831 lines
26 KiB
Plaintext
831 lines
26 KiB
Plaintext
# -*- text -*-
|
|
# Copyright (C) 2011 The FreeRADIUS Server project and contributors
|
|
#
|
|
# Non Protocol Attributes used by FreeRADIUS
|
|
#
|
|
# $Id: b830d56623fc3aad78122fa6af04ce66416123b6 $
|
|
#
|
|
|
|
# The attributes number ranges are allocates as follows:
|
|
#
|
|
# Range: 500-999
|
|
# server-side attributes which can go in a reply list
|
|
|
|
# These attributes CAN go in the reply item list.
|
|
ATTRIBUTE Fall-Through 500 integer
|
|
ATTRIBUTE Relax-Filter 501 integer
|
|
ATTRIBUTE Exec-Program 502 string
|
|
ATTRIBUTE Exec-Program-Wait 503 string
|
|
|
|
# These attributes CANNOT go in the reply item list.
|
|
|
|
#
|
|
# Range: 1000+
|
|
# Attributes which cannot go in a reply list.
|
|
#
|
|
#
|
|
# Range: 1000-1199
|
|
# Miscellaneous server attributes.
|
|
#
|
|
#
|
|
# Non-Protocol Attributes
|
|
# These attributes are used internally by the server
|
|
#
|
|
ATTRIBUTE Auth-Type 1000 integer
|
|
ATTRIBUTE Menu 1001 string
|
|
ATTRIBUTE Termination-Menu 1002 string
|
|
ATTRIBUTE Prefix 1003 string
|
|
ATTRIBUTE Suffix 1004 string
|
|
ATTRIBUTE Group 1005 string
|
|
ATTRIBUTE Crypt-Password 1006 string
|
|
ATTRIBUTE Connect-Rate 1007 integer
|
|
ATTRIBUTE Add-Prefix 1008 string
|
|
ATTRIBUTE Add-Suffix 1009 string
|
|
ATTRIBUTE Expiration 1010 date
|
|
ATTRIBUTE Autz-Type 1011 integer
|
|
ATTRIBUTE Acct-Type 1012 integer
|
|
ATTRIBUTE Session-Type 1013 integer
|
|
ATTRIBUTE Post-Auth-Type 1014 integer
|
|
ATTRIBUTE Pre-Proxy-Type 1015 integer
|
|
ATTRIBUTE Post-Proxy-Type 1016 integer
|
|
ATTRIBUTE Pre-Acct-Type 1017 integer
|
|
|
|
#
|
|
# This is the EAP type of authentication, which is set
|
|
# by the EAP module, for informational purposes only.
|
|
#
|
|
ATTRIBUTE EAP-Type 1018 integer
|
|
ATTRIBUTE EAP-TLS-Require-Client-Cert 1019 integer
|
|
ATTRIBUTE EAP-Id 1020 integer
|
|
ATTRIBUTE EAP-Code 1021 integer
|
|
ATTRIBUTE EAP-MD5-Password 1022 string
|
|
ATTRIBUTE PEAP-Version 1023 integer
|
|
ATTRIBUTE Client-Shortname 1024 string virtual
|
|
ATTRIBUTE Load-Balance-Key 1025 string
|
|
ATTRIBUTE Raw-Attribute 1026 octets
|
|
ATTRIBUTE TNC-VLAN-Access 1027 string
|
|
ATTRIBUTE TNC-VLAN-Isolate 1028 string
|
|
ATTRIBUTE User-Category 1029 string
|
|
ATTRIBUTE Group-Name 1030 string
|
|
ATTRIBUTE Huntgroup-Name 1031 string
|
|
ATTRIBUTE Simultaneous-Use 1034 integer
|
|
ATTRIBUTE Strip-User-Name 1035 integer
|
|
ATTRIBUTE Hint 1040 string
|
|
ATTRIBUTE Pam-Auth 1041 string
|
|
ATTRIBUTE Login-Time 1042 string
|
|
ATTRIBUTE Stripped-User-Name 1043 string
|
|
ATTRIBUTE Current-Time 1044 string
|
|
ATTRIBUTE Realm 1045 string
|
|
ATTRIBUTE No-Such-Attribute 1046 string
|
|
ATTRIBUTE Packet-Type 1047 integer virtual
|
|
ATTRIBUTE Proxy-To-Realm 1048 string
|
|
ATTRIBUTE Replicate-To-Realm 1049 string
|
|
ATTRIBUTE Acct-Session-Start-Time 1050 date
|
|
ATTRIBUTE Acct-Unique-Session-Id 1051 string
|
|
ATTRIBUTE Client-IP-Address 1052 ipaddr virtual
|
|
ATTRIBUTE Ldap-UserDn 1053 string
|
|
ATTRIBUTE NS-MTA-MD5-Password 1054 string
|
|
ATTRIBUTE SQL-User-Name 1055 string
|
|
ATTRIBUTE LM-Password 1057 octets
|
|
ATTRIBUTE NT-Password 1058 octets
|
|
ATTRIBUTE SMB-Account-CTRL 1059 integer
|
|
ATTRIBUTE SMB-Account-CTRL-TEXT 1061 string
|
|
ATTRIBUTE User-Profile 1062 string
|
|
ATTRIBUTE Digest-Realm 1063 string
|
|
ATTRIBUTE Digest-Nonce 1064 string
|
|
ATTRIBUTE Digest-Method 1065 string
|
|
ATTRIBUTE Digest-URI 1066 string
|
|
ATTRIBUTE Digest-QOP 1067 string
|
|
ATTRIBUTE Digest-Algorithm 1068 string
|
|
ATTRIBUTE Digest-Body-Digest 1069 string
|
|
ATTRIBUTE Digest-CNonce 1070 string
|
|
ATTRIBUTE Digest-Nonce-Count 1071 string
|
|
ATTRIBUTE Digest-User-Name 1072 string
|
|
ATTRIBUTE Pool-Name 1073 string
|
|
ATTRIBUTE Ldap-Group 1074 string
|
|
ATTRIBUTE Module-Success-Message 1075 string
|
|
ATTRIBUTE Module-Failure-Message 1076 string
|
|
# X99-Fast 1077 integer
|
|
ATTRIBUTE Rewrite-Rule 1078 string
|
|
ATTRIBUTE Sql-Group 1079 string
|
|
ATTRIBUTE Response-Packet-Type 1080 integer virtual
|
|
ATTRIBUTE Digest-HA1 1081 string
|
|
ATTRIBUTE MS-CHAP-Use-NTLM-Auth 1082 integer
|
|
ATTRIBUTE NTLM-User-Name 1083 string
|
|
ATTRIBUTE MS-CHAP-User-Name 1083 string
|
|
ATTRIBUTE Packet-Src-IP-Address 1084 ipaddr virtual
|
|
ATTRIBUTE Packet-Dst-IP-Address 1085 ipaddr virtual
|
|
ATTRIBUTE Packet-Src-Port 1086 integer virtual
|
|
ATTRIBUTE Packet-Dst-Port 1087 integer virtual
|
|
ATTRIBUTE Packet-Authentication-Vector 1088 octets virtual
|
|
ATTRIBUTE Time-Of-Day 1089 string
|
|
ATTRIBUTE Request-Processing-Stage 1090 string virtual
|
|
ATTRIBUTE SHA2-Password 1092 octets
|
|
ATTRIBUTE SHA-Password 1093 octets
|
|
ATTRIBUTE SSHA-Password 1094 octets
|
|
ATTRIBUTE SHA1-Password 1093 octets
|
|
ATTRIBUTE SSHA1-Password 1094 octets
|
|
ATTRIBUTE MD5-Password 1095 octets
|
|
ATTRIBUTE SMD5-Password 1096 octets
|
|
ATTRIBUTE Packet-Src-IPv6-Address 1097 ipv6addr virtual
|
|
ATTRIBUTE Packet-Dst-IPv6-Address 1098 ipv6addr virtual
|
|
ATTRIBUTE Virtual-Server 1099 string virtual
|
|
ATTRIBUTE Cleartext-Password 1100 string
|
|
ATTRIBUTE Password-With-Header 1101 string
|
|
ATTRIBUTE Inner-Tunnel-User-Name 1102 string
|
|
#
|
|
# EAP-IKEv2 is experimental.
|
|
#
|
|
ATTRIBUTE EAP-IKEv2-IDType 1103 integer
|
|
|
|
VALUE EAP-IKEv2-IDType IPV4_ADDR 1
|
|
VALUE EAP-IKEv2-IDType FQDN 2
|
|
VALUE EAP-IKEv2-IDType RFC822_ADDR 3
|
|
VALUE EAP-IKEv2-IDType IPV6_ADDR 5
|
|
VALUE EAP-IKEv2-IDType DER_ASN1_DN 9
|
|
VALUE EAP-IKEv2-IDType DER_ASN1_GN 10
|
|
VALUE EAP-IKEv2-IDType KEY_ID 11
|
|
|
|
ATTRIBUTE EAP-IKEv2-ID 1104 string
|
|
ATTRIBUTE EAP-IKEv2-Secret 1105 string
|
|
ATTRIBUTE EAP-IKEv2-AuthType 1106 integer
|
|
|
|
VALUE EAP-IKEv2-AuthType none 0
|
|
VALUE EAP-IKEv2-AuthType secret 1
|
|
VALUE EAP-IKEv2-AuthType cert 2
|
|
VALUE EAP-IKEv2-AuthType both 3
|
|
|
|
ATTRIBUTE Send-Disconnect-Request 1107 integer
|
|
ATTRIBUTE Send-CoA-Request 1107 integer
|
|
|
|
VALUE Send-CoA-Request No 0
|
|
VALUE Send-CoA-Request Yes 1
|
|
|
|
ATTRIBUTE Module-Return-Code 1108 integer virtual
|
|
|
|
VALUE Module-Return-Code reject 0
|
|
VALUE Module-Return-Code fail 1
|
|
VALUE Module-Return-Code ok 2
|
|
VALUE Module-Return-Code handled 3
|
|
VALUE Module-Return-Code invalid 4
|
|
VALUE Module-Return-Code userlock 5
|
|
VALUE Module-Return-Code notfound 6
|
|
VALUE Module-Return-Code noop 7
|
|
VALUE Module-Return-Code updated 8
|
|
|
|
ATTRIBUTE Packet-Original-Timestamp 1109 date
|
|
ATTRIBUTE SQL-Table-Name 1110 string
|
|
ATTRIBUTE Home-Server-Pool 1111 string
|
|
|
|
ATTRIBUTE FreeRADIUS-Client-IP-Address 1120 ipaddr
|
|
ATTRIBUTE FreeRADIUS-Client-IPv6-Address 1121 ipv6addr
|
|
# The rest of the FreeRADIUS-Client-* attributes are at 1150...
|
|
|
|
ATTRIBUTE FreeRADIUS-Client-Require-MA 1122 integer
|
|
|
|
VALUE FreeRADIUS-Client-Require-MA no 0
|
|
VALUE FreeRADIUS-Client-Require-MA yes 1
|
|
|
|
ATTRIBUTE FreeRADIUS-Client-Secret 1123 string
|
|
ATTRIBUTE FreeRADIUS-Client-Shortname 1124 string
|
|
ATTRIBUTE FreeRADIUS-Client-NAS-Type 1125 string
|
|
ATTRIBUTE FreeRADIUS-Client-Virtual-Server 1126 string
|
|
|
|
# For session resumption
|
|
ATTRIBUTE Allow-Session-Resumption 1127 integer
|
|
|
|
VALUE Allow-Session-Resumption no 0
|
|
VALUE Allow-Session-Resumption yes 1
|
|
|
|
ATTRIBUTE EAP-Session-Resumed 1128 integer
|
|
|
|
VALUE EAP-Session-Resumed no 0
|
|
VALUE EAP-Session-Resumed yes 1
|
|
|
|
#
|
|
# Expose EAP keys in the reply.
|
|
#
|
|
ATTRIBUTE EAP-MSK 1129 octets
|
|
ATTRIBUTE EAP-EMSK 1130 octets
|
|
|
|
#
|
|
# For send/recv CoA packets (like Auth-Type, Acct-Type, etc.)
|
|
#
|
|
ATTRIBUTE Recv-CoA-Type 1131 integer
|
|
ATTRIBUTE Send-CoA-Type 1132 integer
|
|
|
|
ATTRIBUTE MS-CHAP-Password 1133 string
|
|
ATTRIBUTE Packet-Transmit-Counter 1134 integer
|
|
ATTRIBUTE Cached-Session-Policy 1135 string
|
|
ATTRIBUTE MS-CHAP-New-Cleartext-Password 1136 string
|
|
ATTRIBUTE MS-CHAP-New-NT-Password 1137 octets
|
|
|
|
# For default policies
|
|
|
|
ATTRIBUTE Stripped-User-Domain 1138 string
|
|
ATTRIBUTE Called-Station-SSID 1139 string
|
|
|
|
VALUE Cache-Status-Only no 0
|
|
VALUE Cache-Status-Only yes 1
|
|
|
|
VALUE Cache-Merge no 0
|
|
VALUE Cache-Merge yes 1
|
|
|
|
VALUE Cache-Read-Only no 0
|
|
VALUE Cache-Read-Only yes 1
|
|
|
|
ATTRIBUTE OTP-Challenge 1145 string
|
|
ATTRIBUTE EAP-Session-Id 1146 octets
|
|
ATTRIBUTE Chbind-Response-Code 1147 integer
|
|
|
|
ATTRIBUTE Chbind-Response-Code 1147 integer
|
|
|
|
VALUE Chbind-Response-Code success 2
|
|
VALUE Chbind-Response-Code failure 3
|
|
|
|
#
|
|
# Server-side "listen type = foo"
|
|
#
|
|
ATTRIBUTE Listen-Socket-Type 1147 integer
|
|
|
|
VALUE Listen-Socket-Type none 0
|
|
VALUE Listen-Socket-Type status 0
|
|
VALUE Listen-Socket-Type proxy 1
|
|
VALUE Listen-Socket-Type auth 2
|
|
VALUE Listen-Socket-Type auth+acct 2
|
|
VALUE Listen-Socket-Type acct 3
|
|
VALUE Listen-Socket-Type detail 4
|
|
VALUE Listen-Socket-Type vmps 5
|
|
VALUE Listen-Socket-Type dhcp 6
|
|
VALUE Listen-Socket-Type control 7
|
|
VALUE Listen-Socket-Type coa 8
|
|
|
|
ATTRIBUTE Acct-Input-Octets64 1148 integer64
|
|
ATTRIBUTE Acct-Output-Octets64 1149 integer64
|
|
|
|
ATTRIBUTE FreeRADIUS-Client-IP-Prefix 1150 ipv4prefix
|
|
ATTRIBUTE FreeRADIUS-Client-IPv6-Prefix 1151 ipv6prefix
|
|
ATTRIBUTE FreeRADIUS-Response-Delay 1152 integer
|
|
ATTRIBUTE FreeRADIUS-Client-Src-IP-Address 1153 ipaddr
|
|
ATTRIBUTE FreeRADIUS-Client-Src-IPv6-Address 1154 ipv6addr
|
|
ATTRIBUTE FreeRADIUS-Response-Delay-USec 1155 integer
|
|
|
|
ATTRIBUTE REST-HTTP-Header 1160 string
|
|
ATTRIBUTE REST-HTTP-Body 1161 string
|
|
|
|
ATTRIBUTE Cache-Expires 1170 date
|
|
ATTRIBUTE Cache-Created 1171 date
|
|
ATTRIBUTE Cache-TTL 1172 signed
|
|
ATTRIBUTE Cache-Status-Only 1173 integer
|
|
ATTRIBUTE Cache-Merge 1174 integer
|
|
ATTRIBUTE Cache-Entry-Hits 1175 integer
|
|
ATTRIBUTE Cache-Read-Only 1176 integer
|
|
|
|
#
|
|
# Range: 1200-1279
|
|
# EAP-SIM (and other EAP type) weirdness.
|
|
#
|
|
# For EAP-SIM, some attribute definitions for database interface
|
|
#
|
|
ATTRIBUTE EAP-Sim-Subtype 1200 integer
|
|
|
|
ATTRIBUTE EAP-Sim-Rand1 1201 octets
|
|
ATTRIBUTE EAP-Sim-Rand2 1202 octets
|
|
ATTRIBUTE EAP-Sim-Rand3 1203 octets
|
|
|
|
ATTRIBUTE EAP-Sim-SRES1 1204 octets
|
|
ATTRIBUTE EAP-Sim-SRES2 1205 octets
|
|
ATTRIBUTE EAP-Sim-SRES3 1206 octets
|
|
|
|
VALUE EAP-Sim-Subtype Start 10
|
|
VALUE EAP-Sim-Subtype Challenge 11
|
|
VALUE EAP-Sim-Subtype Notification 12
|
|
VALUE EAP-Sim-Subtype Re-authentication 13
|
|
|
|
# this attribute is used internally by the client code.
|
|
ATTRIBUTE EAP-Sim-State 1207 integer
|
|
|
|
ATTRIBUTE EAP-Sim-IMSI 1208 string
|
|
ATTRIBUTE EAP-Sim-HMAC 1209 string
|
|
ATTRIBUTE EAP-Sim-KEY 1210 octets
|
|
ATTRIBUTE EAP-Sim-EXTRA 1211 octets
|
|
|
|
ATTRIBUTE EAP-Sim-Kc1 1212 octets
|
|
ATTRIBUTE EAP-Sim-Kc2 1213 octets
|
|
ATTRIBUTE EAP-Sim-Kc3 1214 octets
|
|
|
|
ATTRIBUTE EAP-Sim-Ki 1215 octets
|
|
ATTRIBUTE EAP-Sim-Algo-Version 1216 integer
|
|
|
|
#
|
|
# Range: 1280 - 1535
|
|
# EAP-type specific attributes
|
|
#
|
|
# These are used mostly for radeapclient, and aren't
|
|
# that useful for anyone else.
|
|
#
|
|
# egrep VALUE dictionary.freeradius.internal | grep EAP-Type | awk '{print "ATTRIBUTE EAP-Type-" $3 " " 1280+$4 " octets"}' > foo;./format.pl foo
|
|
#
|
|
ATTRIBUTE EAP-Type-Base 1280 octets
|
|
ATTRIBUTE EAP-Type-VALUE 1280 octets
|
|
ATTRIBUTE EAP-Type-None 1280 octets
|
|
ATTRIBUTE EAP-Type-Identity 1281 octets
|
|
ATTRIBUTE EAP-Type-Notification 1282 octets
|
|
ATTRIBUTE EAP-Type-NAK 1283 octets
|
|
ATTRIBUTE EAP-Type-MD5-Challenge 1284 octets
|
|
ATTRIBUTE EAP-Type-One-Time-Password 1285 octets
|
|
ATTRIBUTE EAP-Type-Generic-Token-Card 1286 octets
|
|
ATTRIBUTE EAP-Type-RSA-Public-Key 1289 octets
|
|
ATTRIBUTE EAP-Type-DSS-Unilateral 1290 octets
|
|
ATTRIBUTE EAP-Type-KEA 1291 octets
|
|
ATTRIBUTE EAP-Type-KEA-Validate 1292 octets
|
|
ATTRIBUTE EAP-Type-EAP-TLS 1293 octets
|
|
ATTRIBUTE EAP-Type-Defender-Token 1294 octets
|
|
ATTRIBUTE EAP-Type-RSA-SecurID-EAP 1295 octets
|
|
ATTRIBUTE EAP-Type-Arcot-Systems-EAP 1296 octets
|
|
ATTRIBUTE EAP-Type-Cisco-LEAP 1297 octets
|
|
ATTRIBUTE EAP-Type-Nokia-IP-Smart-Card 1298 octets
|
|
ATTRIBUTE EAP-Type-SIM 1298 octets
|
|
ATTRIBUTE EAP-Type-SRP-SHA1 1299 octets
|
|
ATTRIBUTE EAP-Type-EAP-TTLS 1301 octets
|
|
ATTRIBUTE EAP-Type-Remote-Access-Service 1302 octets
|
|
ATTRIBUTE EAP-Type-AKA 1303 octets
|
|
ATTRIBUTE EAP-Type-EAP-3Com-Wireless 1304 octets
|
|
ATTRIBUTE EAP-Type-PEAP 1305 octets
|
|
ATTRIBUTE EAP-Type-MS-EAP-Authentication 1306 octets
|
|
ATTRIBUTE EAP-Type-MAKE 1307 octets
|
|
ATTRIBUTE EAP-Type-CRYPTOCard 1308 octets
|
|
ATTRIBUTE EAP-Type-EAP-MSCHAP-V2 1309 octets
|
|
ATTRIBUTE EAP-Type-DynamID 1310 octets
|
|
ATTRIBUTE EAP-Type-Rob-EAP 1311 octets
|
|
ATTRIBUTE EAP-Type-SecurID-EAP 1312 octets
|
|
ATTRIBUTE EAP-Type-MS-Authentication-TLV 1313 octets
|
|
ATTRIBUTE EAP-Type-SentriNET 1314 octets
|
|
ATTRIBUTE EAP-Type-EAP-Actiontec-Wireless 1315 octets
|
|
ATTRIBUTE EAP-Type-Cogent-Biomentric-EAP 1316 octets
|
|
ATTRIBUTE EAP-Type-AirFortress-EAP 1317 octets
|
|
ATTRIBUTE EAP-Type-EAP-HTTP-Digest 1318 octets
|
|
ATTRIBUTE EAP-Type-SecuriSuite-EAP 1319 octets
|
|
ATTRIBUTE EAP-Type-DeviceConnect-EAP 1320 octets
|
|
ATTRIBUTE EAP-Type-EAP-SPEKE 1321 octets
|
|
ATTRIBUTE EAP-Type-EAP-MOBAC 1322 octets
|
|
ATTRIBUTE EAP-Type-EAP-FAST 1323 octets
|
|
ATTRIBUTE EAP-Type-Zonelabs 1324 octets
|
|
ATTRIBUTE EAP-Type-EAP-Link 1325 octets
|
|
ATTRIBUTE EAP-Type-EAP-PAX 1326 octets
|
|
ATTRIBUTE EAP-Type-EAP-PSK 1327 octets
|
|
ATTRIBUTE EAP-Type-EAP-SAKE 1328 octets
|
|
ATTRIBUTE EAP-Type-EAP-IKEv2 1329 octets
|
|
ATTRIBUTE EAP-Type-EAP-AKA2 1330 octets
|
|
ATTRIBUTE EAP-Type-EAP-GPSK 1331 octets
|
|
ATTRIBUTE EAP-Type-EAP-PWD 1332 octets
|
|
ATTRIBUTE EAP-Type-EAP-EVEv1 1333 octets
|
|
|
|
ATTRIBUTE EAP-Type-Microsoft-MS-CHAPv2 1306 octets
|
|
ATTRIBUTE EAP-Type-Cisco-MS-CHAPv2 1309 octets
|
|
ATTRIBUTE EAP-Type-MS-CHAP-V2 1306 octets
|
|
|
|
#
|
|
# Range: 1536 - 1791
|
|
# EAP Sim sub-types.
|
|
#
|
|
|
|
# these are PW_EAP_SIM_X + 1536
|
|
ATTRIBUTE EAP_Sim-Base 1536 octets
|
|
ATTRIBUTE EAP-Sim-RAND 1537 octets
|
|
ATTRIBUTE EAP-Sim-PADDING 1542 octets
|
|
ATTRIBUTE EAP-Sim-NONCE_MT 1543 octets
|
|
ATTRIBUTE EAP-Sim-PERMANENT_ID_REQ 1546 octets
|
|
ATTRIBUTE EAP-Sim-MAC 1547 octets
|
|
ATTRIBUTE EAP-Sim-NOTIFICATION 1548 octets
|
|
ATTRIBUTE EAP-Sim-ANY_ID_REQ 1549 octets
|
|
ATTRIBUTE EAP-Sim-IDENTITY 1550 octets
|
|
ATTRIBUTE EAP-Sim-VERSION_LIST 1551 octets
|
|
ATTRIBUTE EAP-Sim-SELECTED_VERSION 1552 octets
|
|
ATTRIBUTE EAP-Sim-FULLAUTH_ID_REQ 1553 octets
|
|
ATTRIBUTE EAP-Sim-COUNTER 1555 octets
|
|
ATTRIBUTE EAP-Sim-COUNTER_TOO_SMALL 1556 octets
|
|
ATTRIBUTE EAP-Sim-NONCE_S 1557 octets
|
|
ATTRIBUTE EAP-Sim-IV 1665 octets
|
|
ATTRIBUTE EAP-Sim-ENCR_DATA 1666 octets
|
|
ATTRIBUTE EAP-Sim-NEXT_PSEUDONUM 1668 octets
|
|
ATTRIBUTE EAP-Sim-NEXT_REAUTH_ID 1669 octets
|
|
ATTRIBUTE EAP-Sim-CHECKCODE 1670 octets
|
|
|
|
#
|
|
# Range: 1800-1899
|
|
# Temporary attributes, for local storage.
|
|
#
|
|
ATTRIBUTE Tmp-String-0 1800 string
|
|
ATTRIBUTE Tmp-String-1 1801 string
|
|
ATTRIBUTE Tmp-String-2 1802 string
|
|
ATTRIBUTE Tmp-String-3 1803 string
|
|
ATTRIBUTE Tmp-String-4 1804 string
|
|
ATTRIBUTE Tmp-String-5 1805 string
|
|
ATTRIBUTE Tmp-String-6 1806 string
|
|
ATTRIBUTE Tmp-String-7 1807 string
|
|
ATTRIBUTE Tmp-String-8 1808 string
|
|
ATTRIBUTE Tmp-String-9 1809 string
|
|
|
|
ATTRIBUTE Tmp-Integer-0 1810 integer
|
|
ATTRIBUTE Tmp-Integer-1 1811 integer
|
|
ATTRIBUTE Tmp-Integer-2 1812 integer
|
|
ATTRIBUTE Tmp-Integer-3 1813 integer
|
|
ATTRIBUTE Tmp-Integer-4 1814 integer
|
|
ATTRIBUTE Tmp-Integer-5 1815 integer
|
|
ATTRIBUTE Tmp-Integer-6 1816 integer
|
|
ATTRIBUTE Tmp-Integer-7 1817 integer
|
|
ATTRIBUTE Tmp-Integer-8 1818 integer
|
|
ATTRIBUTE Tmp-Integer-9 1819 integer
|
|
|
|
ATTRIBUTE Tmp-IP-Address-0 1820 ipaddr
|
|
ATTRIBUTE Tmp-IP-Address-1 1821 ipaddr
|
|
ATTRIBUTE Tmp-IP-Address-2 1822 ipaddr
|
|
ATTRIBUTE Tmp-IP-Address-3 1823 ipaddr
|
|
ATTRIBUTE Tmp-IP-Address-4 1824 ipaddr
|
|
ATTRIBUTE Tmp-IP-Address-5 1825 ipaddr
|
|
ATTRIBUTE Tmp-IP-Address-6 1826 ipaddr
|
|
ATTRIBUTE Tmp-IP-Address-7 1827 ipaddr
|
|
ATTRIBUTE Tmp-IP-Address-8 1828 ipaddr
|
|
ATTRIBUTE Tmp-IP-Address-9 1829 ipaddr
|
|
|
|
ATTRIBUTE Tmp-Octets-0 1830 octets
|
|
ATTRIBUTE Tmp-Octets-1 1831 octets
|
|
ATTRIBUTE Tmp-Octets-2 1832 octets
|
|
ATTRIBUTE Tmp-Octets-3 1833 octets
|
|
ATTRIBUTE Tmp-Octets-4 1834 octets
|
|
ATTRIBUTE Tmp-Octets-5 1835 octets
|
|
ATTRIBUTE Tmp-Octets-6 1836 octets
|
|
ATTRIBUTE Tmp-Octets-7 1837 octets
|
|
ATTRIBUTE Tmp-Octets-8 1838 octets
|
|
ATTRIBUTE Tmp-Octets-9 1839 octets
|
|
|
|
ATTRIBUTE Tmp-Date-0 1840 date
|
|
ATTRIBUTE Tmp-Date-1 1841 date
|
|
ATTRIBUTE Tmp-Date-2 1842 date
|
|
ATTRIBUTE Tmp-Date-3 1843 date
|
|
ATTRIBUTE Tmp-Date-4 1844 date
|
|
ATTRIBUTE Tmp-Date-5 1845 date
|
|
ATTRIBUTE Tmp-Date-6 1846 date
|
|
ATTRIBUTE Tmp-Date-7 1847 date
|
|
ATTRIBUTE Tmp-Date-8 1848 date
|
|
ATTRIBUTE Tmp-Date-9 1849 date
|
|
|
|
ATTRIBUTE Tmp-Integer64-0 1871 integer64
|
|
ATTRIBUTE Tmp-Integer64-1 1872 integer64
|
|
ATTRIBUTE Tmp-Integer64-2 1873 integer64
|
|
ATTRIBUTE Tmp-Integer64-3 1874 integer64
|
|
ATTRIBUTE Tmp-Integer64-4 1875 integer64
|
|
ATTRIBUTE Tmp-Integer64-5 1876 integer64
|
|
ATTRIBUTE Tmp-Integer64-6 1877 integer64
|
|
ATTRIBUTE Tmp-Integer64-7 1878 integer64
|
|
ATTRIBUTE Tmp-Integer64-8 1879 integer64
|
|
ATTRIBUTE Tmp-Integer64-9 1880 integer64
|
|
#
|
|
# These attributes shouldn't be used anywhere. They are defined here
|
|
# only for casting of values in conditional expressions.
|
|
#
|
|
# The order and number need to be consistent with the typedefs used
|
|
# in the server source.
|
|
#
|
|
ATTRIBUTE Tmp-Cast-String 1851 string
|
|
ATTRIBUTE Tmp-Cast-Integer 1852 integer
|
|
ATTRIBUTE Tmp-Cast-Ipaddr 1853 ipaddr
|
|
ATTRIBUTE Tmp-Cast-Date 1854 date
|
|
ATTRIBUTE Tmp-Cast-Abinary 1855 abinary
|
|
ATTRIBUTE Tmp-Cast-Octets 1856 octets
|
|
ATTRIBUTE Tmp-Cast-Ifid 1857 ifid
|
|
ATTRIBUTE Tmp-Cast-IPv6Addr 1858 ipv6addr
|
|
ATTRIBUTE Tmp-Cast-IPv6Prefix 1859 ipv6prefix
|
|
ATTRIBUTE Tmp-Cast-Byte 1860 byte
|
|
ATTRIBUTE Tmp-Cast-Short 1861 short
|
|
ATTRIBUTE Tmp-Cast-Ethernet 1862 ether
|
|
ATTRIBUTE Tmp-Cast-Signed 1863 signed
|
|
# don't use or define these
|
|
ATTRIBUTE Tmp-Cast-Integer64 1869 integer64
|
|
ATTRIBUTE Tmp-Cast-IPv4Prefix 1870 ipv4prefix
|
|
# don't use or define VSA or MAX
|
|
|
|
# Range: 1900-1909
|
|
# WiMAX server-side attributes.
|
|
#
|
|
# These are NOT sent in a packet, but are otherwise
|
|
# available for testing and validation. The various
|
|
# things that *are* sent in a packet are derived from
|
|
# these attributes.
|
|
#
|
|
ATTRIBUTE WiMAX-MN-NAI 1900 string
|
|
|
|
ATTRIBUTE TLS-Cert-Serial 1910 string
|
|
ATTRIBUTE TLS-Cert-Expiration 1911 string
|
|
ATTRIBUTE TLS-Cert-Issuer 1912 string
|
|
ATTRIBUTE TLS-Cert-Subject 1913 string
|
|
ATTRIBUTE TLS-Cert-Common-Name 1914 string
|
|
ATTRIBUTE TLS-Cert-Subject-Alt-Name-Email 1915 string
|
|
ATTRIBUTE TLS-Cert-Subject-Alt-Name-Dns 1916 string
|
|
ATTRIBUTE TLS-Cert-Subject-Alt-Name-Upn 1917 string
|
|
# 1918 - 1919: reserved for future cert attributes
|
|
ATTRIBUTE TLS-Client-Cert-Serial 1920 string
|
|
ATTRIBUTE TLS-Client-Cert-Expiration 1921 string
|
|
ATTRIBUTE TLS-Client-Cert-Issuer 1922 string
|
|
ATTRIBUTE TLS-Client-Cert-Subject 1923 string
|
|
ATTRIBUTE TLS-Client-Cert-Common-Name 1924 string
|
|
ATTRIBUTE TLS-Client-Cert-Filename 1925 string
|
|
ATTRIBUTE TLS-Client-Cert-Subject-Alt-Name-Email 1926 string
|
|
ATTRIBUTE TLS-Client-Cert-X509v3-Extended-Key-Usage 1927 string
|
|
ATTRIBUTE TLS-Client-Cert-X509v3-Subject-Key-Identifier 1928 string
|
|
ATTRIBUTE TLS-Client-Cert-X509v3-Authority-Key-Identifier 1929 string
|
|
ATTRIBUTE TLS-Client-Cert-X509v3-Basic-Constraints 1930 string
|
|
ATTRIBUTE TLS-Client-Cert-Subject-Alt-Name-Dns 1931 string
|
|
ATTRIBUTE TLS-Client-Cert-Subject-Alt-Name-Upn 1932 string
|
|
ATTRIBUTE TLS-PSK-Identity 1933 string
|
|
|
|
# 1934 - 1939: reserved for future cert attributes
|
|
|
|
#
|
|
# Range: 1940-2099
|
|
# Free
|
|
#
|
|
# Range: 2100-2199
|
|
# SoH attributes; FIXME: these should really be protocol attributes
|
|
# so that the SoH radius request can be proxied, but from which
|
|
# vendor? Sigh...
|
|
#
|
|
ATTRIBUTE SoH-MS-Machine-OS-vendor 2100 integer
|
|
VALUE SoH-MS-Machine-OS-vendor Microsoft 311
|
|
|
|
ATTRIBUTE SoH-MS-Machine-OS-version 2101 integer
|
|
ATTRIBUTE SoH-MS-Machine-OS-release 2102 integer
|
|
ATTRIBUTE SoH-MS-Machine-OS-build 2103 integer
|
|
ATTRIBUTE SoH-MS-Machine-SP-version 2104 integer
|
|
ATTRIBUTE SoH-MS-Machine-SP-release 2105 integer
|
|
|
|
ATTRIBUTE SoH-MS-Machine-Processor 2106 integer
|
|
VALUE SoH-MS-Machine-Processor x86 0
|
|
VALUE SoH-MS-Machine-Processor i64 6
|
|
VALUE SoH-MS-Machine-Processor x86_64 9
|
|
|
|
ATTRIBUTE SoH-MS-Machine-Name 2107 string
|
|
ATTRIBUTE SoH-MS-Correlation-Id 2108 octets
|
|
ATTRIBUTE SoH-MS-Machine-Role 2109 integer
|
|
VALUE SoH-MS-Machine-Role client 1
|
|
VALUE SoH-MS-Machine-Role dc 2
|
|
VALUE SoH-MS-Machine-Role server 3
|
|
|
|
ATTRIBUTE SoH-Supported 2119 integer
|
|
VALUE SoH-Supported no 0
|
|
VALUE SoH-Supported yes 1
|
|
|
|
ATTRIBUTE SoH-MS-Windows-Health-Status 2120 string
|
|
ATTRIBUTE SoH-MS-Health-Other 2129 string
|
|
|
|
#
|
|
# Range: 2200-2219
|
|
# Utilities bundled with the server
|
|
#
|
|
ATTRIBUTE Radclient-Test-Name 2200 string
|
|
|
|
#
|
|
# Range: 2220-2999
|
|
# Free
|
|
#
|
|
# Range: 3000-3999
|
|
# Site-local attributes (see raddb/dictionary.in)
|
|
# Do NOT define attributes in this range!
|
|
#
|
|
# Range: 4000-65535
|
|
# Unused
|
|
#
|
|
# Range: 65536-
|
|
# Invalid. Don't use.
|
|
#
|
|
|
|
#
|
|
# Non-Protocol Integer Translations
|
|
#
|
|
|
|
VALUE Auth-Type Local 0
|
|
VALUE Auth-Type System 1
|
|
VALUE Auth-Type SecurID 2
|
|
VALUE Auth-Type Crypt-Local 3
|
|
VALUE Auth-Type Reject 4
|
|
VALUE Auth-Type ActivCard 5
|
|
VALUE Auth-Type EAP 6
|
|
VALUE Auth-Type ARAP 7
|
|
|
|
#
|
|
# FreeRADIUS extensions (most originally from Cistron)
|
|
#
|
|
VALUE Auth-Type Accept 254
|
|
|
|
VALUE Auth-Type PAP 1024
|
|
VALUE Auth-Type CHAP 1025
|
|
# 1026 was LDAP, but we deleted it. Adding it back will break the
|
|
# ldap module.
|
|
VALUE Auth-Type PAM 1027
|
|
VALUE Auth-Type MS-CHAP 1028
|
|
VALUE Auth-Type MSCHAP 1028
|
|
VALUE Auth-Type Kerberos 1029
|
|
VALUE Auth-Type CRAM 1030
|
|
VALUE Auth-Type NS-MTA-MD5 1031
|
|
# 1032 is unused (was a duplicate of CRAM)
|
|
VALUE Auth-Type SMB 1033
|
|
VALUE Auth-Type MS-CHAP-V2 1034
|
|
|
|
#
|
|
# Authorization type, too.
|
|
#
|
|
VALUE Autz-Type Local 0
|
|
|
|
#
|
|
# And accounting
|
|
#
|
|
VALUE Acct-Type Local 0
|
|
|
|
#
|
|
# And Session handling
|
|
#
|
|
VALUE Session-Type Local 0
|
|
|
|
#
|
|
# And Post-Auth
|
|
VALUE Post-Auth-Type Local 0
|
|
VALUE Post-Auth-Type Reject 1
|
|
|
|
#
|
|
# Experimental Non-Protocol Integer Translations for FreeRADIUS
|
|
#
|
|
VALUE Fall-Through No 0
|
|
VALUE Fall-Through Yes 1
|
|
|
|
VALUE Relax-Filter No 0
|
|
VALUE Relax-Filter Yes 1
|
|
|
|
VALUE Strip-User-Name No 0
|
|
VALUE Strip-User-Name Yes 1
|
|
|
|
VALUE Packet-Type Access-Request 1
|
|
VALUE Packet-Type Access-Accept 2
|
|
VALUE Packet-Type Access-Reject 3
|
|
VALUE Packet-Type Accounting-Request 4
|
|
VALUE Packet-Type Accounting-Response 5
|
|
VALUE Packet-Type Accounting-Status 6
|
|
VALUE Packet-Type Password-Request 7
|
|
VALUE Packet-Type Password-Accept 8
|
|
VALUE Packet-Type Password-Reject 9
|
|
VALUE Packet-Type Accounting-Message 10
|
|
VALUE Packet-Type Access-Challenge 11
|
|
VALUE Packet-Type Status-Server 12
|
|
VALUE Packet-Type Status-Client 13
|
|
|
|
#
|
|
# The following packet types are described in RFC 2882,
|
|
# but they are NOT part of the RADIUS standard. Instead,
|
|
# they are informational about vendor-specific extensions
|
|
# to the RADIUS standard.
|
|
#
|
|
VALUE Packet-Type Resource-Free-Request 21
|
|
VALUE Packet-Type Resource-Free-Response 22
|
|
VALUE Packet-Type Resource-Query-Request 23
|
|
VALUE Packet-Type Resource-Query-Response 24
|
|
VALUE Packet-Type Alternate-Resource-Reclaim-Request 25
|
|
VALUE Packet-Type NAS-Reboot-Request 26
|
|
VALUE Packet-Type NAS-Reboot-Response 27
|
|
VALUE Packet-Type Next-Passcode 29
|
|
VALUE Packet-Type New-Pin 30
|
|
VALUE Packet-Type Terminate-Session 31
|
|
VALUE Packet-Type Password-Expired 32
|
|
VALUE Packet-Type Event-Request 33
|
|
VALUE Packet-Type Event-Response 34
|
|
|
|
# RFC 3576 allocates packet types 40-45
|
|
|
|
VALUE Packet-Type Disconnect-Request 40
|
|
VALUE Packet-Type Disconnect-ACK 41
|
|
VALUE Packet-Type Disconnect-NAK 42
|
|
VALUE Packet-Type CoA-Request 43
|
|
VALUE Packet-Type CoA-ACK 44
|
|
VALUE Packet-Type CoA-NAK 45
|
|
|
|
VALUE Packet-Type IP-Address-Allocate 50
|
|
VALUE Packet-Type IP-Address-Release 51
|
|
|
|
VALUE Response-Packet-Type Access-Request 1
|
|
VALUE Response-Packet-Type Access-Accept 2
|
|
VALUE Response-Packet-Type Access-Reject 3
|
|
VALUE Response-Packet-Type Accounting-Request 4
|
|
VALUE Response-Packet-Type Accounting-Response 5
|
|
VALUE Response-Packet-Type Accounting-Status 6
|
|
VALUE Response-Packet-Type Password-Request 7
|
|
VALUE Response-Packet-Type Password-Accept 8
|
|
VALUE Response-Packet-Type Password-Reject 9
|
|
VALUE Response-Packet-Type Accounting-Message 10
|
|
VALUE Response-Packet-Type Access-Challenge 11
|
|
VALUE Response-Packet-Type Status-Server 12
|
|
VALUE Response-Packet-Type Status-Client 13
|
|
|
|
VALUE Response-Packet-Type Disconnect-Request 40
|
|
VALUE Response-Packet-Type Disconnect-ACK 41
|
|
VALUE Response-Packet-Type Disconnect-NAK 42
|
|
VALUE Response-Packet-Type CoA-Request 43
|
|
VALUE Response-Packet-Type CoA-ACK 44
|
|
VALUE Response-Packet-Type CoA-NAK 45
|
|
#
|
|
# Special value
|
|
#
|
|
VALUE Response-Packet-Type Do-Not-Respond 256
|
|
|
|
#
|
|
# EAP Sub-types, inside of Request and Response packets
|
|
#
|
|
# http://www.iana.org/assignments/ppp-numbers
|
|
# "PPP EAP REQUEST/RESPONSE TYPES"
|
|
#
|
|
#
|
|
# See dictionary.microsoft, MS-Acct-EAP-Type for similar definitions
|
|
#
|
|
VALUE EAP-Type None 0
|
|
VALUE EAP-Type Identity 1
|
|
VALUE EAP-Type Notification 2
|
|
VALUE EAP-Type NAK 3
|
|
VALUE EAP-Type MD5-Challenge 4
|
|
VALUE EAP-Type MD5 4
|
|
VALUE EAP-Type One-Time-Password 5
|
|
VALUE EAP-Type OTP 5
|
|
VALUE EAP-Type Generic-Token-Card 6
|
|
VALUE EAP-Type GTC 6
|
|
VALUE EAP-Type RSA-Public-Key 9
|
|
VALUE EAP-Type DSS-Unilateral 10
|
|
VALUE EAP-Type KEA 11
|
|
VALUE EAP-Type KEA-Validate 12
|
|
VALUE EAP-Type TLS 13
|
|
VALUE EAP-Type Defender-Token 14
|
|
VALUE EAP-Type RSA-SecurID-EAP 15
|
|
VALUE EAP-Type Arcot-Systems-EAP 16
|
|
VALUE EAP-Type Cisco-LEAP 17
|
|
VALUE EAP-Type LEAP 17
|
|
VALUE EAP-Type Nokia-IP-Smart-Card 18
|
|
VALUE EAP-Type SIM 18
|
|
VALUE EAP-Type SRP-SHA1 19
|
|
# 20 is unassigned
|
|
VALUE EAP-Type TTLS 21
|
|
VALUE EAP-Type Remote-Access-Service 22
|
|
VALUE EAP-Type AKA 23
|
|
VALUE EAP-Type 3Com-Wireless 24
|
|
VALUE EAP-Type PEAP 25
|
|
VALUE EAP-Type Microsoft-MS-CHAPv2 26
|
|
VALUE EAP-Type MAKE 27
|
|
VALUE EAP-Type CRYPTOCard 28
|
|
VALUE EAP-Type Cisco-MS-CHAPv2 29
|
|
VALUE EAP-Type DynamID 30
|
|
VALUE EAP-Type Rob-EAP 31
|
|
VALUE EAP-Type SecurID-EAP 32
|
|
VALUE EAP-Type MS-Authentication-TLV 33
|
|
VALUE EAP-Type SentriNET 34
|
|
VALUE EAP-Type Actiontec-Wireless 35
|
|
VALUE EAP-Type Cogent-Biomentric-EAP 36
|
|
VALUE EAP-Type AirFortress-EAP 37
|
|
VALUE EAP-Type HTTP-Digest 38
|
|
VALUE EAP-Type TNC 38
|
|
VALUE EAP-Type SecuriSuite-EAP 39
|
|
VALUE EAP-Type DeviceConnect-EAP 40
|
|
VALUE EAP-Type SPEKE 41
|
|
VALUE EAP-Type MOBAC 42
|
|
VALUE EAP-Type FAST 43
|
|
VALUE EAP-Type Zonelabs 44
|
|
VALUE EAP-Type Link 45
|
|
VALUE EAP-Type PAX 46
|
|
VALUE EAP-Type PSK 47
|
|
VALUE EAP-Type SAKE 48
|
|
VALUE EAP-Type IKEv2 49
|
|
VALUE EAP-Type AKA2 50
|
|
VALUE EAP-Type GPSK 51
|
|
VALUE EAP-Type PWD 52
|
|
VALUE EAP-Type EVEv1 53
|
|
|
|
#
|
|
# And this is what most people mean by MS-CHAPv2
|
|
#
|
|
VALUE EAP-Type MSCHAPv2 26
|
|
|
|
#
|
|
# This says TLS, but it's only valid for TTLS & PEAP.
|
|
# EAP-TLS *always* requires a client certificate.
|
|
#
|
|
VALUE EAP-TLS-Require-Client-Cert No 0
|
|
VALUE EAP-TLS-Require-Client-Cert Yes 1
|
|
|
|
#
|
|
# These are the EAP-Code values.
|
|
#
|
|
VALUE EAP-Code Request 1
|
|
VALUE EAP-Code Response 2
|
|
VALUE EAP-Code Success 3
|
|
VALUE EAP-Code Failure 4
|
|
|
|
#
|
|
# For MS-CHAP, do we run ntlm_auth, or not.
|
|
#
|
|
VALUE MS-CHAP-Use-NTLM-Auth No 0
|
|
VALUE MS-CHAP-Use-NTLM-Auth Yes 1
|