, authentication, authorization, privacy, and access control, plus support for some MIB objects, including the system and SNMP groups of MIB-II and the tables associated with SNMPv2* security. In addition, the SNMP master agent allows each application running on the server to register its own SNMP MIBs with the MIB browser or SNMP management system.
When you install the BWSwsrms package, you will see a prompt for the size of the TimesTen database in megabytes. Valid values are between 10 and 2048. For smaller servers, you may want to keep this number at or under 128.
Below are the most common commands for checking the SNMP functionality . For more information, see the Bridgewater SNMP Guide.
To access the SNMP configuration file for editing, type:
/Widespan/snmp/config/agt/snmpd.conf
To start or stop the daemon, type:
/etc/init.d/wssnmpd start or /etc/init.d/wssnmpd stop
Page 10 April 19, 2023
Bridgewater ATP Version 1.0
To check the log file, type:
tail -100f /var/adm/messages
To verify that the processes are running, type:
ps –ef|grep snmp
Verify the SNMP process
Make sure that the SNMP daemon stops and starts correctly.
1. Log in as root.
2. Stop SNMP:/etc/init.d/wshsnmpd stop
3. Open a second window to monitor the SNMP messages:tail -100f /var/adm/messages
4. In the first window, start SNMPr:/etc/init.d/wssnmpdstart
5. Confirm in the message log that the daemon starts up. You should see "SNMP Subagent successfully connected to Master Agent" in the log.
Check the MIBs
To check that the MIBs are properly installed and that metrics are properly incremented for a successful authentication request :
Stop and restart the Master Agent to reset the SNMP metrics.
Using radtest (see the section on using radtest on page 24), send an authentication request.
Using your MIB browser or SNMP management system, check that the following metrics are incremented correctly:
Metric Metric increase
radiusAuthServTotalAccessRequests 1
radiusAuthServTotalAccessAccepts 1
radiusAuthServAccessRequests 1
radiusAuthServAccessAccepts 1
radiusAccServTotalRequests 2 (1 each for acct start & stop)
radiusAccServTotalResponses 2 (1 each for acct start & stop)
radiusAccServRequests 2 (1 each for acct start & stop)
radiusAccServResponses 2 (1 each for acct start & stop)
April 19, 2023 Page 11
Bridgewater ATP Version 1.0
Installation troubleshootingThis section describes some of the problems you may encounter and how to resolve them.
Shutting down the serverSolaris parameters must be updated during Solaris 8 installation of the following packages:
BWSwsoe—Oracle Enterprise
BWSwsos—Oracle Standard
BWSwstt—TimesTen database
BWSwssts—Session Director
The basic instructions are the same, but the /tmp directories are different:
cp /etc/system /etc/system.orig
cp /tmp/system.<depends on the package>/etc/system
/usr/sbin/shutdown -y -g0 -i6
Destination for email messagesSeveral times during the installation, you are asked for an email address as the recipient of alert messages. Use an appropriate address to avoid flooding an unintended email address.
T avoid a continuous stream of emails, edit crontab. Do the following after installing the BWSmon package:
csh
setenv EDITOR vi
crontab -e
Comment out (#) the line that runs monitor.pl in crontab.
The root crontab should be used to perform accounting data collection.
#
# The rtc command is run to adjust the real time clock if and when daylight savings time changes.
#
10 3 * * 0,4 /etc/cron.d/logchecker
10 3 * * 0 /usr/lib/newsyslog
15 3 * * 0 /usr/lib/fs/nfs/nfsfind
Page 12 April 19, 2023
Bridgewater ATP Version 1.0
1 2 * * * [ -x /usr/sbin/rtc ] && /usr/sbin/rtc -c > /dev/null 2>&1
30 3 * * * [ -x /usr/lib/gss/gsscred_clean ] && /usr/lib/gss/ gsscred_clean
0 * * * * /usr/sbin/ntpdate time.bridgewatersys.com
0 * * * * /usr/sbin/ntpdate time.bridgewatersys.com
#1,3,5,7,9,11,13,15,17,19,21,23,25,27,29,31,33,35,37,39,41,43 ,45,47,49,51,53,55,57,59 * * * * [ -x /WideSpan/mon/ monitor.pl ] && /WideSpan/mon/monitor.pl > /de
v/null 2>&1
To save the changes and exit the vi editor, type:
:wq!
BWSraddmuThis is an optional package, required only if you are implementing the DMU feature.
Installing this package creates a number of changes in configuration files that may make it more difficult to complete the testing. Unless you know that you need this package and how to configure the files, we recommend against installing it.
BWSwsoc Oracle Client packageBWSwsoc is the Oracle Client package. Oracle Client is used to communicate with the database from a remote machine; therefore, it should not be installed on the same server as the database.
If you have installed this package on the same database, use one of the two recovery modes:
1. Jumpstart the server and start from the beginning.
2. Remove the package and clean up, using the following procedure:
a Remove the offending package:
pkgrm BWSwsoc
b Delete the following files:
— /var/opt/oracle/ora.tab
— /var/opt/bws/db.info
— /redo*
c Reboot the server.
April 19, 2023 Page 13
Bridgewater ATP Version 1.0
Set up the server for testingIn this section, you will find instructions to:
configure the Provisioning Server
configure the Accounting Framework
verify the RADIUS processes
install the Service Manager
verify database replication
Configure the Provisioning ServerThe Provisioning Server is used to send and receive requests to and from the AAA Service Controller Oracle database. The Provisioning Server is configured using the service.xml file.
1. Determine if the Provisioning Server is running:ps -ef | grep provs
If the Provisioning Server process is running, one parent and two child processes should be returned. If so, proceed to “Configure the Accounting Framework”.
If no processes are returned, you must configure the Provisioning Server configuration files and start the process as described below.
2. Move to the Provisioning Server configuration file directory:cd /WideSpan/config/provserver
3. Edit the server.xml file. As the root user:
<server version=”3.0”><datasource>
<user-name>r6</user-name><password>r6</password><driver>oracle.jdbc.OracleDriver</driver><url>jdbc:oracle:oci:@localhost:6136</url><timeout>10</timeout><min-pool-size>10</min-pool-size><max-pool-size>20</max-pool-size>
</datasource></server>
a Make sure the hostname (highlighted in bold above) is correct.
b Verify that the user-name and password for the database are correct.
Note: The installation of the AAA Service Controller uses r6 and r6 as the default user and password. These values can be changed later using the changedbpass script.
c If you are using a remote Oracle database, you must change the line:
<url>jdbc:oracle:oci:hostname202</url>
to use this format:
<url>jdbc:oracle:thin:@hostname202:1521:wsp</url>
Page 14 April 19, 2023
Bridgewater ATP Version 1.0
Below is an example of the server.xml file:
<server version="3.0">
<name>kansparc6136</name>
<role>Master</role>
<timeout>15</timeout>
<!-- configure http transport -->
<transport name="http">
<!-- Restrict binding of ports to an IP address/hostname or allow ports to bind to all interfaces(*). -->
<bind-address>*</bind-address>
<!-- Configure port to listen for HTTP requests -->
<port>32000</port>
<!-- Configure port to listen for HTTPs requests -->
<secure-port>32001</secure-port>
<!-- Shared secret required to decrypt ARC4 requests and encrypt responses sent via HTTP. Clients that use ARC4 over HTTP MUST be configured with the same shared secret. -->
<shared-secret>johnson</shared-secret>
<!-- Configure thread pool boundaries -->
<min-threads>10</min-threads>
<max-threads>256</max-threads>
</transport>
<datasource>
<user-name>r6</user-name>
<password>r6</password>
<driver>oracle.jdbc.OracleDriver</driver>
<url>jdbc:oracle:thin:@localhost:6136:wsp</url>
<timeout>10</timeout>
<min-pool-size>1</min-pool-size>
<max-pool-size>10</max-pool-size>
</datasource>
<access-control>
<user>
<principal>admin</principal>
<credentials>admin</credentials>
<role>Administrator</role>
<host>127.0.0.1</host>
</user>
<user>
<principal>middleware</principal>
<credentials>middleware</credentials>
<role>OSS</role>
<role>MiddlewareClient</role>
</user>
<user>
<principal>uatadmin</principal>
April 19, 2023 Page 15
Bridgewater ATP Version 1.0
<credentials>uat</credentials>
<role>OSS</role>
</user>
<user>
<principal>smclient</principal>
<credentials type="secret"/>
<role>OSS</role>
</user>
</access-control>
<snmp>
<nms><host>localhost</host><
<port>162</port></nms>
</snmp>
<logging>
<log name="server">
<log-level>INFO</log-level>
</log>
<!-- To enable request/response logging set the log level to INFO. To disable set to ERROR. -->
<log name="server.comm.request">
<log-level>ERROR</log-level>
</log>
<log-handler
class="com.bridgewatersystems.common.logging.SyslogEventHandler">
<properties>
<property
name="syslog.name"
value="provserver"
/>
<property
name="syslog.hostname"
value="localhost"
/>
<property
name="syslog.port"
value="514"
/>
<property
name="syslog.facility"
value="local7"
/>
</properties>
</log-handler>
<!-- Uncomment to enable file logging(useful for debugging)
<log-handler class="com.bridgewatersystems.common.logging.FileLogHandler">
<properties>
Page 16 April 19, 2023
Bridgewater ATP Version 1.0
<property
name="log.filepath"
value="/WideSpan/logs/provserver.log"
/>
<property
name="log.file.append"
value="false"
/>
</properties>
</log-handler>
-->
</logging>
</server>
Verify the Provisioning Server processWhen you have configured and verified the service.xml file, you can check the Provisioning Server process. To make sure that the Provisioning server daemon stops and starts correctly, run the following commands.
1. Log in as root.
2. Stop Provisioning:/etc/init.d/wsprovs stop
3. Open a second window to monitor the Provisioning Server messages:tail -100f /var/adm/messages
4. In the first window, start Provisioning:/etc/init.d/wsprovs start
5. Confirm in the message log that the daemon starts up. You should see "localhost provserver: server INFO ready" at the end of the log.
Verify the Provisioning CLU APITo make sure that the Provisioning server responds, use the Command Line Utilities (CLU) API:
1. Log in as root.
2. Change to the Widespan directory and send the message:cd /Widespan/vip./nasauth/Widespan/config/vipclient.conf root null root
3. The response from the API should be:OK|root||||
April 19, 2023 Page 17
Bridgewater ATP Version 1.0
Configure the Accounting FrameworkThere are three basic configuration options for the Accounting Framework:
write the files locally (if you are not using RC&F)
install the RC&F server functions locally
create a stream to send to a remote RC&F server
For information about deployment options, and configuration and operation instructions, see the Revenue Collector and Formatter Administrator Guide.
The RADIUS Server must have a buffer_config.xml file in the /WideSpan/config directory before the process can start. In addition, the Accounting Framework must have a configured acctfwk.xml file in the /WideSpan/config directory. This section describes how to use the installed pre-configured files to accomplish this.
Check to see if the buffer_config.xml file is present in the /Widespan/config directory:
ls
If the file is not present, copy the standalone version of the buffer_config.xml file:
cp /WideSpan/acctfwk/config.template/ buffer_config_radius_standalone.xml /WideSpan/config/ buffer_config.xml
Change the ownership and group for the buffer_config.xml file:
chown widespan:ws buffer_config.xml
Verify the change:
ls –l buffer_config.xml
The following should be displayed:
<-rw -------- 1 widespan ws 737 <date and time> buffer_config.xml
If the output from the verification has an “x” in it, the permissions include an executable, which must be removed:
chmod 600 buffer_config.xml
Check if the acctfwk.xml file is present in the /Widespan/config directory.
ls
If the file is not present, copy the standalone version of the acctfwk.xml file:
cp /WideSpan/acctfwk/config.template/ STANDALONE_acctfwk.xml /WideSpan/config/acctfwk.xml
Change the ownership and group for the acctfwk.xml file:
chown widespan:ws acctfwk.xml
Verify the change:
ls –l acctfwk.xml
The following should be displayed:Page 18 April 19, 2023
Bridgewater ATP Version 1.0
<-rw -------- 1 widespan ws 452 <date and time> acctfwk.xml
If the output from the verification has an “x” in it, the permissions include an executable, which must be removed:
chmod 600 acctfwk.xml
Verify the Accounting Framework processAfter you have created the buffer_config.xml and the acctfwk.xml files, make sure that the Acounting Framework daemon stops and starts correctly:
1. Log in as root.
2. Stop Accounting:/etc/init.d/wsacctf stop
3. Open a second window to monitor the Accounting messages:tail -100f /var/adm/messages
4. In the first window, start Accounting:/etc/init.d/wsacctf start
5. Confirm in the message log that the daemon starts up. You should see "Accounting Framework successfully started" in the log.
Verify the RADIUS processAfter you have created the buffer_config.xml and the acctfwk.xml files, make sure that the RADIUS daemon stops and starts correctly.
1. Log in as root.
2. Stop RADIUS:/etc/init.d/wsaradius stop
3. Open a second window to monitor the RADIUS messages:tail -100f /var/adm/messages
4. In the first window, start RADIUS:/etc/init.d/wsradius start
5. Confirm in the message log that the daemon starts up. You should see "WS_ConnectToDB -- Successful Database Connection to <database_name>" in the log.
To verify that the processes are running, as the root user, type:
# ps -ef | grep radiusd
# ps -ef | grep acctfwk
April 19, 2023 Page 19
Bridgewater ATP Version 1.0
Install the Service ManagerObtain the setup.exe file for Service Manager from the server. You should see the Middleware Server menu. If all you see is Apache docs, restart the provisioning server.
Double-click on the setup.exe file.
Connect to the server using the following parameters:
— Login Name = root
— Password = root
— Domain = null
— Server = <server_name or address>
— Port = 32001
If you have read-only access, replication must be turned on.
Close the Service Manager.
Check the replication status:
su - widespan
cd /database/widespan/scripts/dbutil
dbutil.sh replication_status
1. When prompted to output the results, enter y.
In the report, under Replication Group Status, you should see the following information:
Group = WSP6
Status = NORMAL
SCHEMA_COMMENT = Widespan WSP6 Replicated
2. If replication is not turned on, resume replication:
dbutil.sh replication_resume
3. Connect to Service Manager.
4. Install a license. On the main menu, select License > New.
Page 20 April 19, 2023
Bridgewater ATP Version 1.0
5. Enter the following:
— Authentication Code = 73C7-AF21-3F7C-9EFE-0A63-980F-E064-9885
— Customer Name = Bridgewater
— Distributor Name = Bridgewater
— Maximum Subscribers = 100,000
6. Click OK.
Verify access to the Service ManagerAfter you have configured the Service Manager, make sure that you can access it from your PC:
1. Launch the Service Manager client from your PC.
2. Log in as username "root".
3. Log in with the password "root".
4. Set the domain to "null".
5. Type in the IP Address or name of the server.
6. Set the port to "80".
April 19, 2023 Page 21
Bridgewater ATP Version 1.0
Verify database replicationIn this procedure, you will
add a user to the first server, and confirm that the user is replicated on the second server.
delete the user on the first server, and confirm that the user is deleted on the second server
These steps will confirm whether the Oracle Snapshot replication is working properly.
In a multi-master replication scenario, perform both steps in both directions.
1. Open a terminal window on each server.
2. Log in as root.
3. Check the active user count on each server (they should match).
4. Switch to Oracle user:
su - oracle
5. Access SQLPLUS
sqlplus
r6
r6
6. At the sql prompt, type:
select count (*) from usr where status = 'A';
7. Start the Service Manager client from your PC and add a user:
a) Highlight the organization.
b) Click the Add User button.
c) Set the Username, Login Name, and Password to test1
d) Click Create.
e) Click OK to save the changes.
8. Confirm that the user count on the first server has been incremented by 1.
9. Confirm that the user count on the second server has been incremented by 1 also. (It may take a couple of minutes for the change to display.)
10. Delete the test1 user you just created:
a) Highlight the organization.
b) Click the Find Users button.
c) For the search criteria, use Login Name = test1 and click Search.
d) Highlight the row for user test1.
e) Right click and select Delete to delete the user.
11. Confirm that the user count on the first server has been dropped by 1.
12. Confirm that the user count on the second server has been dropped by 1 also. (It may take a couple of minutes for the change to display.)
Page 22 April 19, 2023
Bridgewater ATP Version 1.0
Test the installationIn this section, you will find instructions to:
configure a PSDN
create the DEFAULT Service Profile
configure Profiles and a User
Create a Gold User Profile Set
Create a Gold User
configure and run tracetool
run radtest
view accounting records
verify RADIUS operation using radtest
verify tracetool operation using radtest
verify radpet operation
verify the monitoring operation
verify the Oracle backup operation
verify accounting flat file operation
verify the SNMP query functions
verify system operation after a reboot
Configure a PDSNUse the Service Manager to configure the PDSN for a CDMA environment:
1. Start the Service Manager and log in as root.
2. Click the System tab.
3. Select File>New>PDSN.
4. Type the following information in the fields:
Field Value
IP Address IP address of your server
Name Host name of the server
Description Leave blank
Shared Secret SECRET
Vendor Name RFC2138
Model Name Leave blank
Number of Sessions 100
Timezone GMT
5. Click OK.
6. Click Yes when the Save dialog is displayed.
April 19, 2023 Page 23
Bridgewater ATP Version 1.0
7. Click Apply Changes to apply the new PDSN to the system.
Page 24 April 19, 2023
Bridgewater ATP Version 1.0
Create the DEFAULT Service ProfileUse the Service Manager to create the DEFAULT Service Profile before you create the Organizational Profile Set.
1. Click the Service tab.
2. Highlight the Root Organization.
3. Select File>New>Service>Profile.
4. In the New Profile Set dialog box, use the following values:
Field Value
Service Profile Name DEFAULT
Service Class Name RADIUS Connection Service
5. Click Create.
6. In the right pane, select Root Organization>Service Profiles>Connection Services>Default.
7. In the Default Edit Mode dialog box, click the Attribute Information tab and use the following values:
Field Value
Vendor Availability tab RFC2138
Attribute Availability tab Allow All
8. Click OK.
9. Click Yes to save the changes.
April 19, 2023 Page 25
Bridgewater ATP Version 1.0
Configure Profiles and a UserUse the Service Manager to create the Organization Profile set, User Profile Sets, and Users.
1. Click the Service tab.
2. Highlight the Root Organization.
3. Select File>New>Profile Set.
4. In the New Profile Set dialog box, use the following values:
Field Value
Name <profile set name>
Profile Set Type Organization
5. Click Create.
6. In the New Profile Set dialog box, select DEFAULT under the Connection Services.
7. Click Add.
8. Click OK.
9. In the Save dialog box, click Yes.
10. Select File>New>Organization.
11. In the Add Organization dialog box, use the following values:
Field Value
Organization Name <name of the organization>
Association Domain Create New
New Domain Name <name of the new domain>
Profile Set <profile set name used in Step 4.
12. Click Create.
A message is displayed to indicate that the new Profile Set has been created successfully.
13. Click OK to close the dialog box.
14. In the right pane, right-click the new organization you just created and select Edit.
15. In the organization dialog box, use the following values:
Field Value
Left pane DEFAULT
Dictionary Attributes Session-Timeout
Attribute Name value 14400
16. Click Add.
17. Click OK to close the dialog box for the new organization.
18. In the Save dialog box, click Yes.
Page 26 April 19, 2023
Bridgewater ATP Version 1.0
Create a Gold User Profile Set in the organization you just created1. In the left pane, select the organization you created in the previous procedure.
2. Select File>New>Profile Set.
3. In the New Profile Set dialog box, use the following values:
Field Value
Name Gold
Profile Set Type User
4. Click Create.
5. In the New Profile Set dialog box, select DEFAULT under the Connection Services.
6. Click Add.
7. Click OK.
8. In the Save dialog box, click Yes.
9. In the Gold – Edit Mode dialog box, use the following values:
Field Value
Right pane DEFAULT
Click the Service Profile (DEFAULT) tab.
Dictionary Attributes Idle-Timeout
Attribute Name value 3600
10. Click Add.
11. From the Dictionary Attributes, select Session Timeout.
12. Set the Attribute Name value to 14400.
13. Click Add.
14. Click OK.
15. In the Save dialog box, click Yes.
Create a Gold User1. In the left pane, select the organization you created.
2. Select File>New>User.
3. For the Username, Login Name, and Password, type golduser.
4. From the Profile Set dropdown menu, select Gold.
5. Click Create.
6. The New Entity dialog box is displayed with the message “golduser has been created successfully.”
7. In the left pane, select the DEFAULT Connection Service. On the right side of the display, the Attributes in Effect should show:
April 19, 2023 Page 27
Bridgewater ATP Version 1.0
Idle Timeout 3600
Session Timeout 14400
Click OK to close the dialog box.
Page 28 April 19, 2023
Bridgewater ATP Version 1.0
Configure and run tracetoolThe RADIUS tracetool enables you to monitor RADIUS communication with NASs and other RADIUS Servers. Use this tool to view incoming RADIUS packets.
The tracetool utility connects to the RADIUS Server as a client. You can run tracetool on the same host machine as the RADIUS Server or on a remote machine connected via TCP/IP.
Add a tracetool client
Edit the traceclients file to add a traceclient for the IP address of the machine that runs tracetool. Use the IP address of the machine where the AAA Service Controller software is installed.
The traceclients file is located in /Widespan/config/radius/traceclients.
Below is an example of a traceclients file:
#PORT 30000
#TRACEBIND 192.148.143.2
#CONNECTIONS 4
#TRACECLIENT 192.148.123.67
#TRACECLIENT 192.148.123.68
TRACECLIENT 192.168.161.36
After you have edited the traceclients file, you must send the RADIUS Server a HUP signal so that it can reread the TRACECLIENT fields:
pkill -HUP radiusd
If you changed the PORT or TRACEBIND fields, you must restart the RADIUS Server.
Start tracetool
Note: You must start tracetool before you run radtest.
1. As the widespan user, move to the tracetool directory:
su – widespan
cd /Widespan/testtools/
2. Run tracetool:
./tracetool –f filter.cfg –h <server_address>
To stop tracetool, press crtl+c.
April 19, 2023 Page 29
Bridgewater ATP Version 1.0
Run radtestThe radtest utility simulates a PDSN requesting authentication from the RADIUS Server.
In this test, you will:
run the radtest utility as the gold user
run radtest to mimic a full RADIUS session
The example of radtest in this section prompts you three times to press Enter:
to send the Access-Request message
to send the Acct-Start message
to send the Acct-Stop message
Note: Use the IP Address of the machine where the AAA Service Controller software is installed.
Before you run the radtest example in this section, telnet to the AAA Service Controller server and run the following command to view the incoming logs:
tail -100f /var/adm/messages
This will enable you to view the logs for the Authentication Request, the Accounting Start, and the Accounting Stop records.
Open a second telnet session to complete the following steps:
Log in as the widespan user to the Solaris Server where the AAA Service Controller is installed, for example:
telnet hostname202
Move to the radtest directory:
cd /Widespan/testtools/radtest
Type the following command:
./radtest -Uv 192.168.161.36 SECRET User-Name=golduser User-Password=golduser NAS-Port=1
The following output is displayed:
RADIUS
IP address : 192.168.161.36
Auth UDP Port: 1812
Acct UDP Port: 1813
User Interact: disabled
Timeout Intvl: 120
Retry Count: 1
Acct Wait Int: 0
Page 30 April 19, 2023
Bridgewater ATP Version 1.0
Press Enter to send the Authentication Request. The following output is displayed:
Sending Authentication Request (1:1) Sent
Using Request Authenticator:
e4.36.61.3e.f1.69.3c.2d.83.55.cf.c2.86.9c.3b.94
User-Name = “golduser”
User-Password = “golduser”
NAS-Port=1
ready to receive RADIUS auth response (1:1)
Access Accepted - time = 1 seconds
total time is >149< ms
Class =
"42.57.53.0.1.0.e.2f.0.16.0.2.3.7.1.0.0.0.f.7.3.0"
The following log message is generated in the /var/adm/messages file:
Aug 13 14:57:19 kansparc321 radiusd[478]: [ID 559039 local7.info] INFO RADOP(102) auth for golduser from 192.168.167.1[5=1;] accepted with service: DEFAULT
The following is the tracetool output:
========================================================== =====================
| Request Type | Req Initiator IP | R.I.Port | Req Handler IP | R.H.Port |
| Access Request| 192.168.161.36| 54022| 192.168.167.1| 1812|
========================================================== =====================
| Timestamp | Direction | Thread ID | Req ID | Vendor ID | # of Attr |
|17:13:30 27-Oct-2006| IN| 51| 1| 0| 3|
========================================================== =====================
| Authenticator | Tracking ID |
| e4.36.61.3e.f1.69.3c.2e.8e.55.cf.c2.86.9c.3b.94| 1|
========================================================== =====================
[ 1] <User-Name>=(golduser) 8Byte
---------------------------------------------------------- ---------------------
April 19, 2023 Page 31
Bridgewater ATP Version 1.0
[ 2] <User-Password>=(db.32.13.bf.0a.5b.16.5c.e9.3b.f8.a0.37.9d .32.8a) 16Byte
---------------------------------------------------------- ---------------------
[ 5] <NAS-Port>=(1) 4Byte
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~
========================================================== =====================
| Request Type | Req Initiator IP | R.I.Port | Req Handler IP | R.H.Port |
| Access Accept| 192.168.167.1| 54022| 192.168.167.1| 1812|
========================================================== =====================
| Timestamp | Direction | Thread ID | Req ID | Vendor ID | # of Attr |
|17:13:30 27-Oct-2006| OUT| 51| 1| 0| 6|
========================================================== =====================
| Authenticator | Tracking ID |
| de.fb.be.50.29.87.87.9f.2e.39.20.7.fc.e2.68.4d| 1|
========================================================== =====================
[ 6] <Service-Type>=(Framed) 4Byte
---------------------------------------------------------- ---------------------
[ 7] <Framed-Protocol>=(PPP) 4Byte
---------------------------------------------------------- ---------------------
[ 8] <Framed-IP-Address>=(255.255.255.254) 4Byte
---------------------------------------------------------- ---------------------
[ 25] <Class>=(42.57.53.00.01.00.0e.2f.00.16.00.02.03.07.01.00.0 0.00.59.07.03.00) 22Byte
---------------------------------------------------------- ---------------------
[ 27] <Session-Timeout>=(14400) 4Byte
---------------------------------------------------------- ---------------------
Page 32 April 19, 2023
Bridgewater ATP Version 1.0
Press Enter to send the Accounting Start Request. The following output is displayed:
Sending Accounting start Request (3:1)... Sent
ready to receive RADIUS acct start response (3:1)
Received Accounting start Response - time = 0 seconds
START REQ: total time is >4< ms
The following log message is generated in the /var/adm/messages file:
Aug 13 14:46:20 <hostname>radiusd[478]: [ID 664437 local7.info] INFO RADOP(13) acct start for golduser (IP=10.168.152.2) from 192.168.167.1[5=1;] recorded OK.
The following is the tracetool output:
========================================================== =====================
| Request Type | Req Initiator IP | R.I.Port | Req Handler IP | R.H.Port |
| Accounting Request| 192.168.167.1| 54022| 192.168.167.1| 1813|
========================================================== =====================
| Timestamp | Direction | Thread ID | Req ID | Vendor ID | # of Attr |
|17:14:08 27-Oct-2006| IN| 35| 3| 0| 6|
========================================================== =====================
| Authenticator | Tracking ID |
| d9.a9.71.57.20.9f.18.73.b0.d8.af.8a.8d.80.2a.5a| 2|
========================================================== =====================
[ 1] <User-Name>=(golduser) 8Byte
---------------------------------------------------------- ---------------------
[ 5] <NAS-Port>=(1) 4Byte
---------------------------------------------------------- ---------------------
[ 8] <Framed-IP-Address>=(10.168.167.1) 4Byte
---------------------------------------------------------- ---------------------
[ 25] <Class>=(42.57.53.00.01.00.0e.2f.00.16.00.02.03.07.01.00.0 0.00.59.07.03.00) 22Byte
April 19, 2023 Page 33
Bridgewater ATP Version 1.0
---------------------------------------------------------- ---------------------
[ 40] <Acct-Status-Type>=(Start) 4Byte
---------------------------------------------------------- ---------------------
[ 44] <Acct-Session-Id>=(45423E3A-5F49A-0-1) 18Byte
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~
========================================================== =====================
| Request Type | Req Initiator IP | R.I.Port | Req Handler IP | R.H.Port |
|Accounting Response| 192.168.167.1| 54022| 192.168.167.1| 1813|
========================================================== =====================
| Timestamp | Direction | Thread ID | Req ID | Vendor ID | # of Attr |
|17:14:08 27-Oct-2006| OUT| 35| 3| 0| 0|
========================================================== =====================
| Authenticator | Tracking ID |
| 93.c4.4c.44.d8.96.5e.a3.9d.5a.a0.39.e7.8a.a7.83| 2|
========================================================== =====================
Page 34 April 19, 2023
Bridgewater ATP Version 1.0
Press Enter to send the Accounting Stop Request. The following output is displayed:
Sending Accounting stop Request (4:1)... Sent
ready to receive RADIUS acct stop response (4:1)
Received Accounting stop Response - time = 0 seconds
STOP REQ: total time is >18< ms
==================== Final Result ======================
Request Rate: 0.0227273 Cycles/Sec
Call-Check(auth) : Success = 0, Failures = 0
Authentication : Success = 1, Failures = 0, Min = 149, Max = 149, Avg = 149
Accounting Start: Success = 1, Min = 4, Max = 4, Avg = 4
Accounting Stop: Success = 1, Min = 18, Max = 18, Avg = 18
Overall Cycle : Success = 1/1, Min = 171, Max = 171, Avg = 171
Cycles per Sec. : 5.8479532
The following log message is generated in the /var/adm/messages file:
Aug 13 14:58:20 <hostname> radiusd[478]: [ID 664437 local7.info] INFO RADOP(13) acct stop for golduser (IP=10.168.152.2) from 182.168.152.2[5=1;] recorded OK.
The following is the tracetool output:
========================================================== =====================
| Request Type | Req Initiator IP | R.I.Port | Req Handler IP | R.H.Port |
| Accounting Request| 192.168.167.1| 54022| 192.168.167.1| 1813|
========================================================== =====================
| Timestamp | Direction | Thread ID | Req ID | Vendor ID | # of Attr |
|17:14:37 27-Oct-2006| IN| 51| 4| 0| 12|
========================================================== =====================
| Authenticator | Tracking ID |
| a6.17.65.f6.a3.58.35.8f.a6.15.97.35.31.88.e7.61| 3|
========================================================== =====================
[ 1] <User-Name>=(golduser) 8Byte
April 19, 2023 Page 35
Bridgewater ATP Version 1.0
---------------------------------------------------------- ---------------------
[ 5] <NAS-Port>=(1) 4Byte
---------------------------------------------------------- ---------------------
[ 8] <Framed-IP-Address>=(10.168.167.1) 4Byte
---------------------------------------------------------- ---------------------
[ 25] <Class>=(42.57.53.00.01.00.0e.2f.00.16.00.02.03.07.01.00.0 0.00.59.07.03.00) 22Byte
---------------------------------------------------------- ---------------------
[ 40] <Acct-Status-Type>=(Stop) 4Byte
---------------------------------------------------------- ---------------------
[ 44] <Acct-Session-Id>=(45423E3A-5F49A-0-1) 18Byte
---------------------------------------------------------- ---------------------
[ 46] <Acct-Session-Time>=(67) 4Byte
---------------------------------------------------------- ---------------------
[ 49] <Acct-Terminate-Cause>=(554068) 4Byte
---------------------------------------------------------- ---------------------
[ 42] <Acct-Input-Octets>=(3456) 4Byte
---------------------------------------------------------- ---------------------
[ 43] <Acct-Output-Octets>=(7345) 4Byte
---------------------------------------------------------- ---------------------
[ 47] <Acct-Input-Packets>=(101) 4Byte
---------------------------------------------------------- ---------------------
[ 48] <Acct-Output-Packets>=(202) 4Byte
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~
========================================================== =====================
| Request Type | Req Initiator IP | R.I.Port | Req Handler IP | R.H.Port |
|Accounting Response| 192.168.167.1| 54022| 192.168.167.1| 1813|
Page 36 April 19, 2023
Bridgewater ATP Version 1.0
========================================================== =====================
| Timestamp | Direction | Thread ID | Req ID | Vendor ID | # of Attr |
|17:14:37 27-Oct-2006| OUT| 51| 4| 0| 0|
========================================================== =====================
| Authenticator | Tracking ID |
| eb.58.d5.b5.20.db.31.c8.93.1f.b7.20.72.a9.ac.ab| 3|
========================================================== =====================
View accounting recordsAfter you have successfully run the radtest example as the gold user, you have accounting records generated into flat files. The configuration in the acctfwk.xml file indicates the location of the flat files. By default, the location is /WideSpan/acctfwk/accountingfiles.
To view the contents of the accounting flat files:
Log in as root to the Solaris Server where the Accounting Framework is installed.
Note: The Accounting Framework is installed on both the client and server side, and the exact procedure to follow depends on your system architecture and whether flat files and correlated records are created locally or remotely.
For example:
telnet hostname202
Move to the destination directory for the flat files, for example:
cd /Widespan/acctfwk/accountingfiles
The Accounting Framework creates a filename using the current date and time. You can view
this text file using a text editor. Here's an example command for viewing a file:
more 2004-08-18.13:35:33.000000
April 19, 2023 Page 37
Bridgewater ATP Version 1.0
Verify RADIUS operation using radtestYou can check the proper operation of RADIUS by sending an authentication request from one server to another.
1. Add a user with login name and password set to atp to the system.
2. Open a terminal on each server for monitoring the oplog:
tail -100f /Widespan/logs/oplog
3. Open a terminal on each server for monitoring the messages log:
tail -100f /var/adm/messages
4. In the Service Manager, add a test user for use with radtest.
5. Open a window on the first server as root and run a radtest (using the correct IP and domain):
su - widespan
tcsh
cd /Widespan/testtools/radtest
./radtest -v -t 5 U -p 1812 x.x.x.x SECRET User-Name="[email protected]" User-Password="atp" NAS-IP-Address=3.3.3.3 Calling-Station-ID=3334445555 Framed-IP-Address=77.77.77.77
6. Make sure the radtest was successful. The oplog should show three lines:
(1) auth accepted with service DEFAULT
(2) acct start
(3) acct stop
7. Make sure there are no errors in /var/adm/messages.
8. Run the same command on the second server, pointing to the first server.
Verify tracetool operation using radtestYou can check the proper operation of tracetool by running radtest and confirming that the data can be captured using tracetool.
1. Review the traceclients configuration, which is in /Widespan/config/radius/traceclients.
2. Create a tracetool filter:su - widespan
tcsh
cd /tmp
vi filter.cfg
3. Add the following to the filter:TARGET
LOG=SCREEN
4. Start the tracetool with the following command:
/Widespan/testtools/tracetool/tracetool -f ./filter.cfg -h <server_address>
5. Also check the tracetool operation from the other server, using the same command.
Page 38 April 19, 2023
Bridgewater ATP Version 1.0
6. In a separate window, run some radtests to confirm that the tracetool is capturing the data.
April 19, 2023 Page 39
Bridgewater ATP Version 1.0
Verify radpet operationUse this procedure to check the proper operation of the radpet tool and the configured policy files.
Run a test for a user that should be accepted, as well as one for a user that should be rejected. Check the proper policy routing for each user.
Run the following commands on both the first and second server:
su - widespan
tcsh
cd /tmp
/Widespan/radius/radpet -i <IP_address> -t auth [email protected]
/Widespan/radius/radpet -i <IP_address> -t auth [email protected]
Verify the monitoring operationUse this procedure to check the proper operation of monitoring tool and the status of the system.
1. Log in as root.
2. Make sure the monitor runs clean and that all processes are running without errors:
/Widespan/mon/monitor.pl
Verify the Oracle backup operationUse this procedure to check that the Oracle backups are running properly.
1. Log in as root.
2. Switch to Oracle user:
su - oracle
crontab -l
3. Review the following:
a) crontab entry exists for Oracle backup
b) backup type and frequency
c) backup run time (should be set to off-hours)
d) mechanism in place to trim the backups and the archive log files
e) backup config file
f) backup location
g) confirm backups exists in backup location
h) confirm trimming is operational by examining backup file dates
Page 40 April 19, 2023
Bridgewater ATP Version 1.0
Verify accounting flat file generationUse this procedure to verify that CDR flat files are being generated, based on the Acounting Framework configuration file (/Widespan/config/acctfwk.xml) and the vendor configuration file (/Widespan/config/radius/vendors.xml).
1. Review the flat file configuration and generation criteria in the /Widespan/config/acctfwk.xml file.
2. Navigate to the flat file location and check that there is a flat file running.
3. Navigate to the archive location and check that there are historical flat files.
4. Review the closed flat file maintenance mechanism in the /Widespan/custom/bws_maintenance.sh file.
Verify SNMP query functionsUse this procedure to make sure that you can perform an SNMP query on each server by testing the functionality of the walkrad and getone tools.
1. Log in as root.
2. Test the walkrad tool on each server:su - widespan
tcsh
/Widespan/radius/walkrad -er -i <IP_address> -p 161 -c string
3. Test the getone tool on each server:
a. Thread count: /Widespan/snmp/bin/getone/-v1 <IP_address> string 1.3.6.1.4.1.3631.2.1.2.1.1.0
b. Thread usage: /Widespan/snmp/bin/getone/-v1 <IP_address> string 1.3.6.1.4.1.3631.2.1.2.1.2.0
c. Max thread usage: /Widespan/snmp/bin/getone/-v1 <IP_address> string 1.3.6.1.4.1.3631.2.1.2.1.3.0
Verify system operation after a reboot1. Check the logs for any boot or daemon startup errors.
2. Make sure all processes started (using the monitoring function).
3. Check that the Service Manager is accessible.
4. Make sure that RADIUS is processing data on each server (using radtest).
5. Reboot each server in turn (not simultaneously):
a. Log in as root.
b. Reboot the server: /etc/shutdown -g0 -i6 -y
c. When the server is back up, check the message directory for errors: tail -100f /var/adm/messages
d. When the server has finished rebooting and the daemons appear to be back up, run the monitor to make sure the server runs properly: /Widespan/mon/monitor.pl
6. On the first server, log in to the Service Manager and make sure that it is functioning properly.
April 19, 2023 Page 41
Bridgewater ATP Version 1.0
7. Run a radtest from the second server and check that there is a proper response. Verify the logs for any errors.
8. Repeat steps 6 and 7 with the opposite server.
Page 42 April 19, 2023
Bridgewater ATP Version 1.0
Appendix AThis appendix provides information for checking functionality that is optional. Use this part of the document to add functionality to be tested on an as-required basis.
Note: Delete the sections that do not apply before asking the customer to sign off on the Acceptance Test agreement.
Middleware ServerThe Middleware Service supports all Service Manager clients. The Middleware Service opens a new database connection every time a Service Manager window or form is opened. The maximum number of connections is set in the middleware-service.xml file.
When the maximum number of connections is reached, Service Manager administrators are not able to open any windows until a connection is freed. If Service Manager clients frequently use up all available connections, it may be necessary to increase the maximum number of connections.
Below are the most common commands for Middleware Server. For more information, see the Service Manager User Guide.
To access the configuration file for editing, type:
/Widespan/middleware/middleware.properties
To start or stop the daemon, type:
/etc/init.d/wsmwserver start or /etc/init.d/wsmwserver stop
To check the log file, type:
tail -100f /Widespan/logs/mwserver.log
To verify that the processes are running, type:
ps –ef|grep mid
Verify the Middleware process
To make sure that the Middleware daemon stops and starts correctly, run the following commands.
1. Log in as root.
13. Stop Middleware:/etc/init.d/wsmwserver stop
14. Open a second window to monitor the Middleware log:tail -100f /Widespan/logs/mwserver.log
15. In the first window, start Middleware:/etc/init.d/wsmwserver start
16. Open a browser to the Web server root:http://[web_URL]
17. Confirm in the Middleware log that the daemon starts up. You should see "Listening on port 6100" at the end of the log.
April 19, 2023 Page 43
Bridgewater ATP Version 1.0
Web and FTP ServerThe Web and FTP Servers are primarily intended for publishing and hosting users’ web sites.
The Web Server is also installed on AAA Service Controllers to host web-based provisioning clients, such as User Self-Administration and User Self-Registration and to support database access for the Service Manager and Delegated Administration Manager.
Below are the most common commands for Web and FTP Server. For more information, see the Web and FTP Server User Guide.
To access the configuration file for editing, type:
/Widespan/config/http/httpsd.conf
To start or stop the daemon, type:
/etc/init.d/wshttpd start or /etc/init.d/wshttpd stop
To check the access log file, type:
tail -100f /Widespan/logs/httpsd_access_log
To check the error log file, type:
tail -100f /Widespan/logs/httpsd_error_log
To verify that the processes are running, type:
ps –ef|grep http
Verify the Web server process
To make sure that the Web server stops and starts properly and is operational, run the following commands.
1. Log in as root.
18. Stop the Web server:/etc/init.d/wshttpd stop
19. Start the Web server:/etc/init.d/wshttpd start
20. Open a browser to the Web server root:http://[web_URL]
21. Confirm that you can navigate to the updater directory, and that you can download the Service Manager client (setup.exe).
DHCP Server (Client Configuration)A DHCP Client is any network device that requires an IP address, such as a personal computer. Each DHCP Client is represented by a user account in the Service Manager.
The DHCP Server can model the client using the client’s IP address, host name, or identifier (usually the MAC address). This determines how the user account models the login name.
Page 44 April 19, 2023
Bridgewater ATP Version 1.0
Application Authorization Server (AppAuth)The Application Authorization Server (AppAuth) allows third-party network applications to use the central user repository in the AAA Service Controller for user authorization. These network applications can retrieve user-specific profile information from the AAA Service Controller.
The AAA Service Controller database provides a centralized repository for profile information. Using the Service Manager GUI, an administrator provisions each third-party application that a user can access
LDAP IntegrationThe LDAP Interface transfers user and service profile data automatically between the AAA Service Controller and the web browser server.
This bi-directional data flow-through allows administrators to make changes, such as adding or changing user accounts, in either system. These changes are automatically transferred from one system to the other. For example, administrators can suspend a user in the LDAP directory and this user is automatically suspended in the AAA Service Controller database.
RADIUS ProxyThe Bridgewater RADIUS Server can act as a proxy for authentication and accounting requests by forwarding messages from the NAS to a remote RADIUS server. Define separate target servers for authentication and accounting.
System Monitoring (Monitoring Utility – BWSbmon)Bridgewater provides several facilities for monitoring and troubleshooting components in the Bridgewater Systems product suite, including the:
The Monitoring Facility monitors processes and system state but can also monitor log files for specific message patterns. When the Monitoring Facility detects an exception condition, it sends an alert message by email, SNMP trap, or both.
The Logging Framework provides a consistent mechanism for handling log messages across Bridgewater application components. The Logging Framework focuses exclusively on log messages and selectively routes messages to different files, the syslog daemon, or SNMP traps, based on the source application and the message priority.
Session State Register (SSR)The Session State Register (SSR) enables network applications, such as WAP, Push-To-Talk, and MMS servers, to authenticate a user against the Bridgewater Systems AAA Service Controller, based on the user IP Address. The user is authenticated once against the AAA Service Controller when they start a data session, and the user information is stored in the SSR dynamic RMS database until such time as the session is terminated by the AAA Service Controller.
As the user accesses various applications on the network, applications can retrieve the user information by querying the SSR, which maps the user IP address to a user profile. Each application can then perform its own authentication, authorization or billing based on the retrieved user profile. The SSR supports both CDMA and GSM, as well as both IPv4 and IPv6.
April 19, 2023 Page 45
Bridgewater ATP Version 1.0
Prepaid Integrator (PPI)The Prepaid Integrator, along with your billing system, the AAA Service Controller, and the Resource Management Server (RMS) enables prepaid and postpaid/ subscription services.
Below are the most common commands for Web and FTP Server. For more information, see the Prepaid Integrator Solution Guide.
To access the configuration file for editing, type:
/Widespan/config/prepaid/pps-config.xml
To start or stop the daemon, type:
/etc/init.d/wspps start or /etc/init.d/wspps stop
To check the messages log file, type:
tail -100f /var/adm/messages
To check the prepaid services log file, type:
tail -100f /Widespan/logs/ppslog
To check the lightbridge log file, type:
tail -100f /Widespan/logs/lightbridge.log
To verify that the processes are running, type:
ps –ef|grep pps
Prepaid operation
Typical tasks for verifying the prepaid operation are:
set up Service Profiles
set up User Profile Sets
create test Users
local authentication and accounting for test Users (using radtest)
remote authentication and accounting for test Users (using radtest)
authentication and accounting for test Users (from PDSN)
check the logs: /Widespan/logs/oplog
Page 46 April 19, 2023
Bridgewater ATP Version 1.0
Postpaid operation
Typical tasks for verifying the postpaid operation are:
set up Service Profiles
set up User Profile Sets
create test Users
local authentication and accounting for test Users (using radtest)
remote authentication and accounting for test Users (using radtest)
authentication and accounting for test Users (from PDSN)
check the logs: /Widespan/logs/oplog
check accounting output to flat file (local radtest)
check accounting output to flat file (remote radtest)
check accounting output to flat file (PDSN)
CALEA ControllerThe CALEA Controller is a secure standalone server that stores and maintains information related to all intercept targets under surveillance.
The CALEA Controller integrates into your network, operating with multiple SS8 Xcipio platforms, the AAA Service Controller, and the Session State Register.
The CALEA Controller package is "BWSwscal".
Calea TimesTen database
The CALEA Controller uses a 32-bit TimesTen database (other Bridgewater products use a 64-bit one). The CALEA database package is "BWSwstt32".
The TimesTen setup script for the CALEA Controller differs slightly from the regular TimesTen setup script.
For detailed instructions about installing the CALEA Controller, see the Bridgewater Installation Guide.
April 19, 2023 Page 47
Bridgewater ATP Version 1.0
Installation Acceptance FormThe undersigned hereby certifies the completion of the Installation Acceptance Test Plan and acceptance of the Bridgewater products.
It is understood that further configuration and testing will continue, but that the product has been successfully installed and is available for normal use.
Date:
Location:
Product Release:
Bridgewater Engineer:
For and on behalf of:
Organization
Name
Signature
Page 48 April 19, 2023