diff options
Diffstat (limited to '')
-rw-r--r-- | share/dictionary.freeradius.internal | 890 |
1 files changed, 890 insertions, 0 deletions
diff --git a/share/dictionary.freeradius.internal b/share/dictionary.freeradius.internal new file mode 100644 index 0000000..bc6008c --- /dev/null +++ b/share/dictionary.freeradius.internal @@ -0,0 +1,890 @@ +# -*- text -*- +# Copyright (C) 2019 The FreeRADIUS Server project and contributors +# This work is licensed under CC-BY version 4.0 https://creativecommons.org/licenses/by/4.0 +# +# Non Protocol Attributes used by FreeRADIUS +# +# $Id$ +# + +# The attributes number ranges are allocates as follows: +# +# Range: 500-999 +# server-side attributes which can go in a reply list + +# These attributes CAN go in the reply item list. +ATTRIBUTE Fall-Through 500 integer +ATTRIBUTE Relax-Filter 501 integer +ATTRIBUTE Exec-Program 502 string +ATTRIBUTE Exec-Program-Wait 503 string + +# These attributes CANNOT go in the reply item list. + +# +# Range: 1000+ +# Attributes which cannot go in a reply list. +# +# +# Range: 1000-1199 +# Miscellaneous server attributes. +# +# +# Non-Protocol Attributes +# These attributes are used internally by the server +# +ATTRIBUTE Auth-Type 1000 integer +ATTRIBUTE Menu 1001 string +ATTRIBUTE Termination-Menu 1002 string +ATTRIBUTE Prefix 1003 string +ATTRIBUTE Suffix 1004 string +ATTRIBUTE Group 1005 string +ATTRIBUTE Crypt-Password 1006 string +#ATTRIBUTE Connect-Rate 1007 integer +ATTRIBUTE Add-Prefix 1008 string +ATTRIBUTE Add-Suffix 1009 string +ATTRIBUTE Expiration 1010 date +ATTRIBUTE Autz-Type 1011 integer +ATTRIBUTE Acct-Type 1012 integer +ATTRIBUTE Session-Type 1013 integer +ATTRIBUTE Post-Auth-Type 1014 integer +ATTRIBUTE Pre-Proxy-Type 1015 integer +ATTRIBUTE Post-Proxy-Type 1016 integer +ATTRIBUTE Pre-Acct-Type 1017 integer + +# +# This is the EAP type of authentication, which is set +# by the EAP module, for informational purposes only. +# +ATTRIBUTE EAP-Type 1018 integer +ATTRIBUTE EAP-TLS-Require-Client-Cert 1019 integer +ATTRIBUTE EAP-Id 1020 integer +ATTRIBUTE EAP-Code 1021 integer +ATTRIBUTE EAP-MD5-Password 1022 string +ATTRIBUTE PEAP-Version 1023 integer +ATTRIBUTE Client-Shortname 1024 string virtual +ATTRIBUTE Load-Balance-Key 1025 string +ATTRIBUTE Raw-Attribute 1026 octets +ATTRIBUTE TNC-VLAN-Access 1027 string +ATTRIBUTE TNC-VLAN-Isolate 1028 string +ATTRIBUTE User-Category 1029 string +ATTRIBUTE Group-Name 1030 string +ATTRIBUTE Huntgroup-Name 1031 string +ATTRIBUTE Simultaneous-Use 1034 integer +ATTRIBUTE Strip-User-Name 1035 integer +ATTRIBUTE Hint 1040 string +ATTRIBUTE Pam-Auth 1041 string +ATTRIBUTE Login-Time 1042 string +ATTRIBUTE Stripped-User-Name 1043 string +ATTRIBUTE Current-Time 1044 string +ATTRIBUTE Realm 1045 string +ATTRIBUTE No-Such-Attribute 1046 string +ATTRIBUTE Packet-Type 1047 integer virtual +ATTRIBUTE Proxy-To-Realm 1048 string +ATTRIBUTE Replicate-To-Realm 1049 string +ATTRIBUTE Acct-Session-Start-Time 1050 date +ATTRIBUTE Acct-Unique-Session-Id 1051 string +ATTRIBUTE Client-IP-Address 1052 ipaddr virtual +ATTRIBUTE LDAP-UserDN 1053 string +ATTRIBUTE NS-MTA-MD5-Password 1054 string +ATTRIBUTE SQL-User-Name 1055 string +ATTRIBUTE LM-Password 1057 octets +ATTRIBUTE NT-Password 1058 octets +ATTRIBUTE SMB-Account-CTRL 1059 integer +ATTRIBUTE SMB-Account-CTRL-TEXT 1061 string +ATTRIBUTE User-Profile 1062 string +ATTRIBUTE Digest-Realm 1063 string +ATTRIBUTE Digest-Nonce 1064 string +ATTRIBUTE Digest-Method 1065 string +ATTRIBUTE Digest-URI 1066 string +ATTRIBUTE Digest-QOP 1067 string +ATTRIBUTE Digest-Algorithm 1068 string +ATTRIBUTE Digest-Body-Digest 1069 string +ATTRIBUTE Digest-CNonce 1070 string +ATTRIBUTE Digest-Nonce-Count 1071 string +ATTRIBUTE Digest-User-Name 1072 string +ATTRIBUTE Pool-Name 1073 string +# LDAP-Group is now dynamically created +ATTRIBUTE Module-Success-Message 1075 string +ATTRIBUTE Module-Failure-Message 1076 string +# X99-Fast 1077 integer +ATTRIBUTE Rewrite-Rule 1078 string +# SQL-Group is now dynamically created +ATTRIBUTE Response-Packet-Type 1080 integer virtual +ATTRIBUTE Digest-HA1 1081 string +ATTRIBUTE MS-CHAP-Use-NTLM-Auth 1082 integer +ATTRIBUTE NTLM-User-Name 1083 string +ATTRIBUTE MS-CHAP-User-Name 1083 string +ATTRIBUTE Packet-Src-IP-Address 1084 ipaddr virtual +ATTRIBUTE Packet-Dst-IP-Address 1085 ipaddr virtual +ATTRIBUTE Packet-Src-Port 1086 integer virtual +ATTRIBUTE Packet-Dst-Port 1087 integer virtual +ATTRIBUTE Packet-Authentication-Vector 1088 octets virtual +ATTRIBUTE Time-Of-Day 1089 string +ATTRIBUTE Request-Processing-Stage 1090 string virtual +ATTRIBUTE SHA2-Password 1092 octets +ATTRIBUTE SHA-Password 1093 octets +ATTRIBUTE SSHA-Password 1094 octets +ATTRIBUTE SHA1-Password 1093 octets +ATTRIBUTE SSHA1-Password 1094 octets +ATTRIBUTE MD5-Password 1095 octets +ATTRIBUTE SMD5-Password 1096 octets +ATTRIBUTE Packet-Src-IPv6-Address 1097 ipv6addr virtual +ATTRIBUTE Packet-Dst-IPv6-Address 1098 ipv6addr virtual +ATTRIBUTE Virtual-Server 1099 string virtual +ATTRIBUTE Cleartext-Password 1100 string +ATTRIBUTE Password-With-Header 1101 string +ATTRIBUTE Inner-Tunnel-User-Name 1102 string +# +# EAP-IKEv2 is experimental. +# +ATTRIBUTE EAP-IKEv2-IDType 1103 integer + +VALUE EAP-IKEv2-IDType IPV4_ADDR 1 +VALUE EAP-IKEv2-IDType FQDN 2 +VALUE EAP-IKEv2-IDType RFC822_ADDR 3 +VALUE EAP-IKEv2-IDType IPV6_ADDR 5 +VALUE EAP-IKEv2-IDType DER_ASN1_DN 9 +VALUE EAP-IKEv2-IDType DER_ASN1_GN 10 +VALUE EAP-IKEv2-IDType KEY_ID 11 + +ATTRIBUTE EAP-IKEv2-ID 1104 string +ATTRIBUTE EAP-IKEv2-Secret 1105 string secret +ATTRIBUTE EAP-IKEv2-AuthType 1106 integer + +VALUE EAP-IKEv2-AuthType none 0 +VALUE EAP-IKEv2-AuthType secret 1 +VALUE EAP-IKEv2-AuthType cert 2 +VALUE EAP-IKEv2-AuthType both 3 + +ATTRIBUTE Send-Disconnect-Request 1107 integer +ATTRIBUTE Send-CoA-Request 1107 integer + +VALUE Send-CoA-Request No 0 +VALUE Send-CoA-Request Yes 1 + +ATTRIBUTE Module-Return-Code 1108 integer virtual + +VALUE Module-Return-Code reject 0 +VALUE Module-Return-Code fail 1 +VALUE Module-Return-Code ok 2 +VALUE Module-Return-Code handled 3 +VALUE Module-Return-Code invalid 4 +VALUE Module-Return-Code userlock 5 +VALUE Module-Return-Code notfound 6 +VALUE Module-Return-Code noop 7 +VALUE Module-Return-Code updated 8 + +ATTRIBUTE Packet-Original-Timestamp 1109 date +ATTRIBUTE SQL-Table-Name 1110 string +ATTRIBUTE Home-Server-Pool 1111 string + +# For delayed evaluation of maps +ATTRIBUTE Attribute-Map 1112 string + +# See sites-available/coa-relay +ATTRIBUTE CoA-Packet-Type 1113 string +ATTRIBUTE CoA-Packet-DST-IP-Address 1114 ipaddr +ATTRIBUTE CoA-Packet-DST-Port 1115 integer +ATTRIBUTE CoA-Acct-Session-Id 1116 string +ATTRIBUTE CoA-Packet-DST-IPv6-Address 1117 ipv6addr + +ATTRIBUTE FreeRADIUS-Client-IP-Address 1120 ipaddr +ATTRIBUTE FreeRADIUS-Client-IPv6-Address 1121 ipv6addr +# The rest of the FreeRADIUS-Client-* attributes are at 1150... + +ATTRIBUTE FreeRADIUS-Client-Require-MA 1122 integer + +VALUE FreeRADIUS-Client-Require-MA no 0 +VALUE FreeRADIUS-Client-Require-MA yes 1 + +ATTRIBUTE FreeRADIUS-Client-Secret 1123 string secret +ATTRIBUTE FreeRADIUS-Client-Shortname 1124 string +ATTRIBUTE FreeRADIUS-Client-NAS-Type 1125 string +ATTRIBUTE FreeRADIUS-Client-Virtual-Server 1126 string + +# For session resumption +ATTRIBUTE Allow-Session-Resumption 1127 integer + +VALUE Allow-Session-Resumption no 0 +VALUE Allow-Session-Resumption yes 1 + +ATTRIBUTE EAP-Session-Resumed 1128 integer + +VALUE EAP-Session-Resumed no 0 +VALUE EAP-Session-Resumed yes 1 + +# +# Expose EAP keys in the reply. +# +ATTRIBUTE EAP-MSK 1129 octets +ATTRIBUTE EAP-EMSK 1130 octets + +# +# For send/recv CoA packets (like Auth-Type, Acct-Type, etc.) +# +ATTRIBUTE Recv-CoA-Type 1131 integer +ATTRIBUTE Send-CoA-Type 1132 integer + +ATTRIBUTE MS-CHAP-Password 1133 string +ATTRIBUTE Packet-Transmit-Counter 1134 integer +ATTRIBUTE Cached-Session-Policy 1135 string +ATTRIBUTE MS-CHAP-New-Cleartext-Password 1136 string +ATTRIBUTE MS-CHAP-New-NT-Password 1137 octets + +# For default policies + +ATTRIBUTE Stripped-User-Domain 1138 string +ATTRIBUTE Called-Station-SSID 1139 string + +ATTRIBUTE OTP-Challenge 1145 string +ATTRIBUTE EAP-Session-Id 1146 octets +ATTRIBUTE Chbind-Response-Code 1147 integer + +VALUE Chbind-Response-Code success 2 +VALUE Chbind-Response-Code failure 3 + +ATTRIBUTE Acct-Input-Octets64 1148 integer64 +ATTRIBUTE Acct-Output-Octets64 1149 integer64 + +ATTRIBUTE FreeRADIUS-Client-IP-Prefix 1150 ipv4prefix +ATTRIBUTE FreeRADIUS-Client-IPv6-Prefix 1151 ipv6prefix +ATTRIBUTE FreeRADIUS-Response-Delay 1152 integer +ATTRIBUTE FreeRADIUS-Client-Src-IP-Address 1153 ipaddr +ATTRIBUTE FreeRADIUS-Client-Src-IPv6-Address 1154 ipv6addr +ATTRIBUTE FreeRADIUS-Response-Delay-USec 1155 integer + +ATTRIBUTE REST-HTTP-Header 1160 string +ATTRIBUTE REST-HTTP-Body 1161 string +ATTRIBUTE REST-HTTP-Status-Code 1162 integer + +ATTRIBUTE Cache-Expires 1170 date +ATTRIBUTE Cache-Created 1171 date +ATTRIBUTE Cache-TTL 1172 signed +ATTRIBUTE Cache-Status-Only 1173 integer +ATTRIBUTE Cache-Merge 1174 integer +ATTRIBUTE Cache-Entry-Hits 1175 integer +ATTRIBUTE Cache-Read-Only 1176 integer + +VALUE Cache-Status-Only no 0 +VALUE Cache-Status-Only yes 1 + +VALUE Cache-Merge no 0 +VALUE Cache-Merge yes 1 + +VALUE Cache-Read-Only no 0 +VALUE Cache-Read-Only yes 1 + +ATTRIBUTE SSHA2-224-Password 1177 octets +ATTRIBUTE SSHA2-256-Password 1178 octets +ATTRIBUTE SSHA2-384-Password 1179 octets +ATTRIBUTE SSHA2-512-Password 1180 octets + +ATTRIBUTE PBKDF2-Password 1181 octets +ATTRIBUTE SSHA3-224-Password 1182 octets +ATTRIBUTE SSHA3-256-Password 1183 octets +ATTRIBUTE SSHA3-384-Password 1184 octets +ATTRIBUTE SSHA3-512-Password 1185 octets + +ATTRIBUTE MS-CHAP-Peer-Challenge 1192 octets +ATTRIBUTE Home-Server-Name 1193 string +ATTRIBUTE Originating-Realm-Key 1194 string +ATTRIBUTE Proxy-To-Originating-Realm 1195 string + +ATTRIBUTE TOTP-Secret 1194 string # base32 encoded +ATTRIBUTE TOTP-Key 1195 octets # raw key +ATTRIBUTE TOTP-Password 1196 string + +ATTRIBUTE Proxy-Tunneled-Request-As-EAP 1197 integer +VALUE Proxy-Tunneled-Request-As-EAP No 0 +VALUE Proxy-Tunneled-Request-As-EAP Yes 1 +ATTRIBUTE Temp-Home-Server-String 1198 string + +# +# Range: 1200-1279 +# EAP-SIM (and other EAP type) weirdness. +# +# For EAP-SIM, some attribute definitions for database interface +# +ATTRIBUTE EAP-Sim-Subtype 1200 integer + +ATTRIBUTE EAP-Sim-Rand1 1201 octets +ATTRIBUTE EAP-Sim-Rand2 1202 octets +ATTRIBUTE EAP-Sim-Rand3 1203 octets + +ATTRIBUTE EAP-Sim-SRES1 1204 octets +ATTRIBUTE EAP-Sim-SRES2 1205 octets +ATTRIBUTE EAP-Sim-SRES3 1206 octets + +VALUE EAP-Sim-Subtype Start 10 +VALUE EAP-Sim-Subtype Challenge 11 +VALUE EAP-Sim-Subtype Notification 12 +VALUE EAP-Sim-Subtype Re-authentication 13 + +# this attribute is used internally by the client code. +ATTRIBUTE EAP-Sim-State 1207 integer + +ATTRIBUTE EAP-Sim-IMSI 1208 string +ATTRIBUTE EAP-Sim-HMAC 1209 string +ATTRIBUTE EAP-Sim-KEY 1210 octets +ATTRIBUTE EAP-Sim-EXTRA 1211 octets + +ATTRIBUTE EAP-Sim-KC1 1212 octets +ATTRIBUTE EAP-Sim-KC2 1213 octets +ATTRIBUTE EAP-Sim-KC3 1214 octets + +ATTRIBUTE EAP-Sim-Ki 1215 octets +ATTRIBUTE EAP-Sim-Algo-Version 1216 integer + +ATTRIBUTE Outer-Realm-Name 1218 string +ATTRIBUTE Inner-Realm-Name 1219 string + +ATTRIBUTE EAP-Pwd-Password-Hash 1220 octets +ATTRIBUTE EAP-Pwd-Password-Salt 1221 octets +ATTRIBUTE EAP-Pwd-Password-Prep 1222 byte + +# +# Range: 1280 - 1535 +# EAP-type specific attributes +# +# These are used mostly for radeapclient, and aren't +# that useful for anyone else. +# +# egrep VALUE dictionary.freeradius.internal | grep EAP-Type | awk '{print "ATTRIBUTE EAP-Type-" $3 " " 1280+$4 " octets"}' > foo;./format.pl foo +# +ATTRIBUTE EAP-Type-Base 1280 octets +ATTRIBUTE EAP-Type-VALUE 1280 octets +ATTRIBUTE EAP-Type-None 1280 octets +ATTRIBUTE EAP-Type-Identity 1281 octets +ATTRIBUTE EAP-Type-Notification 1282 octets +ATTRIBUTE EAP-Type-NAK 1283 octets +ATTRIBUTE EAP-Type-MD5-Challenge 1284 octets +ATTRIBUTE EAP-Type-One-Time-Password 1285 octets +ATTRIBUTE EAP-Type-Generic-Token-Card 1286 octets +ATTRIBUTE EAP-Type-RSA-Public-Key 1289 octets +ATTRIBUTE EAP-Type-DSS-Unilateral 1290 octets +ATTRIBUTE EAP-Type-KEA 1291 octets +ATTRIBUTE EAP-Type-KEA-Validate 1292 octets +ATTRIBUTE EAP-Type-EAP-TLS 1293 octets +ATTRIBUTE EAP-Type-Defender-Token 1294 octets +ATTRIBUTE EAP-Type-RSA-SecurID-EAP 1295 octets +ATTRIBUTE EAP-Type-Arcot-Systems-EAP 1296 octets +ATTRIBUTE EAP-Type-Cisco-LEAP 1297 octets +ATTRIBUTE EAP-Type-Nokia-IP-Smart-Card 1298 octets +ATTRIBUTE EAP-Type-SIM 1298 octets +ATTRIBUTE EAP-Type-SRP-SHA1 1299 octets +ATTRIBUTE EAP-Type-EAP-TTLS 1301 octets +ATTRIBUTE EAP-Type-Remote-Access-Service 1302 octets +ATTRIBUTE EAP-Type-AKA 1303 octets +ATTRIBUTE EAP-Type-EAP-3Com-Wireless 1304 octets +ATTRIBUTE EAP-Type-PEAP 1305 octets +ATTRIBUTE EAP-Type-MS-EAP-Authentication 1306 octets +ATTRIBUTE EAP-Type-MAKE 1307 octets +ATTRIBUTE EAP-Type-CRYPTOCard 1308 octets +ATTRIBUTE EAP-Type-EAP-MSCHAP-V2 1309 octets +ATTRIBUTE EAP-Type-DynamID 1310 octets +ATTRIBUTE EAP-Type-Rob-EAP 1311 octets +ATTRIBUTE EAP-Type-SecurID-EAP 1312 octets +ATTRIBUTE EAP-Type-MS-Authentication-TLV 1313 octets +ATTRIBUTE EAP-Type-SentriNET 1314 octets +ATTRIBUTE EAP-Type-EAP-Actiontec-Wireless 1315 octets +ATTRIBUTE EAP-Type-Cogent-Biomentric-EAP 1316 octets +ATTRIBUTE EAP-Type-AirFortress-EAP 1317 octets +ATTRIBUTE EAP-Type-EAP-HTTP-Digest 1318 octets +ATTRIBUTE EAP-Type-SecuriSuite-EAP 1319 octets +ATTRIBUTE EAP-Type-DeviceConnect-EAP 1320 octets +ATTRIBUTE EAP-Type-EAP-SPEKE 1321 octets +ATTRIBUTE EAP-Type-EAP-MOBAC 1322 octets +ATTRIBUTE EAP-Type-EAP-FAST 1323 octets +ATTRIBUTE EAP-Type-Zonelabs 1324 octets +ATTRIBUTE EAP-Type-EAP-Link 1325 octets +ATTRIBUTE EAP-Type-EAP-PAX 1326 octets +ATTRIBUTE EAP-Type-EAP-PSK 1327 octets +ATTRIBUTE EAP-Type-EAP-SAKE 1328 octets +ATTRIBUTE EAP-Type-EAP-IKEv2 1329 octets +ATTRIBUTE EAP-Type-EAP-AKA2 1330 octets +ATTRIBUTE EAP-Type-EAP-GPSK 1331 octets +ATTRIBUTE EAP-Type-EAP-PWD 1332 octets +ATTRIBUTE EAP-Type-EAP-EVEv1 1333 octets + +ATTRIBUTE EAP-Type-Microsoft-MS-CHAPv2 1306 octets +ATTRIBUTE EAP-Type-Cisco-MS-CHAPv2 1309 octets +ATTRIBUTE EAP-Type-MS-CHAP-V2 1306 octets + +# +# Range: 1536 - 1791 +# EAP Sim sub-types. +# + +# these are PW_EAP_SIM_X + 1536 +ATTRIBUTE EAP_Sim-Base 1536 octets +ATTRIBUTE EAP-Sim-RAND 1537 octets +ATTRIBUTE EAP-Sim-PADDING 1542 octets +ATTRIBUTE EAP-Sim-NONCE_MT 1543 octets +ATTRIBUTE EAP-Sim-PERMANENT_ID_REQ 1546 octets +ATTRIBUTE EAP-Sim-MAC 1547 octets +ATTRIBUTE EAP-Sim-NOTIFICATION 1548 octets +ATTRIBUTE EAP-Sim-ANY_ID_REQ 1549 octets +ATTRIBUTE EAP-Sim-IDENTITY 1550 octets +ATTRIBUTE EAP-Sim-VERSION_LIST 1551 octets +ATTRIBUTE EAP-Sim-SELECTED_VERSION 1552 octets +ATTRIBUTE EAP-Sim-FULLAUTH_ID_REQ 1553 octets +ATTRIBUTE EAP-Sim-COUNTER 1555 octets +ATTRIBUTE EAP-Sim-COUNTER_TOO_SMALL 1556 octets +ATTRIBUTE EAP-Sim-NONCE_S 1557 octets +ATTRIBUTE EAP-Sim-IV 1665 octets +ATTRIBUTE EAP-Sim-ENCR_DATA 1666 octets +ATTRIBUTE EAP-Sim-NEXT_PSEUDONUM 1668 octets +ATTRIBUTE EAP-Sim-NEXT_REAUTH_ID 1669 octets +ATTRIBUTE EAP-Sim-CHECKCODE 1670 octets + +# +# Range: 1800-1899 +# Temporary attributes, for local storage. +# +ATTRIBUTE Tmp-String-0 1800 string +ATTRIBUTE Tmp-String-1 1801 string +ATTRIBUTE Tmp-String-2 1802 string +ATTRIBUTE Tmp-String-3 1803 string +ATTRIBUTE Tmp-String-4 1804 string +ATTRIBUTE Tmp-String-5 1805 string +ATTRIBUTE Tmp-String-6 1806 string +ATTRIBUTE Tmp-String-7 1807 string +ATTRIBUTE Tmp-String-8 1808 string +ATTRIBUTE Tmp-String-9 1809 string + +ATTRIBUTE Tmp-Integer-0 1810 integer +ATTRIBUTE Tmp-Integer-1 1811 integer +ATTRIBUTE Tmp-Integer-2 1812 integer +ATTRIBUTE Tmp-Integer-3 1813 integer +ATTRIBUTE Tmp-Integer-4 1814 integer +ATTRIBUTE Tmp-Integer-5 1815 integer +ATTRIBUTE Tmp-Integer-6 1816 integer +ATTRIBUTE Tmp-Integer-7 1817 integer +ATTRIBUTE Tmp-Integer-8 1818 integer +ATTRIBUTE Tmp-Integer-9 1819 integer + +ATTRIBUTE Tmp-IP-Address-0 1820 ipaddr +ATTRIBUTE Tmp-IP-Address-1 1821 ipaddr +ATTRIBUTE Tmp-IP-Address-2 1822 ipaddr +ATTRIBUTE Tmp-IP-Address-3 1823 ipaddr +ATTRIBUTE Tmp-IP-Address-4 1824 ipaddr +ATTRIBUTE Tmp-IP-Address-5 1825 ipaddr +ATTRIBUTE Tmp-IP-Address-6 1826 ipaddr +ATTRIBUTE Tmp-IP-Address-7 1827 ipaddr +ATTRIBUTE Tmp-IP-Address-8 1828 ipaddr +ATTRIBUTE Tmp-IP-Address-9 1829 ipaddr + +ATTRIBUTE Tmp-Octets-0 1830 octets +ATTRIBUTE Tmp-Octets-1 1831 octets +ATTRIBUTE Tmp-Octets-2 1832 octets +ATTRIBUTE Tmp-Octets-3 1833 octets +ATTRIBUTE Tmp-Octets-4 1834 octets +ATTRIBUTE Tmp-Octets-5 1835 octets +ATTRIBUTE Tmp-Octets-6 1836 octets +ATTRIBUTE Tmp-Octets-7 1837 octets +ATTRIBUTE Tmp-Octets-8 1838 octets +ATTRIBUTE Tmp-Octets-9 1839 octets + +ATTRIBUTE Tmp-Date-0 1840 date +ATTRIBUTE Tmp-Date-1 1841 date +ATTRIBUTE Tmp-Date-2 1842 date +ATTRIBUTE Tmp-Date-3 1843 date +ATTRIBUTE Tmp-Date-4 1844 date +ATTRIBUTE Tmp-Date-5 1845 date +ATTRIBUTE Tmp-Date-6 1846 date +ATTRIBUTE Tmp-Date-7 1847 date +ATTRIBUTE Tmp-Date-8 1848 date +ATTRIBUTE Tmp-Date-9 1849 date + +ATTRIBUTE Tmp-Integer64-0 1871 integer64 +ATTRIBUTE Tmp-Integer64-1 1872 integer64 +ATTRIBUTE Tmp-Integer64-2 1873 integer64 +ATTRIBUTE Tmp-Integer64-3 1874 integer64 +ATTRIBUTE Tmp-Integer64-4 1875 integer64 +ATTRIBUTE Tmp-Integer64-5 1876 integer64 +ATTRIBUTE Tmp-Integer64-6 1877 integer64 +ATTRIBUTE Tmp-Integer64-7 1878 integer64 +ATTRIBUTE Tmp-Integer64-8 1879 integer64 +ATTRIBUTE Tmp-Integer64-9 1880 integer64 +# +# These attributes shouldn't be used anywhere. They are defined here +# only for casting of values in conditional expressions. +# +# The order and number need to be consistent with the typedefs used +# in the server source. +# +ATTRIBUTE Tmp-Cast-String 1851 string +ATTRIBUTE Tmp-Cast-Integer 1852 integer +ATTRIBUTE Tmp-Cast-Ipaddr 1853 ipaddr +ATTRIBUTE Tmp-Cast-Date 1854 date +ATTRIBUTE Tmp-Cast-Abinary 1855 abinary +ATTRIBUTE Tmp-Cast-Octets 1856 octets +ATTRIBUTE Tmp-Cast-Ifid 1857 ifid +ATTRIBUTE Tmp-Cast-IPv6Addr 1858 ipv6addr +ATTRIBUTE Tmp-Cast-IPv6Prefix 1859 ipv6prefix +ATTRIBUTE Tmp-Cast-Byte 1860 byte +ATTRIBUTE Tmp-Cast-Short 1861 short +ATTRIBUTE Tmp-Cast-Ethernet 1862 ether +ATTRIBUTE Tmp-Cast-Signed 1863 signed +# don't use or define these +ATTRIBUTE Tmp-Cast-Integer64 1869 integer64 +ATTRIBUTE Tmp-Cast-IPv4Prefix 1870 ipv4prefix +# don't use or define VSA or MAX + +# Range: 1900-1909 +# WiMAX server-side attributes. +# +# These are NOT sent in a packet, but are otherwise +# available for testing and validation. The various +# things that *are* sent in a packet are derived from +# these attributes. +# +ATTRIBUTE WiMAX-MN-NAI 1900 string +ATTRIBUTE WiMAX-SIM-Ki 1901 octets +ATTRIBUTE WiMAX-SIM-OPc 1902 octets +ATTRIBUTE WiMAX-SIM-AMF 1903 octets +ATTRIBUTE WiMAX-SIM-SQN 1904 octets +ATTRIBUTE WiMAX-SIM-RAND 1905 octets + +ATTRIBUTE TLS-Cert-Serial 1910 string +ATTRIBUTE TLS-Cert-Expiration 1911 string +ATTRIBUTE TLS-Cert-Issuer 1912 string +ATTRIBUTE TLS-Cert-Subject 1913 string +ATTRIBUTE TLS-Cert-Common-Name 1914 string +ATTRIBUTE TLS-Cert-Subject-Alt-Name-Email 1915 string +ATTRIBUTE TLS-Cert-Subject-Alt-Name-Dns 1916 string +ATTRIBUTE TLS-Cert-Subject-Alt-Name-Upn 1917 string +ATTRIBUTE TLS-Cert-Valid-Since 1918 string +ATTRIBUTE TLS-Session-Information 1919 string +ATTRIBUTE TLS-Client-Cert-Serial 1920 string +ATTRIBUTE TLS-Client-Cert-Expiration 1921 string +ATTRIBUTE TLS-Client-Cert-Issuer 1922 string +ATTRIBUTE TLS-Client-Cert-Subject 1923 string +ATTRIBUTE TLS-Client-Cert-Common-Name 1924 string +ATTRIBUTE TLS-Client-Cert-Filename 1925 string +ATTRIBUTE TLS-Client-Cert-Subject-Alt-Name-Email 1926 string +ATTRIBUTE TLS-Client-Cert-X509v3-Extended-Key-Usage 1927 string +ATTRIBUTE TLS-Client-Cert-X509v3-Subject-Key-Identifier 1928 string +ATTRIBUTE TLS-Client-Cert-X509v3-Authority-Key-Identifier 1929 string +ATTRIBUTE TLS-Client-Cert-X509v3-Basic-Constraints 1930 string +ATTRIBUTE TLS-Client-Cert-Subject-Alt-Name-Dns 1931 string +ATTRIBUTE TLS-Client-Cert-Subject-Alt-Name-Upn 1932 string +ATTRIBUTE TLS-PSK-Identity 1933 string +ATTRIBUTE TLS-Client-Cert-X509v3-Extended-Key-Usage-OID 1936 string +ATTRIBUTE TLS-Client-Cert-Valid-Since 1937 string +ATTRIBUTE TLS-Cache-Method 1938 integer +VALUE TLS-Cache-Method save 1 +VALUE TLS-Cache-Method load 2 +VALUE TLS-Cache-Method clear 3 +VALUE TLS-Cache-Method refresh 4 + + +ATTRIBUTE TLS-Client-Cert-X509v3-Certificate-Policies 1939 string + +# 1940 - 1959: reserved for TLS session caching, mostly in 4.0 + +ATTRIBUTE TLS-Session-ID 1940 octets +ATTRIBUTE TLS-Session-Data 1942 octets + +# Set by EAP-TLS code +ATTRIBUTE TLS-OCSP-Cert-Valid 1943 integer +VALUE TLS-OCSP-Cert-Valid unknown 3 +VALUE TLS-OCSP-Cert-Valid skipped 2 +VALUE TLS-OCSP-Cert-Valid yes 1 +VALUE TLS-OCSP-Cert-Valid no 0 + +ATTRIBUTE TLS-Cache-Filename 1946 string + +ATTRIBUTE TLS-Session-Version 1947 string +ATTRIBUTE TLS-Session-Cipher-Suite 1948 string + +ATTRIBUTE TLS-Session-Cert-File 1949 string +ATTRIBUTE TLS-Session-Cert-Private-Key-File 1950 string + +ATTRIBUTE TLS-Server-Name-Indication 1951 string + +# +# Range: 1960-2099 +# Free +# +# Range: 2100-2199 +# SoH attributes; FIXME: these should really be protocol attributes +# so that the SoH radius request can be proxied, but from which +# vendor? Sigh... +# +ATTRIBUTE SoH-MS-Machine-OS-vendor 2100 integer +VALUE SoH-MS-Machine-OS-vendor Microsoft 311 + +ATTRIBUTE SoH-MS-Machine-OS-version 2101 integer +ATTRIBUTE SoH-MS-Machine-OS-release 2102 integer +ATTRIBUTE SoH-MS-Machine-OS-build 2103 integer +ATTRIBUTE SoH-MS-Machine-SP-version 2104 integer +ATTRIBUTE SoH-MS-Machine-SP-release 2105 integer + +ATTRIBUTE SoH-MS-Machine-Processor 2106 integer +VALUE SoH-MS-Machine-Processor x86 0 +VALUE SoH-MS-Machine-Processor i64 6 +VALUE SoH-MS-Machine-Processor x86_64 9 + +ATTRIBUTE SoH-MS-Machine-Name 2107 string +ATTRIBUTE SoH-MS-Correlation-Id 2108 octets +ATTRIBUTE SoH-MS-Machine-Role 2109 integer +VALUE SoH-MS-Machine-Role client 1 +VALUE SoH-MS-Machine-Role dc 2 +VALUE SoH-MS-Machine-Role server 3 + +ATTRIBUTE SoH-Supported 2119 integer +VALUE SoH-Supported no 0 +VALUE SoH-Supported yes 1 + +ATTRIBUTE SoH-MS-Windows-Health-Status 2120 string +ATTRIBUTE SoH-MS-Health-Other 2129 string + +# +# Range: 2200-2219 +# Utilities bundled with the server +# +ATTRIBUTE Radclient-Test-Name 2200 string + +# +# Range: 2220-2999 +# Free +# +# Range: 3000-3999 +# Site-local attributes (see raddb/dictionary.in) +# Do NOT define attributes in this range! +# +# Range: 4000-65535 +# Unused +# +# Range: 65536- +# Invalid. Don't use. +# + +# +# Non-Protocol Integer Translations +# + +VALUE Auth-Type Local 1 +VALUE Auth-Type Reject 4 + +# +# FreeRADIUS extensions (most originally from Cistron) +# +VALUE Auth-Type Accept 254 + +# +# Authorization type, too. +# +VALUE Autz-Type Local 1 + +# +# And accounting +# +VALUE Acct-Type Local 1 + +# +# And Session handling +# +VALUE Session-Type Local 1 + +# +# And Post-Auth +VALUE Post-Auth-Type Local 1 +VALUE Post-Auth-Type Reject 2 +VALUE Post-Auth-Type Challenge 3 +VALUE Post-Auth-Type Client-Lost 4 + +# +# And Post-Proxy +VALUE Post-Proxy-Type Fail 1 +VALUE Post-Proxy-Type Fail-Authentication 2 +VALUE Post-Proxy-Type Fail-Accounting 3 +VALUE Post-Proxy-Type Fail-CoA 4 +VALUE Post-Proxy-Type Fail-Disconnect 5 + +# +# Experimental Non-Protocol Integer Translations for FreeRADIUS +# +VALUE Fall-Through No 0 +VALUE Fall-Through Yes 1 + +VALUE Relax-Filter No 0 +VALUE Relax-Filter Yes 1 + +VALUE Strip-User-Name No 0 +VALUE Strip-User-Name Yes 1 + +VALUE Packet-Type Access-Request 1 +VALUE Packet-Type Access-Accept 2 +VALUE Packet-Type Access-Reject 3 +VALUE Packet-Type Accounting-Request 4 +VALUE Packet-Type Accounting-Response 5 +VALUE Packet-Type Accounting-Status 6 +VALUE Packet-Type Password-Request 7 +VALUE Packet-Type Password-Accept 8 +VALUE Packet-Type Password-Reject 9 +VALUE Packet-Type Accounting-Message 10 +VALUE Packet-Type Access-Challenge 11 +VALUE Packet-Type Status-Server 12 +VALUE Packet-Type Status-Client 13 + +# +# The following packet types are described in RFC 2882, +# but they are NOT part of the RADIUS standard. Instead, +# they are informational about vendor-specific extensions +# to the RADIUS standard. +# +VALUE Packet-Type Resource-Free-Request 21 +VALUE Packet-Type Resource-Free-Response 22 +VALUE Packet-Type Resource-Query-Request 23 +VALUE Packet-Type Resource-Query-Response 24 +VALUE Packet-Type Alternate-Resource-Reclaim-Request 25 +VALUE Packet-Type NAS-Reboot-Request 26 +VALUE Packet-Type NAS-Reboot-Response 27 +VALUE Packet-Type Next-Passcode 29 +VALUE Packet-Type New-Pin 30 +VALUE Packet-Type Terminate-Session 31 +VALUE Packet-Type Password-Expired 32 +VALUE Packet-Type Event-Request 33 +VALUE Packet-Type Event-Response 34 + +# RFC 3576 allocates packet types 40-45 + +VALUE Packet-Type Disconnect-Request 40 +VALUE Packet-Type Disconnect-ACK 41 +VALUE Packet-Type Disconnect-NAK 42 +VALUE Packet-Type CoA-Request 43 +VALUE Packet-Type CoA-ACK 44 +VALUE Packet-Type CoA-NAK 45 + +VALUE Packet-Type IP-Address-Allocate 50 +VALUE Packet-Type IP-Address-Release 51 + +VALUE Response-Packet-Type Access-Request 1 +VALUE Response-Packet-Type Access-Accept 2 +VALUE Response-Packet-Type Access-Reject 3 +VALUE Response-Packet-Type Accounting-Request 4 +VALUE Response-Packet-Type Accounting-Response 5 +VALUE Response-Packet-Type Accounting-Status 6 +VALUE Response-Packet-Type Password-Request 7 +VALUE Response-Packet-Type Password-Accept 8 +VALUE Response-Packet-Type Password-Reject 9 +VALUE Response-Packet-Type Accounting-Message 10 +VALUE Response-Packet-Type Access-Challenge 11 +VALUE Response-Packet-Type Status-Server 12 +VALUE Response-Packet-Type Status-Client 13 + +VALUE Response-Packet-Type Disconnect-Request 40 +VALUE Response-Packet-Type Disconnect-ACK 41 +VALUE Response-Packet-Type Disconnect-NAK 42 +VALUE Response-Packet-Type CoA-Request 43 +VALUE Response-Packet-Type CoA-ACK 44 +VALUE Response-Packet-Type CoA-NAK 45 +# +# Special value +# +VALUE Response-Packet-Type Do-Not-Respond 256 + +# +# EAP Sub-types, inside of Request and Response packets +# +# http://www.iana.org/assignments/ppp-numbers +# "PPP EAP REQUEST/RESPONSE TYPES" +# +# +# See dictionary.microsoft, MS-Acct-EAP-Type for similar definitions +# +VALUE EAP-Type None 0 +VALUE EAP-Type Identity 1 +VALUE EAP-Type Notification 2 +VALUE EAP-Type NAK 3 +VALUE EAP-Type MD5-Challenge 4 +VALUE EAP-Type EAP-MD5 4 +VALUE EAP-Type MD5 4 +VALUE EAP-Type One-Time-Password 5 +VALUE EAP-Type OTP 5 +VALUE EAP-Type Generic-Token-Card 6 +VALUE EAP-Type EAP-GTC 6 +VALUE EAP-Type GTC 6 +VALUE EAP-Type RSA-Public-Key 9 +VALUE EAP-Type DSS-Unilateral 10 +VALUE EAP-Type KEA 11 +VALUE EAP-Type KEA-Validate 12 +VALUE EAP-Type EAP-TLS 13 +VALUE EAP-Type TLS 13 +VALUE EAP-Type Defender-Token 14 +VALUE EAP-Type RSA-SecurID-EAP 15 +VALUE EAP-Type Arcot-Systems-EAP 16 +VALUE EAP-Type Cisco-LEAP 17 +VALUE EAP-Type LEAP 17 +VALUE EAP-Type Nokia-IP-Smart-Card 18 +VALUE EAP-Type EAP-SIM 18 +VALUE EAP-Type SIM 18 +VALUE EAP-Type SRP-SHA1 19 +# 20 is unassigned +VALUE EAP-Type EAP-TTLS 21 +VALUE EAP-Type TTLS 21 +VALUE EAP-Type Remote-Access-Service 22 +VALUE EAP-Type EAP-AKA 23 +VALUE EAP-Type AKA 23 +VALUE EAP-Type 3Com-Wireless 24 +VALUE EAP-Type PEAP 25 +VALUE EAP-Type Microsoft-MS-CHAPv2 26 +VALUE EAP-Type MAKE 27 +VALUE EAP-Type CRYPTOCard 28 +VALUE EAP-Type Cisco-MS-CHAPv2 29 +VALUE EAP-Type DynamID 30 +VALUE EAP-Type Rob-EAP 31 +VALUE EAP-Type SecurID-EAP 32 +VALUE EAP-Type MS-Authentication-TLV 33 +VALUE EAP-Type SentriNET 34 +VALUE EAP-Type Actiontec-Wireless 35 +VALUE EAP-Type Cogent-Biomentric-EAP 36 +VALUE EAP-Type AirFortress-EAP 37 +VALUE EAP-Type HTTP-Digest 38 +VALUE EAP-Type TNC 38 +VALUE EAP-Type SecuriSuite-EAP 39 +VALUE EAP-Type DeviceConnect-EAP 40 +VALUE EAP-Type SPEKE 41 +VALUE EAP-Type MOBAC 42 +VALUE EAP-Type EAP-FAST 43 +VALUE EAP-Type FAST 43 +VALUE EAP-Type Zonelabs 44 +VALUE EAP-Type Link 45 +VALUE EAP-Type PAX 46 +VALUE EAP-Type PSK 47 +VALUE EAP-Type SAKE 48 +VALUE EAP-Type EAP-IKEv2 49 +VALUE EAP-Type IKEv2 49 +VALUE EAP-Type AKA2 50 +VALUE EAP-Type GPSK 51 +VALUE EAP-Type PWD 52 +VALUE EAP-Type EKEv1 53 + +# +# And this is what most people mean by MS-CHAPv2 +# +VALUE EAP-Type EAP-MSCHAPv2 26 +VALUE EAP-Type MSCHAPv2 26 + +# +# This says TLS, but it's only valid for TTLS & PEAP. +# EAP-TLS *always* requires a client certificate. +# +VALUE EAP-TLS-Require-Client-Cert No 0 +VALUE EAP-TLS-Require-Client-Cert Yes 1 + +# +# These are the EAP-Code values. +# +VALUE EAP-Code Request 1 +VALUE EAP-Code Response 2 +VALUE EAP-Code Success 3 +VALUE EAP-Code Failure 4 + +# +# For MS-CHAP, do we run ntlm_auth, or not. +# +VALUE MS-CHAP-Use-NTLM-Auth No 0 +VALUE MS-CHAP-Use-NTLM-Auth Yes 1 |