summaryrefslogtreecommitdiffstats
path: root/share/dictionary.freeradius.internal
blob: 590b7dae04e246f4f649c3ca77819e5504b36df6 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
# -*- text -*-
# Copyright (C) 2019 The FreeRADIUS Server project and contributors
# This work is licensed under CC-BY version 4.0 https://creativecommons.org/licenses/by/4.0
#
#	Non Protocol Attributes used by FreeRADIUS
#
#	$Id$
#

#	The attributes number ranges are allocates as follows:
#
#	Range:	500-999
#		server-side attributes which can go in a reply list

# 	These attributes CAN go in the reply item list.
ATTRIBUTE	Fall-Through				500	integer
ATTRIBUTE	Relax-Filter				501	integer
ATTRIBUTE	Exec-Program				502	string
ATTRIBUTE	Exec-Program-Wait			503	string

#	These attributes CANNOT go in the reply item list.

#
#	Range:	1000+
#		Attributes which cannot go in a reply list.
#
#
#	Range:	1000-1199
#		Miscellaneous server attributes.
#
#
#	Non-Protocol Attributes
#	These attributes are used internally by the server
#
ATTRIBUTE	Auth-Type				1000	integer
ATTRIBUTE	Menu					1001	string
ATTRIBUTE	Termination-Menu			1002	string
ATTRIBUTE	Prefix					1003	string
ATTRIBUTE	Suffix					1004	string
ATTRIBUTE	Group					1005	string
ATTRIBUTE	Crypt-Password				1006	string
#ATTRIBUTE	Connect-Rate				1007	integer
ATTRIBUTE	Add-Prefix				1008	string
ATTRIBUTE	Add-Suffix				1009	string
ATTRIBUTE	Expiration				1010	date
ATTRIBUTE	Autz-Type				1011	integer
ATTRIBUTE	Acct-Type				1012	integer
ATTRIBUTE	Session-Type				1013	integer
ATTRIBUTE	Post-Auth-Type				1014	integer
ATTRIBUTE	Pre-Proxy-Type				1015	integer
ATTRIBUTE	Post-Proxy-Type				1016	integer
ATTRIBUTE	Pre-Acct-Type				1017	integer

#
#	This is the EAP type of authentication, which is set
#	by the EAP module, for informational purposes only.
#
ATTRIBUTE	EAP-Type				1018	integer
ATTRIBUTE	EAP-TLS-Require-Client-Cert		1019	integer
ATTRIBUTE	EAP-Id					1020	integer
ATTRIBUTE	EAP-Code				1021	integer
ATTRIBUTE	EAP-MD5-Password			1022	string
ATTRIBUTE	PEAP-Version				1023	integer
ATTRIBUTE	Client-Shortname			1024	string virtual
ATTRIBUTE	Load-Balance-Key			1025	string
ATTRIBUTE	Raw-Attribute				1026	octets
ATTRIBUTE	TNC-VLAN-Access				1027	string
ATTRIBUTE	TNC-VLAN-Isolate			1028	string
ATTRIBUTE	User-Category				1029	string
ATTRIBUTE	Group-Name				1030	string
ATTRIBUTE	Huntgroup-Name				1031	string
ATTRIBUTE	Simultaneous-Use			1034	integer
ATTRIBUTE	Strip-User-Name				1035	integer
ATTRIBUTE	Hint					1040	string
ATTRIBUTE	Pam-Auth				1041	string
ATTRIBUTE	Login-Time				1042	string
ATTRIBUTE	Stripped-User-Name			1043	string
ATTRIBUTE	Current-Time				1044	string
ATTRIBUTE	Realm					1045	string
ATTRIBUTE	No-Such-Attribute			1046	string
ATTRIBUTE	Packet-Type				1047	integer virtual
ATTRIBUTE	Proxy-To-Realm				1048	string
ATTRIBUTE	Replicate-To-Realm			1049	string
ATTRIBUTE	Acct-Session-Start-Time			1050	date
ATTRIBUTE	Acct-Unique-Session-Id			1051	string
ATTRIBUTE	Client-IP-Address			1052	ipaddr virtual
ATTRIBUTE	LDAP-UserDN				1053	string
ATTRIBUTE	NS-MTA-MD5-Password			1054	string
ATTRIBUTE	SQL-User-Name				1055	string
ATTRIBUTE	LM-Password				1057	octets
ATTRIBUTE	NT-Password				1058	octets
ATTRIBUTE	SMB-Account-CTRL			1059	integer
ATTRIBUTE	SMB-Account-CTRL-TEXT			1061	string
ATTRIBUTE	User-Profile				1062	string
ATTRIBUTE	Digest-Realm				1063	string
ATTRIBUTE	Digest-Nonce				1064	string
ATTRIBUTE	Digest-Method				1065	string
ATTRIBUTE	Digest-URI				1066	string
ATTRIBUTE	Digest-QOP				1067	string
ATTRIBUTE	Digest-Algorithm			1068	string
ATTRIBUTE	Digest-Body-Digest			1069	string
ATTRIBUTE	Digest-CNonce				1070	string
ATTRIBUTE	Digest-Nonce-Count			1071	string
ATTRIBUTE	Digest-User-Name			1072	string
ATTRIBUTE	Pool-Name				1073	string
# LDAP-Group is now dynamically created
ATTRIBUTE	Module-Success-Message			1075	string
ATTRIBUTE	Module-Failure-Message			1076	string
#		X99-Fast		1077	integer
ATTRIBUTE	Rewrite-Rule				1078	string
# SQL-Group is now dynamically created
ATTRIBUTE	Response-Packet-Type			1080	integer virtual
ATTRIBUTE	Digest-HA1				1081	string
ATTRIBUTE	MS-CHAP-Use-NTLM-Auth			1082	integer
ATTRIBUTE	NTLM-User-Name				1083	string
ATTRIBUTE	MS-CHAP-User-Name			1083	string
ATTRIBUTE	Packet-Src-IP-Address			1084	ipaddr virtual
ATTRIBUTE	Packet-Dst-IP-Address			1085	ipaddr virtual
ATTRIBUTE	Packet-Src-Port				1086	integer virtual
ATTRIBUTE	Packet-Dst-Port				1087	integer virtual
ATTRIBUTE	Packet-Authentication-Vector		1088	octets virtual
ATTRIBUTE	Time-Of-Day				1089	string
ATTRIBUTE	Request-Processing-Stage		1090	string virtual
ATTRIBUTE	SHA2-Password				1092	octets
ATTRIBUTE	SHA-Password				1093	octets
ATTRIBUTE	SSHA-Password				1094	octets
ATTRIBUTE	SHA1-Password				1093	octets
ATTRIBUTE	SSHA1-Password				1094	octets
ATTRIBUTE	MD5-Password				1095	octets
ATTRIBUTE	SMD5-Password				1096	octets
ATTRIBUTE	Packet-Src-IPv6-Address			1097	ipv6addr virtual
ATTRIBUTE	Packet-Dst-IPv6-Address			1098	ipv6addr virtual
ATTRIBUTE	Virtual-Server				1099	string virtual
ATTRIBUTE	Cleartext-Password			1100	string
ATTRIBUTE	Password-With-Header			1101	string
ATTRIBUTE	Inner-Tunnel-User-Name			1102	string
#
#	EAP-IKEv2 is experimental.
#
ATTRIBUTE	EAP-IKEv2-IDType			1103	integer

VALUE	EAP-IKEv2-IDType		IPV4_ADDR		1
VALUE	EAP-IKEv2-IDType		FQDN			2
VALUE	EAP-IKEv2-IDType		RFC822_ADDR		3
VALUE	EAP-IKEv2-IDType		IPV6_ADDR		5
VALUE	EAP-IKEv2-IDType		DER_ASN1_DN		9
VALUE	EAP-IKEv2-IDType		DER_ASN1_GN		10
VALUE	EAP-IKEv2-IDType		KEY_ID			11

ATTRIBUTE	EAP-IKEv2-ID				1104	string
ATTRIBUTE	EAP-IKEv2-Secret			1105	string	secret
ATTRIBUTE	EAP-IKEv2-AuthType			1106	integer

VALUE	EAP-IKEv2-AuthType		none			0
VALUE	EAP-IKEv2-AuthType		secret			1
VALUE	EAP-IKEv2-AuthType		cert			2
VALUE	EAP-IKEv2-AuthType		both			3

ATTRIBUTE	Send-Disconnect-Request			1107	integer
ATTRIBUTE	Send-CoA-Request			1107	integer

VALUE	Send-CoA-Request		No			0
VALUE	Send-CoA-Request		Yes			1

ATTRIBUTE	Module-Return-Code			1108	integer virtual

VALUE	Module-Return-Code		reject			0
VALUE	Module-Return-Code		fail			1
VALUE	Module-Return-Code		ok			2
VALUE	Module-Return-Code		handled			3
VALUE	Module-Return-Code		invalid			4
VALUE	Module-Return-Code		userlock		5
VALUE	Module-Return-Code		notfound		6
VALUE	Module-Return-Code		noop			7
VALUE	Module-Return-Code		updated			8

ATTRIBUTE	Packet-Original-Timestamp		1109	date
ATTRIBUTE	SQL-Table-Name				1110	string
ATTRIBUTE	Home-Server-Pool			1111	string

# For delayed evaluation of maps
ATTRIBUTE	Attribute-Map				1112	string

# See sites-available/coa-relay
ATTRIBUTE	COA-Packet-Type				1113	string
ATTRIBUTE	COA-Packet-DST-IP-Address		1114	ipaddr
ATTRIBUTE	COA-Packet-DST-Port			1115	integer
ATTRIBUTE	COA-Acct-Session-Id			1116	string

ATTRIBUTE	FreeRADIUS-Client-IP-Address		1120	ipaddr
ATTRIBUTE	FreeRADIUS-Client-IPv6-Address		1121	ipv6addr
# The rest of the FreeRADIUS-Client-* attributes are at 1150...

ATTRIBUTE	FreeRADIUS-Client-Require-MA		1122	integer

VALUE	FreeRADIUS-Client-Require-MA	no			0
VALUE	FreeRADIUS-Client-Require-MA	yes			1

ATTRIBUTE	FreeRADIUS-Client-Secret		1123	string secret
ATTRIBUTE	FreeRADIUS-Client-Shortname		1124	string
ATTRIBUTE	FreeRADIUS-Client-NAS-Type		1125	string
ATTRIBUTE	FreeRADIUS-Client-Virtual-Server	1126	string

# For session resumption
ATTRIBUTE	Allow-Session-Resumption		1127	integer

VALUE	Allow-Session-Resumption	no			0
VALUE	Allow-Session-Resumption	yes			1

ATTRIBUTE	EAP-Session-Resumed			1128	integer

VALUE	EAP-Session-Resumed		no			0
VALUE	EAP-Session-Resumed		yes			1

#
#	Expose EAP keys in the reply.
#
ATTRIBUTE	EAP-MSK					1129	octets
ATTRIBUTE	EAP-EMSK				1130	octets

#
#	For send/recv CoA packets (like Auth-Type, Acct-Type, etc.)
#
ATTRIBUTE	Recv-CoA-Type				1131	integer
ATTRIBUTE	Send-CoA-Type				1132	integer

ATTRIBUTE	MS-CHAP-Password			1133	string
ATTRIBUTE	Packet-Transmit-Counter			1134	integer
ATTRIBUTE	Cached-Session-Policy			1135	string
ATTRIBUTE	MS-CHAP-New-Cleartext-Password		1136	string
ATTRIBUTE	MS-CHAP-New-NT-Password			1137	octets

#	For default policies

ATTRIBUTE	Stripped-User-Domain			1138	string
ATTRIBUTE	Called-Station-SSID			1139	string

ATTRIBUTE	OTP-Challenge				1145	string
ATTRIBUTE	EAP-Session-Id				1146	octets
ATTRIBUTE	Chbind-Response-Code			1147	integer

VALUE	Chbind-Response-Code		success			2
VALUE	Chbind-Response-Code		failure			3

ATTRIBUTE	Acct-Input-Octets64			1148	integer64
ATTRIBUTE	Acct-Output-Octets64			1149	integer64

ATTRIBUTE	FreeRADIUS-Client-IP-Prefix		1150	ipv4prefix
ATTRIBUTE	FreeRADIUS-Client-IPv6-Prefix		1151	ipv6prefix
ATTRIBUTE	FreeRADIUS-Response-Delay		1152	integer
ATTRIBUTE	FreeRADIUS-Client-Src-IP-Address	1153	ipaddr
ATTRIBUTE	FreeRADIUS-Client-Src-IPv6-Address	1154	ipv6addr
ATTRIBUTE	FreeRADIUS-Response-Delay-USec		1155	integer

ATTRIBUTE	REST-HTTP-Header			1160	string
ATTRIBUTE	REST-HTTP-Body				1161	string
ATTRIBUTE	REST-HTTP-Status-Code			1162	integer

ATTRIBUTE	Cache-Expires				1170	date
ATTRIBUTE	Cache-Created				1171	date
ATTRIBUTE	Cache-TTL				1172	signed
ATTRIBUTE	Cache-Status-Only			1173	integer
ATTRIBUTE	Cache-Merge				1174	integer
ATTRIBUTE	Cache-Entry-Hits			1175	integer
ATTRIBUTE	Cache-Read-Only				1176	integer

VALUE	Cache-Status-Only		no			0
VALUE	Cache-Status-Only		yes			1

VALUE	Cache-Merge			no			0
VALUE	Cache-Merge			yes			1

VALUE	Cache-Read-Only			no			0
VALUE	Cache-Read-Only			yes			1

ATTRIBUTE	SSHA2-224-Password			1177	octets
ATTRIBUTE	SSHA2-256-Password			1178	octets
ATTRIBUTE	SSHA2-384-Password			1179	octets
ATTRIBUTE	SSHA2-512-Password			1180	octets

ATTRIBUTE	PBKDF2-Password				1181	octets
ATTRIBUTE	SSHA3-224-Password			1182	octets
ATTRIBUTE	SSHA3-256-Password			1183	octets
ATTRIBUTE	SSHA3-384-Password			1184	octets
ATTRIBUTE	SSHA3-512-Password			1185	octets

ATTRIBUTE	MS-CHAP-Peer-Challenge			1192	octets
ATTRIBUTE	Home-Server-Name			1193	string
ATTRIBUTE	Originating-Realm-Key			1194	string
ATTRIBUTE	Proxy-To-Originating-Realm		1195	string

ATTRIBUTE	TOTP-Secret				1194	string # base32 encoded
ATTRIBUTE	TOTP-Key				1195	octets # raw key
ATTRIBUTE	TOTP-Password				1196	string

ATTRIBUTE	Proxy-Tunneled-Request-As-EAP		1197	integer
VALUE	Proxy-Tunneled-Request-As-EAP	No			0
VALUE	Proxy-Tunneled-Request-As-EAP	Yes			1
ATTRIBUTE	Temp-Home-Server-String			1198	string

#
#	Range:	1200-1279
#		EAP-SIM (and other EAP type) weirdness.
#
#	For EAP-SIM, some attribute definitions for database interface
#
ATTRIBUTE	EAP-Sim-Subtype				1200	integer

ATTRIBUTE	EAP-Sim-Rand1				1201	octets
ATTRIBUTE	EAP-Sim-Rand2				1202	octets
ATTRIBUTE	EAP-Sim-Rand3				1203	octets

ATTRIBUTE	EAP-Sim-SRES1				1204	octets
ATTRIBUTE	EAP-Sim-SRES2				1205	octets
ATTRIBUTE	EAP-Sim-SRES3				1206	octets

VALUE	EAP-Sim-Subtype			Start			10
VALUE	EAP-Sim-Subtype			Challenge		11
VALUE	EAP-Sim-Subtype			Notification		12
VALUE	EAP-Sim-Subtype			Re-authentication	13

# this attribute is used internally by the client code.
ATTRIBUTE	EAP-Sim-State				1207	integer

ATTRIBUTE	EAP-Sim-IMSI				1208	string
ATTRIBUTE	EAP-Sim-HMAC				1209	string
ATTRIBUTE	EAP-Sim-KEY				1210	octets
ATTRIBUTE	EAP-Sim-EXTRA				1211	octets

ATTRIBUTE	EAP-Sim-KC1				1212	octets
ATTRIBUTE	EAP-Sim-KC2				1213	octets
ATTRIBUTE	EAP-Sim-KC3				1214	octets

ATTRIBUTE	EAP-Sim-Ki				1215	octets
ATTRIBUTE	EAP-Sim-Algo-Version			1216	integer

ATTRIBUTE	Outer-Realm-Name			1218	string
ATTRIBUTE	Inner-Realm-Name			1219	string

ATTRIBUTE	EAP-Pwd-Password-Hash			1220	octets
ATTRIBUTE	EAP-Pwd-Password-Salt			1221	octets
ATTRIBUTE	EAP-Pwd-Password-Prep			1222	byte

#
#	Range:	1280 - 1535
#		EAP-type specific attributes
#
#		These are used mostly for radeapclient, and aren't
#		that useful for anyone else.
#
#  egrep VALUE dictionary.freeradius.internal  | grep EAP-Type | awk '{print "ATTRIBUTE EAP-Type-" $3 " " 1280+$4 " octets"}' > foo;./format.pl foo
#
ATTRIBUTE	EAP-Type-Base				1280	octets
ATTRIBUTE	EAP-Type-VALUE				1280	octets
ATTRIBUTE	EAP-Type-None				1280	octets
ATTRIBUTE	EAP-Type-Identity			1281	octets
ATTRIBUTE	EAP-Type-Notification			1282	octets
ATTRIBUTE	EAP-Type-NAK				1283	octets
ATTRIBUTE	EAP-Type-MD5-Challenge			1284	octets
ATTRIBUTE	EAP-Type-One-Time-Password		1285	octets
ATTRIBUTE	EAP-Type-Generic-Token-Card		1286	octets
ATTRIBUTE	EAP-Type-RSA-Public-Key			1289	octets
ATTRIBUTE	EAP-Type-DSS-Unilateral			1290	octets
ATTRIBUTE	EAP-Type-KEA				1291	octets
ATTRIBUTE	EAP-Type-KEA-Validate			1292	octets
ATTRIBUTE	EAP-Type-EAP-TLS			1293	octets
ATTRIBUTE	EAP-Type-Defender-Token			1294	octets
ATTRIBUTE	EAP-Type-RSA-SecurID-EAP		1295	octets
ATTRIBUTE	EAP-Type-Arcot-Systems-EAP		1296	octets
ATTRIBUTE	EAP-Type-Cisco-LEAP			1297	octets
ATTRIBUTE	EAP-Type-Nokia-IP-Smart-Card		1298	octets
ATTRIBUTE	EAP-Type-SIM				1298	octets
ATTRIBUTE	EAP-Type-SRP-SHA1			1299	octets
ATTRIBUTE	EAP-Type-EAP-TTLS			1301	octets
ATTRIBUTE	EAP-Type-Remote-Access-Service		1302	octets
ATTRIBUTE	EAP-Type-AKA				1303	octets
ATTRIBUTE	EAP-Type-EAP-3Com-Wireless		1304	octets
ATTRIBUTE	EAP-Type-PEAP				1305	octets
ATTRIBUTE	EAP-Type-MS-EAP-Authentication		1306	octets
ATTRIBUTE	EAP-Type-MAKE				1307	octets
ATTRIBUTE	EAP-Type-CRYPTOCard			1308	octets
ATTRIBUTE	EAP-Type-EAP-MSCHAP-V2			1309	octets
ATTRIBUTE	EAP-Type-DynamID			1310	octets
ATTRIBUTE	EAP-Type-Rob-EAP			1311	octets
ATTRIBUTE	EAP-Type-SecurID-EAP			1312	octets
ATTRIBUTE	EAP-Type-MS-Authentication-TLV		1313	octets
ATTRIBUTE	EAP-Type-SentriNET			1314	octets
ATTRIBUTE	EAP-Type-EAP-Actiontec-Wireless		1315	octets
ATTRIBUTE	EAP-Type-Cogent-Biomentric-EAP		1316	octets
ATTRIBUTE	EAP-Type-AirFortress-EAP		1317	octets
ATTRIBUTE	EAP-Type-EAP-HTTP-Digest		1318	octets
ATTRIBUTE	EAP-Type-SecuriSuite-EAP		1319	octets
ATTRIBUTE	EAP-Type-DeviceConnect-EAP		1320	octets
ATTRIBUTE	EAP-Type-EAP-SPEKE			1321	octets
ATTRIBUTE	EAP-Type-EAP-MOBAC			1322	octets
ATTRIBUTE	EAP-Type-EAP-FAST			1323	octets
ATTRIBUTE	EAP-Type-Zonelabs			1324	octets
ATTRIBUTE	EAP-Type-EAP-Link			1325	octets
ATTRIBUTE	EAP-Type-EAP-PAX			1326	octets
ATTRIBUTE	EAP-Type-EAP-PSK			1327	octets
ATTRIBUTE	EAP-Type-EAP-SAKE			1328	octets
ATTRIBUTE	EAP-Type-EAP-IKEv2			1329	octets
ATTRIBUTE	EAP-Type-EAP-AKA2			1330	octets
ATTRIBUTE	EAP-Type-EAP-GPSK			1331	octets
ATTRIBUTE	EAP-Type-EAP-PWD			1332	octets
ATTRIBUTE	EAP-Type-EAP-EVEv1			1333	octets

ATTRIBUTE	EAP-Type-Microsoft-MS-CHAPv2		1306	octets
ATTRIBUTE	EAP-Type-Cisco-MS-CHAPv2		1309	octets
ATTRIBUTE	EAP-Type-MS-CHAP-V2			1306	octets

#
#	Range:	1536 - 1791
#		EAP Sim sub-types.
#

# these are PW_EAP_SIM_X + 1536
ATTRIBUTE	EAP_Sim-Base				1536	octets
ATTRIBUTE	EAP-Sim-RAND				1537	octets
ATTRIBUTE	EAP-Sim-PADDING				1542	octets
ATTRIBUTE	EAP-Sim-NONCE_MT			1543	octets
ATTRIBUTE	EAP-Sim-PERMANENT_ID_REQ		1546	octets
ATTRIBUTE	EAP-Sim-MAC				1547	octets
ATTRIBUTE	EAP-Sim-NOTIFICATION			1548	octets
ATTRIBUTE	EAP-Sim-ANY_ID_REQ			1549	octets
ATTRIBUTE	EAP-Sim-IDENTITY			1550	octets
ATTRIBUTE	EAP-Sim-VERSION_LIST			1551	octets
ATTRIBUTE	EAP-Sim-SELECTED_VERSION		1552	octets
ATTRIBUTE	EAP-Sim-FULLAUTH_ID_REQ			1553	octets
ATTRIBUTE	EAP-Sim-COUNTER				1555	octets
ATTRIBUTE	EAP-Sim-COUNTER_TOO_SMALL		1556	octets
ATTRIBUTE	EAP-Sim-NONCE_S				1557	octets
ATTRIBUTE	EAP-Sim-IV				1665	octets
ATTRIBUTE	EAP-Sim-ENCR_DATA			1666	octets
ATTRIBUTE	EAP-Sim-NEXT_PSEUDONUM			1668	octets
ATTRIBUTE	EAP-Sim-NEXT_REAUTH_ID			1669	octets
ATTRIBUTE	EAP-Sim-CHECKCODE			1670	octets

#
#	Range: 1800-1899
#	       Temporary attributes, for local storage.
#
ATTRIBUTE	Tmp-String-0				1800	string
ATTRIBUTE	Tmp-String-1				1801	string
ATTRIBUTE	Tmp-String-2				1802	string
ATTRIBUTE	Tmp-String-3				1803	string
ATTRIBUTE	Tmp-String-4				1804	string
ATTRIBUTE	Tmp-String-5				1805	string
ATTRIBUTE	Tmp-String-6				1806	string
ATTRIBUTE	Tmp-String-7				1807	string
ATTRIBUTE	Tmp-String-8				1808	string
ATTRIBUTE	Tmp-String-9				1809	string

ATTRIBUTE	Tmp-Integer-0				1810	integer
ATTRIBUTE	Tmp-Integer-1				1811	integer
ATTRIBUTE	Tmp-Integer-2				1812	integer
ATTRIBUTE	Tmp-Integer-3				1813	integer
ATTRIBUTE	Tmp-Integer-4				1814	integer
ATTRIBUTE	Tmp-Integer-5				1815	integer
ATTRIBUTE	Tmp-Integer-6				1816	integer
ATTRIBUTE	Tmp-Integer-7				1817	integer
ATTRIBUTE	Tmp-Integer-8				1818	integer
ATTRIBUTE	Tmp-Integer-9				1819	integer

ATTRIBUTE	Tmp-IP-Address-0			1820	ipaddr
ATTRIBUTE	Tmp-IP-Address-1			1821	ipaddr
ATTRIBUTE	Tmp-IP-Address-2			1822	ipaddr
ATTRIBUTE	Tmp-IP-Address-3			1823	ipaddr
ATTRIBUTE	Tmp-IP-Address-4			1824	ipaddr
ATTRIBUTE	Tmp-IP-Address-5			1825	ipaddr
ATTRIBUTE	Tmp-IP-Address-6			1826	ipaddr
ATTRIBUTE	Tmp-IP-Address-7			1827	ipaddr
ATTRIBUTE	Tmp-IP-Address-8			1828	ipaddr
ATTRIBUTE	Tmp-IP-Address-9			1829	ipaddr

ATTRIBUTE	Tmp-Octets-0				1830	octets
ATTRIBUTE	Tmp-Octets-1				1831	octets
ATTRIBUTE	Tmp-Octets-2				1832	octets
ATTRIBUTE	Tmp-Octets-3				1833	octets
ATTRIBUTE	Tmp-Octets-4				1834	octets
ATTRIBUTE	Tmp-Octets-5				1835	octets
ATTRIBUTE	Tmp-Octets-6				1836	octets
ATTRIBUTE	Tmp-Octets-7				1837	octets
ATTRIBUTE	Tmp-Octets-8				1838	octets
ATTRIBUTE	Tmp-Octets-9				1839	octets

ATTRIBUTE	Tmp-Date-0				1840	date
ATTRIBUTE	Tmp-Date-1				1841	date
ATTRIBUTE	Tmp-Date-2				1842	date
ATTRIBUTE	Tmp-Date-3				1843	date
ATTRIBUTE	Tmp-Date-4				1844	date
ATTRIBUTE	Tmp-Date-5				1845	date
ATTRIBUTE	Tmp-Date-6				1846	date
ATTRIBUTE	Tmp-Date-7				1847	date
ATTRIBUTE	Tmp-Date-8				1848	date
ATTRIBUTE	Tmp-Date-9				1849	date

ATTRIBUTE	Tmp-Integer64-0				1871	integer64
ATTRIBUTE	Tmp-Integer64-1				1872	integer64
ATTRIBUTE	Tmp-Integer64-2				1873	integer64
ATTRIBUTE	Tmp-Integer64-3				1874	integer64
ATTRIBUTE	Tmp-Integer64-4				1875	integer64
ATTRIBUTE	Tmp-Integer64-5				1876	integer64
ATTRIBUTE	Tmp-Integer64-6				1877	integer64
ATTRIBUTE	Tmp-Integer64-7				1878	integer64
ATTRIBUTE	Tmp-Integer64-8				1879	integer64
ATTRIBUTE	Tmp-Integer64-9				1880	integer64
#
#  These attributes shouldn't be used anywhere.  They are defined here
#  only for casting of values in conditional expressions.
#
#  The order and number need to be consistent with the typedefs used
#  in the server source.
#
ATTRIBUTE	Tmp-Cast-String				1851	string
ATTRIBUTE	Tmp-Cast-Integer			1852	integer
ATTRIBUTE	Tmp-Cast-Ipaddr				1853	ipaddr
ATTRIBUTE	Tmp-Cast-Date				1854	date
ATTRIBUTE	Tmp-Cast-Abinary			1855	abinary
ATTRIBUTE	Tmp-Cast-Octets				1856	octets
ATTRIBUTE	Tmp-Cast-Ifid				1857	ifid
ATTRIBUTE	Tmp-Cast-IPv6Addr			1858	ipv6addr
ATTRIBUTE	Tmp-Cast-IPv6Prefix			1859	ipv6prefix
ATTRIBUTE	Tmp-Cast-Byte				1860	byte
ATTRIBUTE	Tmp-Cast-Short				1861	short
ATTRIBUTE	Tmp-Cast-Ethernet			1862	ether
ATTRIBUTE	Tmp-Cast-Signed				1863	signed
# don't use or define these
ATTRIBUTE	Tmp-Cast-Integer64			1869	integer64
ATTRIBUTE	Tmp-Cast-IPv4Prefix			1870	ipv4prefix
# don't use or define VSA or MAX

#	Range:	1900-1909
#	WiMAX server-side attributes.
#
#	These are NOT sent in a packet, but are otherwise
#	available for testing and validation.  The various
#	things that *are* sent in a packet are derived from
#	these attributes.
#
ATTRIBUTE	WiMAX-MN-NAI				1900	string
ATTRIBUTE	WiMAX-SIM-Ki				1901	octets
ATTRIBUTE	WiMAX-SIM-OPc				1902	octets
ATTRIBUTE	WiMAX-SIM-AMF				1903	octets
ATTRIBUTE	WiMAX-SIM-SQN				1904	octets
ATTRIBUTE	WiMAX-SIM-RAND				1905	octets

ATTRIBUTE	TLS-Cert-Serial				1910	string
ATTRIBUTE	TLS-Cert-Expiration			1911	string
ATTRIBUTE	TLS-Cert-Issuer				1912	string
ATTRIBUTE	TLS-Cert-Subject			1913	string
ATTRIBUTE	TLS-Cert-Common-Name			1914	string
ATTRIBUTE	TLS-Cert-Subject-Alt-Name-Email		1915	string
ATTRIBUTE	TLS-Cert-Subject-Alt-Name-Dns		1916	string
ATTRIBUTE	TLS-Cert-Subject-Alt-Name-Upn		1917	string
ATTRIBUTE	TLS-Cert-Valid-Since			1918	string
ATTRIBUTE	TLS-Session-Information			1919	string
ATTRIBUTE	TLS-Client-Cert-Serial			1920	string
ATTRIBUTE	TLS-Client-Cert-Expiration		1921	string
ATTRIBUTE	TLS-Client-Cert-Issuer			1922	string
ATTRIBUTE	TLS-Client-Cert-Subject			1923	string
ATTRIBUTE	TLS-Client-Cert-Common-Name		1924	string
ATTRIBUTE	TLS-Client-Cert-Filename		1925	string
ATTRIBUTE	TLS-Client-Cert-Subject-Alt-Name-Email	1926	string
ATTRIBUTE	TLS-Client-Cert-X509v3-Extended-Key-Usage 1927	string
ATTRIBUTE	TLS-Client-Cert-X509v3-Subject-Key-Identifier 1928	string
ATTRIBUTE	TLS-Client-Cert-X509v3-Authority-Key-Identifier 1929	string
ATTRIBUTE	TLS-Client-Cert-X509v3-Basic-Constraints 1930	string
ATTRIBUTE	TLS-Client-Cert-Subject-Alt-Name-Dns	1931	string
ATTRIBUTE	TLS-Client-Cert-Subject-Alt-Name-Upn	1932	string
ATTRIBUTE	TLS-PSK-Identity			1933	string
ATTRIBUTE	TLS-Client-Cert-X509v3-Extended-Key-Usage-OID 1936	string
ATTRIBUTE	TLS-Client-Cert-Valid-Since		1937	string
ATTRIBUTE	TLS-Cache-Method			1938	integer
VALUE	TLS-Cache-Method		save			1
VALUE	TLS-Cache-Method		load			2
VALUE	TLS-Cache-Method		clear			3
VALUE	TLS-Cache-Method		refresh			4


ATTRIBUTE	TLS-Client-Cert-X509v3-Certificate-Policies	1939 string

# 1940 - 1959: reserved for TLS session caching, mostly in 4.0

ATTRIBUTE	TLS-Session-ID				1940	octets
ATTRIBUTE	TLS-Session-Data			1942	octets

# Set by EAP-TLS code
ATTRIBUTE	TLS-OCSP-Cert-Valid			1943	integer
VALUE	TLS-OCSP-Cert-Valid		unknown			3
VALUE	TLS-OCSP-Cert-Valid		skipped			2
VALUE	TLS-OCSP-Cert-Valid		yes			1
VALUE	TLS-OCSP-Cert-Valid		no			0

ATTRIBUTE	TLS-Cache-Filename			1946	string

ATTRIBUTE	TLS-Session-Version			1947	string
ATTRIBUTE	TLS-Session-Cipher-Suite		1948	string

ATTRIBUTE	TLS-Session-Cert-File			1949	string
ATTRIBUTE	TLS-Session-Cert-Private-Key-File	1950	string

ATTRIBUTE	TLS-Server-Name-Indication		1951	string

#
#	Range:	1960-2099
#		Free
#
#	Range:	2100-2199
#	SoH attributes; FIXME: these should really be protocol attributes
#	so that the SoH radius request can be proxied, but from which
#	vendor? Sigh...
#
ATTRIBUTE	SoH-MS-Machine-OS-vendor		2100	integer
VALUE	SoH-MS-Machine-OS-vendor	Microsoft		311

ATTRIBUTE	SoH-MS-Machine-OS-version		2101	integer
ATTRIBUTE	SoH-MS-Machine-OS-release		2102	integer
ATTRIBUTE	SoH-MS-Machine-OS-build			2103	integer
ATTRIBUTE	SoH-MS-Machine-SP-version		2104	integer
ATTRIBUTE	SoH-MS-Machine-SP-release		2105	integer

ATTRIBUTE	SoH-MS-Machine-Processor		2106	integer
VALUE	SoH-MS-Machine-Processor	x86			0
VALUE	SoH-MS-Machine-Processor	i64			6
VALUE	SoH-MS-Machine-Processor	x86_64			9

ATTRIBUTE	SoH-MS-Machine-Name			2107	string
ATTRIBUTE	SoH-MS-Correlation-Id			2108	octets
ATTRIBUTE	SoH-MS-Machine-Role			2109	integer
VALUE	SoH-MS-Machine-Role		client			1
VALUE	SoH-MS-Machine-Role		dc			2
VALUE	SoH-MS-Machine-Role		server			3

ATTRIBUTE	SoH-Supported				2119	integer
VALUE	SoH-Supported			no			0
VALUE	SoH-Supported			yes			1

ATTRIBUTE	SoH-MS-Windows-Health-Status		2120	string
ATTRIBUTE	SoH-MS-Health-Other			2129	string

#
#	Range:	2200-2219
#		Utilities bundled with the server
#
ATTRIBUTE	Radclient-Test-Name			2200	string

#
#	Range:	2220-2999
#		Free
#
#	Range:	3000-3999
#		Site-local attributes (see raddb/dictionary.in)
#		Do NOT define attributes in this range!
#
#	Range:	4000-65535
#		Unused
#
#	Range:	65536-
#		Invalid.  Don't use.
#

#
#	Non-Protocol Integer Translations
#

VALUE	Auth-Type			Local			1
VALUE	Auth-Type			Reject			4

#
#	FreeRADIUS extensions (most originally from Cistron)
#
VALUE	Auth-Type			Accept			254

#
#	Authorization type, too.
#
VALUE	Autz-Type			Local			1

#
#	And accounting
#
VALUE	Acct-Type			Local			1

#
#	And Session handling
#
VALUE	Session-Type			Local			1

#
#	And Post-Auth
VALUE	Post-Auth-Type			Local			1
VALUE	Post-Auth-Type			Reject			2
VALUE	Post-Auth-Type			Challenge		3
VALUE	Post-Auth-Type			Client-Lost		4

#
#	And Post-Proxy
VALUE	Post-Proxy-Type			Fail			1
VALUE	Post-Proxy-Type			Fail-Authentication	2
VALUE	Post-Proxy-Type			Fail-Accounting		3
VALUE	Post-Proxy-Type			Fail-CoA		4
VALUE	Post-Proxy-Type			Fail-Disconnect		5

#
#	Experimental Non-Protocol Integer Translations for FreeRADIUS
#
VALUE	Fall-Through			No			0
VALUE	Fall-Through			Yes			1

VALUE	Relax-Filter			No			0
VALUE	Relax-Filter			Yes			1

VALUE	Strip-User-Name			No			0
VALUE	Strip-User-Name			Yes			1

VALUE	Packet-Type			Access-Request		1
VALUE	Packet-Type			Access-Accept		2
VALUE	Packet-Type			Access-Reject		3
VALUE	Packet-Type			Accounting-Request	4
VALUE	Packet-Type			Accounting-Response	5
VALUE	Packet-Type			Accounting-Status	6
VALUE	Packet-Type			Password-Request	7
VALUE	Packet-Type			Password-Accept		8
VALUE	Packet-Type			Password-Reject		9
VALUE	Packet-Type			Accounting-Message	10
VALUE	Packet-Type			Access-Challenge	11
VALUE	Packet-Type			Status-Server		12
VALUE	Packet-Type			Status-Client		13

#
#	The following packet types are described in RFC 2882,
#	but they are NOT part of the RADIUS standard.  Instead,
#	they are informational about vendor-specific extensions
#	to the RADIUS standard.
#
VALUE	Packet-Type			Resource-Free-Request	21
VALUE	Packet-Type			Resource-Free-Response	22
VALUE	Packet-Type			Resource-Query-Request	23
VALUE	Packet-Type			Resource-Query-Response	24
VALUE	Packet-Type			Alternate-Resource-Reclaim-Request 25
VALUE	Packet-Type			NAS-Reboot-Request	26
VALUE	Packet-Type			NAS-Reboot-Response	27
VALUE	Packet-Type			Next-Passcode		29
VALUE	Packet-Type			New-Pin			30
VALUE	Packet-Type			Terminate-Session	31
VALUE	Packet-Type			Password-Expired	32
VALUE	Packet-Type			Event-Request		33
VALUE	Packet-Type			Event-Response		34

#	RFC 3576 allocates packet types 40-45

VALUE	Packet-Type			Disconnect-Request	40
VALUE	Packet-Type			Disconnect-ACK		41
VALUE	Packet-Type			Disconnect-NAK		42
VALUE	Packet-Type			CoA-Request		43
VALUE	Packet-Type			CoA-ACK			44
VALUE	Packet-Type			CoA-NAK			45

VALUE	Packet-Type			IP-Address-Allocate	50
VALUE	Packet-Type			IP-Address-Release	51

VALUE	Response-Packet-Type		Access-Request		1
VALUE	Response-Packet-Type		Access-Accept		2
VALUE	Response-Packet-Type		Access-Reject		3
VALUE	Response-Packet-Type		Accounting-Request	4
VALUE	Response-Packet-Type		Accounting-Response	5
VALUE	Response-Packet-Type		Accounting-Status	6
VALUE	Response-Packet-Type		Password-Request	7
VALUE	Response-Packet-Type		Password-Accept		8
VALUE	Response-Packet-Type		Password-Reject		9
VALUE	Response-Packet-Type		Accounting-Message	10
VALUE	Response-Packet-Type		Access-Challenge	11
VALUE	Response-Packet-Type		Status-Server		12
VALUE	Response-Packet-Type		Status-Client		13

VALUE	Response-Packet-Type		Disconnect-Request	40
VALUE	Response-Packet-Type		Disconnect-ACK		41
VALUE	Response-Packet-Type		Disconnect-NAK		42
VALUE	Response-Packet-Type		CoA-Request		43
VALUE	Response-Packet-Type		CoA-ACK			44
VALUE	Response-Packet-Type		CoA-NAK			45
#
#  Special value
#
VALUE	Response-Packet-Type		Do-Not-Respond		256

#
#	EAP Sub-types, inside of Request and Response packets
#
#	http://www.iana.org/assignments/ppp-numbers
#		"PPP EAP REQUEST/RESPONSE TYPES"
#
#
#	See dictionary.microsoft, MS-Acct-EAP-Type for similar definitions
#
VALUE	EAP-Type			None			0
VALUE	EAP-Type			Identity		1
VALUE	EAP-Type			Notification		2
VALUE	EAP-Type			NAK			3
VALUE	EAP-Type			MD5-Challenge		4
VALUE	EAP-Type			EAP-MD5			4
VALUE	EAP-Type			MD5			4
VALUE	EAP-Type			One-Time-Password	5
VALUE	EAP-Type			OTP			5
VALUE	EAP-Type			Generic-Token-Card	6
VALUE	EAP-Type			EAP-GTC			6
VALUE	EAP-Type			GTC			6
VALUE	EAP-Type			RSA-Public-Key		9
VALUE	EAP-Type			DSS-Unilateral		10
VALUE	EAP-Type			KEA			11
VALUE	EAP-Type			KEA-Validate		12
VALUE	EAP-Type			EAP-TLS			13
VALUE	EAP-Type			TLS			13
VALUE	EAP-Type			Defender-Token		14
VALUE	EAP-Type			RSA-SecurID-EAP		15
VALUE	EAP-Type			Arcot-Systems-EAP	16
VALUE	EAP-Type			Cisco-LEAP		17
VALUE	EAP-Type			LEAP			17
VALUE	EAP-Type			Nokia-IP-Smart-Card	18
VALUE	EAP-Type			EAP-SIM			18
VALUE	EAP-Type			SIM			18
VALUE	EAP-Type			SRP-SHA1		19
# 20 is unassigned
VALUE	EAP-Type			EAP-TTLS		21
VALUE	EAP-Type			TTLS			21
VALUE	EAP-Type			Remote-Access-Service	22
VALUE	EAP-Type			EAP-AKA			23
VALUE	EAP-Type			AKA			23
VALUE	EAP-Type			3Com-Wireless		24
VALUE	EAP-Type			PEAP			25
VALUE	EAP-Type			Microsoft-MS-CHAPv2	26
VALUE	EAP-Type			MAKE			27
VALUE	EAP-Type			CRYPTOCard		28
VALUE	EAP-Type			Cisco-MS-CHAPv2		29
VALUE	EAP-Type			DynamID			30
VALUE	EAP-Type			Rob-EAP			31
VALUE	EAP-Type			SecurID-EAP		32
VALUE	EAP-Type			MS-Authentication-TLV	33
VALUE	EAP-Type			SentriNET		34
VALUE	EAP-Type			Actiontec-Wireless	35
VALUE	EAP-Type			Cogent-Biomentric-EAP	36
VALUE	EAP-Type			AirFortress-EAP		37
VALUE	EAP-Type			HTTP-Digest		38
VALUE	EAP-Type			TNC			38
VALUE	EAP-Type			SecuriSuite-EAP		39
VALUE	EAP-Type			DeviceConnect-EAP	40
VALUE	EAP-Type			SPEKE			41
VALUE	EAP-Type			MOBAC			42
VALUE	EAP-Type			EAP-FAST		43
VALUE	EAP-Type			FAST			43
VALUE	EAP-Type			Zonelabs		44
VALUE	EAP-Type			Link			45
VALUE	EAP-Type			PAX			46
VALUE	EAP-Type			PSK			47
VALUE	EAP-Type			SAKE			48
VALUE	EAP-Type			EAP-IKEv2		49
VALUE	EAP-Type			IKEv2			49
VALUE	EAP-Type			AKA2			50
VALUE	EAP-Type			GPSK			51
VALUE	EAP-Type			PWD			52
VALUE	EAP-Type			EKEv1			53

#
#	And this is what most people mean by MS-CHAPv2
#
VALUE	EAP-Type			EAP-MSCHAPv2		26
VALUE	EAP-Type			MSCHAPv2		26

#
#	This says TLS, but it's only valid for TTLS & PEAP.
#	EAP-TLS *always* requires a client certificate.
#
VALUE	EAP-TLS-Require-Client-Cert	No			0
VALUE	EAP-TLS-Require-Client-Cert	Yes			1

#
# 	These are the EAP-Code values.
#
VALUE	EAP-Code			Request			1
VALUE	EAP-Code			Response		2
VALUE	EAP-Code			Success			3
VALUE	EAP-Code			Failure			4

#
#  For MS-CHAP, do we run ntlm_auth, or not.
#
VALUE	MS-CHAP-Use-NTLM-Auth		No			0
VALUE	MS-CHAP-Use-NTLM-Auth		Yes			1