path: root/share/dictionary.freeradius.internal

# -*- text -*-
# Copyright (C) 2019 The FreeRADIUS Server project and contributors
# This work is licensed under CC-BY version 4.0 https://creativecommons.org/licenses/by/4.0
#
#	Non Protocol Attributes used by FreeRADIUS
#
#	$Id$
#

#	The attributes number ranges are allocates as follows:
#
#	Range:	500-999
#		server-side attributes which can go in a reply list

# 	These attributes CAN go in the reply item list.
ATTRIBUTE	Fall-Through				500	integer
ATTRIBUTE	Relax-Filter				501	integer
ATTRIBUTE	Exec-Program				502	string
ATTRIBUTE	Exec-Program-Wait			503	string

#	These attributes CANNOT go in the reply item list.

#
#	Range:	1000+
#		Attributes which cannot go in a reply list.
#
#
#	Range:	1000-1199
#		Miscellaneous server attributes.
#
#
#	Non-Protocol Attributes
#	These attributes are used internally by the server
#
ATTRIBUTE	Auth-Type				1000	integer
ATTRIBUTE	Menu					1001	string
ATTRIBUTE	Termination-Menu			1002	string
ATTRIBUTE	Prefix					1003	string
ATTRIBUTE	Suffix					1004	string
ATTRIBUTE	Group					1005	string
ATTRIBUTE	Crypt-Password				1006	string
#ATTRIBUTE	Connect-Rate				1007	integer
ATTRIBUTE	Add-Prefix				1008	string
ATTRIBUTE	Add-Suffix				1009	string
ATTRIBUTE	Expiration				1010	date
ATTRIBUTE	Autz-Type				1011	integer
ATTRIBUTE	Acct-Type				1012	integer
ATTRIBUTE	Session-Type				1013	integer
ATTRIBUTE	Post-Auth-Type				1014	integer
ATTRIBUTE	Pre-Proxy-Type				1015	integer
ATTRIBUTE	Post-Proxy-Type				1016	integer
ATTRIBUTE	Pre-Acct-Type				1017	integer

#
#	This is the EAP type of authentication, which is set
#	by the EAP module, for informational purposes only.
#
ATTRIBUTE	EAP-Type				1018	integer
ATTRIBUTE	EAP-TLS-Require-Client-Cert		1019	integer
ATTRIBUTE	EAP-Id					1020	integer
ATTRIBUTE	EAP-Code				1021	integer
ATTRIBUTE	EAP-MD5-Password			1022	string
ATTRIBUTE	PEAP-Version				1023	integer
ATTRIBUTE	Client-Shortname			1024	string virtual
ATTRIBUTE	Load-Balance-Key			1025	string
ATTRIBUTE	Raw-Attribute				1026	octets
ATTRIBUTE	TNC-VLAN-Access				1027	string
ATTRIBUTE	TNC-VLAN-Isolate			1028	string
ATTRIBUTE	User-Category				1029	string
ATTRIBUTE	Group-Name				1030	string
ATTRIBUTE	Huntgroup-Name				1031	string
ATTRIBUTE	Simultaneous-Use			1034	integer
ATTRIBUTE	Strip-User-Name				1035	integer
ATTRIBUTE	Hint					1040	string
ATTRIBUTE	Pam-Auth				1041	string
ATTRIBUTE	Login-Time				1042	string
ATTRIBUTE	Stripped-User-Name			1043	string
ATTRIBUTE	Current-Time				1044	string
ATTRIBUTE	Realm					1045	string
ATTRIBUTE	No-Such-Attribute			1046	string
ATTRIBUTE	Packet-Type				1047	integer virtual
ATTRIBUTE	Proxy-To-Realm				1048	string
ATTRIBUTE	Replicate-To-Realm			1049	string
ATTRIBUTE	Acct-Session-Start-Time			1050	date
ATTRIBUTE	Acct-Unique-Session-Id			1051	string
ATTRIBUTE	Client-IP-Address			1052	ipaddr virtual
ATTRIBUTE	LDAP-UserDN				1053	string
ATTRIBUTE	NS-MTA-MD5-Password			1054	string
ATTRIBUTE	SQL-User-Name				1055	string
ATTRIBUTE	LM-Password				1057	octets
ATTRIBUTE	NT-Password				1058	octets
ATTRIBUTE	SMB-Account-CTRL			1059	integer
ATTRIBUTE	SMB-Account-CTRL-TEXT			1061	string
ATTRIBUTE	User-Profile				1062	string
ATTRIBUTE	Digest-Realm				1063	string
ATTRIBUTE	Digest-Nonce				1064	string
ATTRIBUTE	Digest-Method				1065	string
ATTRIBUTE	Digest-URI				1066	string
ATTRIBUTE	Digest-QOP				1067	string
ATTRIBUTE	Digest-Algorithm			1068	string
ATTRIBUTE	Digest-Body-Digest			1069	string
ATTRIBUTE	Digest-CNonce				1070	string
ATTRIBUTE	Digest-Nonce-Count			1071	string
ATTRIBUTE	Digest-User-Name			1072	string
ATTRIBUTE	Pool-Name				1073	string
# LDAP-Group is now dynamically created
ATTRIBUTE	Module-Success-Message			1075	string
ATTRIBUTE	Module-Failure-Message			1076	string
#		X99-Fast		1077	integer
ATTRIBUTE	Rewrite-Rule				1078	string
# SQL-Group is now dynamically created
ATTRIBUTE	Response-Packet-Type			1080	integer virtual
ATTRIBUTE	Digest-HA1				1081	string
ATTRIBUTE	MS-CHAP-Use-NTLM-Auth			1082	integer
ATTRIBUTE	NTLM-User-Name				1083	string
ATTRIBUTE	MS-CHAP-User-Name			1083	string
ATTRIBUTE	Packet-Src-IP-Address			1084	ipaddr virtual
ATTRIBUTE	Packet-Dst-IP-Address			1085	ipaddr virtual
ATTRIBUTE	Packet-Src-Port				1086	integer virtual
ATTRIBUTE	Packet-Dst-Port				1087	integer virtual
ATTRIBUTE	Packet-Authentication-Vector		1088	octets virtual
ATTRIBUTE	Time-Of-Day				1089	string
ATTRIBUTE	Request-Processing-Stage		1090	string virtual
ATTRIBUTE	SHA2-Password				1092	octets
ATTRIBUTE	SHA-Password				1093	octets
ATTRIBUTE	SSHA-Password				1094	octets
ATTRIBUTE	SHA1-Password				1093	octets
ATTRIBUTE	SSHA1-Password				1094	octets
ATTRIBUTE	MD5-Password				1095	octets
ATTRIBUTE	SMD5-Password				1096	octets
ATTRIBUTE	Packet-Src-IPv6-Address			1097	ipv6addr virtual
ATTRIBUTE	Packet-Dst-IPv6-Address			1098	ipv6addr virtual
ATTRIBUTE	Virtual-Server				1099	string virtual
ATTRIBUTE	Cleartext-Password			1100	string
ATTRIBUTE	Password-With-Header			1101	string
ATTRIBUTE	Inner-Tunnel-User-Name			1102	string
#
#	EAP-IKEv2 is experimental.
#
ATTRIBUTE	EAP-IKEv2-IDType			1103	integer

VALUE	EAP-IKEv2-IDType		IPV4_ADDR		1
VALUE	EAP-IKEv2-IDType		FQDN			2
VALUE	EAP-IKEv2-IDType		RFC822_ADDR		3
VALUE	EAP-IKEv2-IDType		IPV6_ADDR		5
VALUE	EAP-IKEv2-IDType		DER_ASN1_DN		9
VALUE	EAP-IKEv2-IDType		DER_ASN1_GN		10
VALUE	EAP-IKEv2-IDType		KEY_ID			11

ATTRIBUTE	EAP-IKEv2-ID				1104	string
ATTRIBUTE	EAP-IKEv2-Secret			1105	string	secret
ATTRIBUTE	EAP-IKEv2-AuthType			1106	integer

VALUE	EAP-IKEv2-AuthType		none			0
VALUE	EAP-IKEv2-AuthType		secret			1
VALUE	EAP-IKEv2-AuthType		cert			2
VALUE	EAP-IKEv2-AuthType		both			3

ATTRIBUTE	Send-Disconnect-Request			1107	integer
ATTRIBUTE	Send-CoA-Request			1107	integer

VALUE	Send-CoA-Request		No			0
VALUE	Send-CoA-Request		Yes			1

ATTRIBUTE	Module-Return-Code			1108	integer virtual

VALUE	Module-Return-Code		reject			0
VALUE	Module-Return-Code		fail			1
VALUE	Module-Return-Code		ok			2
VALUE	Module-Return-Code		handled			3
VALUE	Module-Return-Code		invalid			4
VALUE	Module-Return-Code		userlock		5
VALUE	Module-Return-Code		notfound		6
VALUE	Module-Return-Code		noop			7
VALUE	Module-Return-Code		updated			8

ATTRIBUTE	Packet-Original-Timestamp		1109	date
ATTRIBUTE	SQL-Table-Name				1110	string
ATTRIBUTE	Home-Server-Pool			1111	string

# For delayed evaluation of maps
ATTRIBUTE	Attribute-Map				1112	string

# See sites-available/coa-relay
ATTRIBUTE	CoA-Packet-Type				1113	string
ATTRIBUTE	CoA-Packet-DST-IP-Address		1114	ipaddr
ATTRIBUTE	CoA-Packet-DST-Port			1115	integer
ATTRIBUTE	CoA-Acct-Session-Id			1116	string
ATTRIBUTE	CoA-Packet-DST-IPv6-Address		1117	ipv6addr

ATTRIBUTE	FreeRADIUS-Client-IP-Address		1120	ipaddr
ATTRIBUTE	FreeRADIUS-Client-IPv6-Address		1121	ipv6addr
# The rest of the FreeRADIUS-Client-* attributes are at 1150...

ATTRIBUTE	FreeRADIUS-Client-Require-MA		1122	integer

VALUE	FreeRADIUS-Client-Require-MA	no			0
VALUE	FreeRADIUS-Client-Require-MA	yes			1

ATTRIBUTE	FreeRADIUS-Client-Secret		1123	string secret
ATTRIBUTE	FreeRADIUS-Client-Shortname		1124	string
ATTRIBUTE	FreeRADIUS-Client-NAS-Type		1125	string
ATTRIBUTE	FreeRADIUS-Client-Virtual-Server	1126	string

# For session resumption
ATTRIBUTE	Allow-Session-Resumption		1127	integer

VALUE	Allow-Session-Resumption	no			0
VALUE	Allow-Session-Resumption	yes			1

ATTRIBUTE	EAP-Session-Resumed			1128	integer

VALUE	EAP-Session-Resumed		no			0
VALUE	EAP-Session-Resumed		yes			1

#
#	Expose EAP keys in the reply.
#
ATTRIBUTE	EAP-MSK					1129	octets
ATTRIBUTE	EAP-EMSK				1130	octets

#
#	For send/recv CoA packets (like Auth-Type, Acct-Type, etc.)
#
ATTRIBUTE	Recv-CoA-Type				1131	integer
ATTRIBUTE	Send-CoA-Type				1132	integer

ATTRIBUTE	MS-CHAP-Password			1133	string
ATTRIBUTE	Packet-Transmit-Counter			1134	integer
ATTRIBUTE	Cached-Session-Policy			1135	string
ATTRIBUTE	MS-CHAP-New-Cleartext-Password		1136	string
ATTRIBUTE	MS-CHAP-New-NT-Password			1137	octets

#	For default policies

ATTRIBUTE	Stripped-User-Domain			1138	string
ATTRIBUTE	Called-Station-SSID			1139	string
ATTRIBUTE	Called-Station-MAC			1140	octets
ATTRIBUTE	Pre-Shared-Key				1141	string
ATTRIBUTE	Pairwise-Master-Key			1142	octets
ATTRIBUTE	PSK-Identity				1143	string

ATTRIBUTE	OTP-Challenge				1145	string
ATTRIBUTE	EAP-Session-Id				1146	octets
ATTRIBUTE	Chbind-Response-Code			1147	integer

VALUE	Chbind-Response-Code		success			2
VALUE	Chbind-Response-Code		failure			3

ATTRIBUTE	Acct-Input-Octets64			1148	integer64
ATTRIBUTE	Acct-Output-Octets64			1149	integer64

ATTRIBUTE	FreeRADIUS-Client-IP-Prefix		1150	ipv4prefix
ATTRIBUTE	FreeRADIUS-Client-IPv6-Prefix		1151	ipv6prefix
ATTRIBUTE	FreeRADIUS-Response-Delay		1152	integer
ATTRIBUTE	FreeRADIUS-Client-Src-IP-Address	1153	ipaddr
ATTRIBUTE	FreeRADIUS-Client-Src-IPv6-Address	1154	ipv6addr
ATTRIBUTE	FreeRADIUS-Response-Delay-USec		1155	integer

ATTRIBUTE	REST-HTTP-Header			1160	string
ATTRIBUTE	REST-HTTP-Body				1161	string
ATTRIBUTE	REST-HTTP-Status-Code			1162	integer

ATTRIBUTE	Cache-Expires				1170	date
ATTRIBUTE	Cache-Created				1171	date
ATTRIBUTE	Cache-TTL				1172	signed
ATTRIBUTE	Cache-Status-Only			1173	integer
ATTRIBUTE	Cache-Merge				1174	integer
ATTRIBUTE	Cache-Entry-Hits			1175	integer
ATTRIBUTE	Cache-Read-Only				1176	integer

VALUE	Cache-Status-Only		no			0
VALUE	Cache-Status-Only		yes			1

VALUE	Cache-Merge			no			0
VALUE	Cache-Merge			yes			1

VALUE	Cache-Read-Only			no			0
VALUE	Cache-Read-Only			yes			1

ATTRIBUTE	SSHA2-224-Password			1177	octets
ATTRIBUTE	SSHA2-256-Password			1178	octets
ATTRIBUTE	SSHA2-384-Password			1179	octets
ATTRIBUTE	SSHA2-512-Password			1180	octets

ATTRIBUTE	PBKDF2-Password				1181	octets
ATTRIBUTE	SSHA3-224-Password			1182	octets
ATTRIBUTE	SSHA3-256-Password			1183	octets
ATTRIBUTE	SSHA3-384-Password			1184	octets
ATTRIBUTE	SSHA3-512-Password			1185	octets

ATTRIBUTE	MS-CHAP-Peer-Challenge			1192	octets
ATTRIBUTE	Home-Server-Name			1193	string
ATTRIBUTE	Originating-Realm-Key			1194	string
ATTRIBUTE	Proxy-To-Originating-Realm		1195	string

ATTRIBUTE	TOTP-Secret				1194	string # base32 encoded
ATTRIBUTE	TOTP-Key				1195	octets # raw key
ATTRIBUTE	TOTP-Password				1196	string

ATTRIBUTE	Proxy-Tunneled-Request-As-EAP		1197	integer
VALUE	Proxy-Tunneled-Request-As-EAP	No			0
VALUE	Proxy-Tunneled-Request-As-EAP	Yes			1
ATTRIBUTE	Temp-Home-Server-String			1198	string

ATTRIBUTE	TOTP-Time-Offset			1199	signed

#
#	Range:	1200-1279
#		EAP-SIM (and other EAP type) weirdness.
#
#	For EAP-SIM, some attribute definitions for database interface
#
ATTRIBUTE	EAP-Sim-Subtype				1200	integer

ATTRIBUTE	EAP-Sim-Rand1				1201	octets
ATTRIBUTE	EAP-Sim-Rand2				1202	octets
ATTRIBUTE	EAP-Sim-Rand3				1203	octets

ATTRIBUTE	EAP-Sim-SRES1				1204	octets
ATTRIBUTE	EAP-Sim-SRES2				1205	octets
ATTRIBUTE	EAP-Sim-SRES3				1206	octets

VALUE	EAP-Sim-Subtype			Start			10
VALUE	EAP-Sim-Subtype			Challenge		11
VALUE	EAP-Sim-Subtype			Notification		12
VALUE	EAP-Sim-Subtype			Re-authentication	13

# this attribute is used internally by the client code.
ATTRIBUTE	EAP-Sim-State				1207	integer

ATTRIBUTE	EAP-Sim-IMSI				1208	string
ATTRIBUTE	EAP-Sim-HMAC				1209	string
ATTRIBUTE	EAP-Sim-KEY				1210	octets
ATTRIBUTE	EAP-Sim-EXTRA				1211	octets

ATTRIBUTE	EAP-Sim-KC1				1212	octets
ATTRIBUTE	EAP-Sim-KC2				1213	octets
ATTRIBUTE	EAP-Sim-KC3				1214	octets

ATTRIBUTE	EAP-Sim-Ki				1215	octets
ATTRIBUTE	EAP-Sim-Algo-Version			1216	integer

ATTRIBUTE	Outer-Realm-Name			1218	string
ATTRIBUTE	Inner-Realm-Name			1219	string

ATTRIBUTE	EAP-Pwd-Password-Hash			1220	octets
ATTRIBUTE	EAP-Pwd-Password-Salt			1221	octets
ATTRIBUTE	EAP-Pwd-Password-Prep			1222	byte

#
#	Range:	1280 - 1535
#		EAP-type specific attributes
#
#		These are used mostly for radeapclient, and aren't
#		that useful for anyone else.
#
#  egrep VALUE dictionary.freeradius.internal  | grep EAP-Type | awk '{print "ATTRIBUTE EAP-Type-" $3 " " 1280+$4 " octets"}' > foo;./format.pl foo
#
ATTRIBUTE	EAP-Type-Base				1280	octets
ATTRIBUTE	EAP-Type-VALUE				1280	octets
ATTRIBUTE	EAP-Type-None				1280	octets
ATTRIBUTE	EAP-Type-Identity			1281	octets
ATTRIBUTE	EAP-Type-Notification			1282	octets
ATTRIBUTE	EAP-Type-NAK				1283	octets
ATTRIBUTE	EAP-Type-MD5-Challenge			1284	octets
ATTRIBUTE	EAP-Type-One-Time-Password		1285	octets
ATTRIBUTE	EAP-Type-Generic-Token-Card		1286	octets
ATTRIBUTE	EAP-Type-RSA-Public-Key			1289	octets
ATTRIBUTE	EAP-Type-DSS-Unilateral			1290	octets
ATTRIBUTE	EAP-Type-KEA				1291	octets
ATTRIBUTE	EAP-Type-KEA-Validate			1292	octets
ATTRIBUTE	EAP-Type-EAP-TLS			1293	octets
ATTRIBUTE	EAP-Type-Defender-Token			1294	octets
ATTRIBUTE	EAP-Type-RSA-SecurID-EAP		1295	octets
ATTRIBUTE	EAP-Type-Arcot-Systems-EAP		1296	octets
ATTRIBUTE	EAP-Type-Cisco-LEAP			1297	octets
ATTRIBUTE	EAP-Type-Nokia-IP-Smart-Card		1298	octets
ATTRIBUTE	EAP-Type-SIM				1298	octets
ATTRIBUTE	EAP-Type-SRP-SHA1			1299	octets
ATTRIBUTE	EAP-Type-EAP-TTLS			1301	octets
ATTRIBUTE	EAP-Type-Remote-Access-Service		1302	octets
ATTRIBUTE	EAP-Type-AKA				1303	octets
ATTRIBUTE	EAP-Type-EAP-3Com-Wireless		1304	octets
ATTRIBUTE	EAP-Type-PEAP				1305	octets
ATTRIBUTE	EAP-Type-MS-EAP-Authentication		1306	octets
ATTRIBUTE	EAP-Type-MAKE				1307	octets
ATTRIBUTE	EAP-Type-CRYPTOCard			1308	octets
ATTRIBUTE	EAP-Type-EAP-MSCHAP-V2			1309	octets
ATTRIBUTE	EAP-Type-DynamID			1310	octets
ATTRIBUTE	EAP-Type-Rob-EAP			1311	octets
ATTRIBUTE	EAP-Type-SecurID-EAP			1312	octets
ATTRIBUTE	EAP-Type-MS-Authentication-TLV		1313	octets
ATTRIBUTE	EAP-Type-SentriNET			1314	octets
ATTRIBUTE	EAP-Type-EAP-Actiontec-Wireless		1315	octets
ATTRIBUTE	EAP-Type-Cogent-Biomentric-EAP		1316	octets
ATTRIBUTE	EAP-Type-AirFortress-EAP		1317	octets
ATTRIBUTE	EAP-Type-EAP-HTTP-Digest		1318	octets
ATTRIBUTE	EAP-Type-SecuriSuite-EAP		1319	octets
ATTRIBUTE	EAP-Type-DeviceConnect-EAP		1320	octets
ATTRIBUTE	EAP-Type-EAP-SPEKE			1321	octets
ATTRIBUTE	EAP-Type-EAP-MOBAC			1322	octets
ATTRIBUTE	EAP-Type-EAP-FAST			1323	octets
ATTRIBUTE	EAP-Type-Zonelabs			1324	octets
ATTRIBUTE	EAP-Type-EAP-Link			1325	octets
ATTRIBUTE	EAP-Type-EAP-PAX			1326	octets
ATTRIBUTE	EAP-Type-EAP-PSK			1327	octets
ATTRIBUTE	EAP-Type-EAP-SAKE			1328	octets
ATTRIBUTE	EAP-Type-EAP-IKEv2			1329	octets
ATTRIBUTE	EAP-Type-EAP-AKA2			1330	octets
ATTRIBUTE	EAP-Type-EAP-GPSK			1331	octets
ATTRIBUTE	EAP-Type-EAP-PWD			1332	octets
ATTRIBUTE	EAP-Type-EAP-EVEv1			1333	octets
ATTRIBUTE	EAP-Type-EAP-PT-EAP			1334	octets
ATTRIBUTE	EAP-Type-EAP-TEAP			1335	octets

ATTRIBUTE	EAP-Type-Microsoft-MS-CHAPv2		1306	octets
ATTRIBUTE	EAP-Type-Cisco-MS-CHAPv2		1309	octets
ATTRIBUTE	EAP-Type-MS-CHAP-V2			1306	octets

#
#	Range:	1536 - 1791
#		EAP Sim sub-types.
#

# these are PW_EAP_SIM_X + 1536
ATTRIBUTE	EAP_Sim-Base				1536	octets
ATTRIBUTE	EAP-Sim-RAND				1537	octets
ATTRIBUTE	EAP-Sim-PADDING				1542	octets
ATTRIBUTE	EAP-Sim-NONCE_MT			1543	octets
ATTRIBUTE	EAP-Sim-PERMANENT_ID_REQ		1546	octets
ATTRIBUTE	EAP-Sim-MAC				1547	octets
ATTRIBUTE	EAP-Sim-NOTIFICATION			1548	octets
ATTRIBUTE	EAP-Sim-ANY_ID_REQ			1549	octets
ATTRIBUTE	EAP-Sim-IDENTITY			1550	octets
ATTRIBUTE	EAP-Sim-VERSION_LIST			1551	octets
ATTRIBUTE	EAP-Sim-SELECTED_VERSION		1552	octets
ATTRIBUTE	EAP-Sim-FULLAUTH_ID_REQ			1553	octets
ATTRIBUTE	EAP-Sim-COUNTER				1555	octets
ATTRIBUTE	EAP-Sim-COUNTER_TOO_SMALL		1556	octets
ATTRIBUTE	EAP-Sim-NONCE_S				1557	octets
ATTRIBUTE	EAP-Sim-IV				1665	octets
ATTRIBUTE	EAP-Sim-ENCR_DATA			1666	octets
ATTRIBUTE	EAP-Sim-NEXT_PSEUDONUM			1668	octets
ATTRIBUTE	EAP-Sim-NEXT_REAUTH_ID			1669	octets
ATTRIBUTE	EAP-Sim-CHECKCODE			1670	octets

#
#	Range: 1800-1899
#	       Temporary attributes, for local storage.
#
ATTRIBUTE	Tmp-String-0				1800	string
ATTRIBUTE	Tmp-String-1				1801	string
ATTRIBUTE	Tmp-String-2				1802	string
ATTRIBUTE	Tmp-String-3				1803	string
ATTRIBUTE	Tmp-String-4				1804	string
ATTRIBUTE	Tmp-String-5				1805	string
ATTRIBUTE	Tmp-String-6				1806	string
ATTRIBUTE	Tmp-String-7				1807	string
ATTRIBUTE	Tmp-String-8				1808	string
ATTRIBUTE	Tmp-String-9				1809	string

ATTRIBUTE	Tmp-Integer-0				1810	integer
ATTRIBUTE	Tmp-Integer-1				1811	integer
ATTRIBUTE	Tmp-Integer-2				1812	integer
ATTRIBUTE	Tmp-Integer-3				1813	integer
ATTRIBUTE	Tmp-Integer-4				1814	integer
ATTRIBUTE	Tmp-Integer-5				1815	integer
ATTRIBUTE	Tmp-Integer-6				1816	integer
ATTRIBUTE	Tmp-Integer-7				1817	integer
ATTRIBUTE	Tmp-Integer-8				1818	integer
ATTRIBUTE	Tmp-Integer-9				1819	integer

ATTRIBUTE	Tmp-IP-Address-0			1820	ipaddr
ATTRIBUTE	Tmp-IP-Address-1			1821	ipaddr
ATTRIBUTE	Tmp-IP-Address-2			1822	ipaddr
ATTRIBUTE	Tmp-IP-Address-3			1823	ipaddr
ATTRIBUTE	Tmp-IP-Address-4			1824	ipaddr
ATTRIBUTE	Tmp-IP-Address-5			1825	ipaddr
ATTRIBUTE	Tmp-IP-Address-6			1826	ipaddr
ATTRIBUTE	Tmp-IP-Address-7			1827	ipaddr
ATTRIBUTE	Tmp-IP-Address-8			1828	ipaddr
ATTRIBUTE	Tmp-IP-Address-9			1829	ipaddr

ATTRIBUTE	Tmp-Octets-0				1830	octets
ATTRIBUTE	Tmp-Octets-1				1831	octets
ATTRIBUTE	Tmp-Octets-2				1832	octets
ATTRIBUTE	Tmp-Octets-3				1833	octets
ATTRIBUTE	Tmp-Octets-4				1834	octets
ATTRIBUTE	Tmp-Octets-5				1835	octets
ATTRIBUTE	Tmp-Octets-6				1836	octets
ATTRIBUTE	Tmp-Octets-7				1837	octets
ATTRIBUTE	Tmp-Octets-8				1838	octets
ATTRIBUTE	Tmp-Octets-9				1839	octets

ATTRIBUTE	Tmp-Date-0				1840	date
ATTRIBUTE	Tmp-Date-1				1841	date
ATTRIBUTE	Tmp-Date-2				1842	date
ATTRIBUTE	Tmp-Date-3				1843	date
ATTRIBUTE	Tmp-Date-4				1844	date
ATTRIBUTE	Tmp-Date-5				1845	date
ATTRIBUTE	Tmp-Date-6				1846	date
ATTRIBUTE	Tmp-Date-7				1847	date
ATTRIBUTE	Tmp-Date-8				1848	date
ATTRIBUTE	Tmp-Date-9				1849	date

ATTRIBUTE	Tmp-Integer64-0				1871	integer64
ATTRIBUTE	Tmp-Integer64-1				1872	integer64
ATTRIBUTE	Tmp-Integer64-2				1873	integer64
ATTRIBUTE	Tmp-Integer64-3				1874	integer64
ATTRIBUTE	Tmp-Integer64-4				1875	integer64
ATTRIBUTE	Tmp-Integer64-5				1876	integer64
ATTRIBUTE	Tmp-Integer64-6				1877	integer64
ATTRIBUTE	Tmp-Integer64-7				1878	integer64
ATTRIBUTE	Tmp-Integer64-8				1879	integer64
ATTRIBUTE	Tmp-Integer64-9				1880	integer64
#
#  These attributes shouldn't be used anywhere.  They are defined here
#  only for casting of values in conditional expressions.
#
#  The order and number need to be consistent with the typedefs used
#  in the server source.
#
ATTRIBUTE	Tmp-Cast-String				1851	string
ATTRIBUTE	Tmp-Cast-Integer			1852	integer
ATTRIBUTE	Tmp-Cast-Ipaddr				1853	ipaddr
ATTRIBUTE	Tmp-Cast-Date				1854	date
ATTRIBUTE	Tmp-Cast-Abinary			1855	abinary
ATTRIBUTE	Tmp-Cast-Octets				1856	octets
ATTRIBUTE	Tmp-Cast-Ifid				1857	ifid
ATTRIBUTE	Tmp-Cast-IPv6Addr			1858	ipv6addr
ATTRIBUTE	Tmp-Cast-IPv6Prefix			1859	ipv6prefix
ATTRIBUTE	Tmp-Cast-Byte				1860	byte
ATTRIBUTE	Tmp-Cast-Short				1861	short
ATTRIBUTE	Tmp-Cast-Ethernet			1862	ether
ATTRIBUTE	Tmp-Cast-Signed				1863	signed
# don't use or define these
ATTRIBUTE	Tmp-Cast-Integer64			1869	integer64
ATTRIBUTE	Tmp-Cast-IPv4Prefix			1870	ipv4prefix
# don't use or define VSA or MAX

#	Range:	1900-1909
#	WiMAX server-side attributes.
#
#	These are NOT sent in a packet, but are otherwise
#	available for testing and validation.  The various
#	things that *are* sent in a packet are derived from
#	these attributes.
#
ATTRIBUTE	WiMAX-MN-NAI				1900	string
ATTRIBUTE	WiMAX-SIM-Ki				1901	octets
ATTRIBUTE	WiMAX-SIM-OPc				1902	octets
ATTRIBUTE	WiMAX-SIM-AMF				1903	octets
ATTRIBUTE	WiMAX-SIM-SQN				1904	octets
ATTRIBUTE	WiMAX-SIM-RAND				1905	octets

ATTRIBUTE	TLS-Cert-Serial				1910	string
ATTRIBUTE	TLS-Cert-Expiration			1911	string
ATTRIBUTE	TLS-Cert-Issuer				1912	string
ATTRIBUTE	TLS-Cert-Subject			1913	string
ATTRIBUTE	TLS-Cert-Common-Name			1914	string
ATTRIBUTE	TLS-Cert-Subject-Alt-Name-Email		1915	string
ATTRIBUTE	TLS-Cert-Subject-Alt-Name-Dns		1916	string
ATTRIBUTE	TLS-Cert-Subject-Alt-Name-Upn		1917	string
ATTRIBUTE	TLS-Cert-Valid-Since			1918	string
ATTRIBUTE	TLS-Session-Information			1919	string
ATTRIBUTE	TLS-Client-Cert-Serial			1920	string
ATTRIBUTE	TLS-Client-Cert-Expiration		1921	string
ATTRIBUTE	TLS-Client-Cert-Issuer			1922	string
ATTRIBUTE	TLS-Client-Cert-Subject			1923	string
ATTRIBUTE	TLS-Client-Cert-Common-Name		1924	string
ATTRIBUTE	TLS-Client-Cert-Filename		1925	string
ATTRIBUTE	TLS-Client-Cert-Subject-Alt-Name-Email	1926	string
ATTRIBUTE	TLS-Client-Cert-X509v3-Extended-Key-Usage 1927	string
ATTRIBUTE	TLS-Client-Cert-X509v3-Subject-Key-Identifier 1928	string
ATTRIBUTE	TLS-Client-Cert-X509v3-Authority-Key-Identifier 1929	string
ATTRIBUTE	TLS-Client-Cert-X509v3-Basic-Constraints 1930	string
ATTRIBUTE	TLS-Client-Cert-Subject-Alt-Name-Dns	1931	string
ATTRIBUTE	TLS-Client-Cert-Subject-Alt-Name-Upn	1932	string
ATTRIBUTE	TLS-PSK-Identity			1933	string
ATTRIBUTE	TLS-Client-Cert-X509v3-Extended-Key-Usage-OID 1936	string
ATTRIBUTE	TLS-Client-Cert-Valid-Since		1937	string
ATTRIBUTE	TLS-Cache-Method			1938	integer
VALUE	TLS-Cache-Method		save			1
VALUE	TLS-Cache-Method		load			2
VALUE	TLS-Cache-Method		clear			3
VALUE	TLS-Cache-Method		refresh			4


ATTRIBUTE	TLS-Client-Cert-X509v3-Certificate-Policies	1939 string

# 1940 - 1959: reserved for TLS session caching, mostly in 4.0

ATTRIBUTE	TLS-Session-ID				1940	octets
ATTRIBUTE	TLS-Session-Data			1942	octets

# Set by EAP-TLS code
ATTRIBUTE	TLS-OCSP-Cert-Valid			1943	integer
VALUE	TLS-OCSP-Cert-Valid		unknown			3
VALUE	TLS-OCSP-Cert-Valid		skipped			2
VALUE	TLS-OCSP-Cert-Valid		yes			1
VALUE	TLS-OCSP-Cert-Valid		no			0

ATTRIBUTE	TLS-Cache-Filename			1946	string

ATTRIBUTE	TLS-Session-Version			1947	string
ATTRIBUTE	TLS-Session-Cipher-Suite		1948	string

ATTRIBUTE	TLS-Session-Cert-File			1949	string
ATTRIBUTE	TLS-Session-Cert-Private-Key-File	1950	string

ATTRIBUTE	TLS-Server-Name-Indication		1951	string

#
#	Range:	1960-2099
#		Free
#
#	Range:	2100-2199
#	SoH attributes; FIXME: these should really be protocol attributes
#	so that the SoH radius request can be proxied, but from which
#	vendor? Sigh...
#
ATTRIBUTE	SoH-MS-Machine-OS-vendor		2100	integer
VALUE	SoH-MS-Machine-OS-vendor	Microsoft		311

ATTRIBUTE	SoH-MS-Machine-OS-version		2101	integer
ATTRIBUTE	SoH-MS-Machine-OS-release		2102	integer
ATTRIBUTE	SoH-MS-Machine-OS-build			2103	integer
ATTRIBUTE	SoH-MS-Machine-SP-version		2104	integer
ATTRIBUTE	SoH-MS-Machine-SP-release		2105	integer

ATTRIBUTE	SoH-MS-Machine-Processor		2106	integer
VALUE	SoH-MS-Machine-Processor	x86			0
VALUE	SoH-MS-Machine-Processor	i64			6
VALUE	SoH-MS-Machine-Processor	x86_64			9

ATTRIBUTE	SoH-MS-Machine-Name			2107	string
ATTRIBUTE	SoH-MS-Correlation-Id			2108	octets
ATTRIBUTE	SoH-MS-Machine-Role			2109	integer
VALUE	SoH-MS-Machine-Role		client			1
VALUE	SoH-MS-Machine-Role		dc			2
VALUE	SoH-MS-Machine-Role		server			3

ATTRIBUTE	SoH-Supported				2119	integer
VALUE	SoH-Supported			no			0
VALUE	SoH-Supported			yes			1

ATTRIBUTE	SoH-MS-Windows-Health-Status		2120	string
ATTRIBUTE	SoH-MS-Health-Other			2129	string

#
#	Range:	2200-2219
#		Utilities bundled with the server
#
ATTRIBUTE	Radclient-Test-Name			2200	string

#
#	Range:	2220-2999
#		Free
#
#	Range:	3000-3999
#		Site-local attributes (see raddb/dictionary)
#		Do NOT define attributes in this range!
#
#	Range:	4000-65535
#		Unused
#
#	Range:	65536-
#		Invalid.  Don't use.
#

#
#	Non-Protocol Integer Translations
#

VALUE	Auth-Type			Local			1
VALUE	Auth-Type			Reject			4

#
#	FreeRADIUS extensions (most originally from Cistron)
#
VALUE	Auth-Type			Accept			254

#
#	Authorization type, too.
#
VALUE	Autz-Type			Local			1

#
#	And accounting
#
VALUE	Acct-Type			Local			1

#
#	And Session handling
#
VALUE	Session-Type			Local			1

#
#	And Post-Auth
VALUE	Post-Auth-Type			Local			1
VALUE	Post-Auth-Type			Reject			2
VALUE	Post-Auth-Type			Challenge		3
VALUE	Post-Auth-Type			Client-Lost		4

#
#	And Post-Proxy
VALUE	Post-Proxy-Type			Fail			1
VALUE	Post-Proxy-Type			Fail-Authentication	2
VALUE	Post-Proxy-Type			Fail-Accounting		3
VALUE	Post-Proxy-Type			Fail-CoA		4
VALUE	Post-Proxy-Type			Fail-Disconnect		5

#
#	Experimental Non-Protocol Integer Translations for FreeRADIUS
#
VALUE	Fall-Through			No			0
VALUE	Fall-Through			Yes			1

VALUE	Relax-Filter			No			0
VALUE	Relax-Filter			Yes			1

VALUE	Strip-User-Name			No			0
VALUE	Strip-User-Name			Yes			1

VALUE	Packet-Type			Access-Request		1
VALUE	Packet-Type			Access-Accept		2
VALUE	Packet-Type			Access-Reject		3
VALUE	Packet-Type			Accounting-Request	4
VALUE	Packet-Type			Accounting-Response	5
VALUE	Packet-Type			Accounting-Status	6
VALUE	Packet-Type			Password-Request	7
VALUE	Packet-Type			Password-Accept		8
VALUE	Packet-Type			Password-Reject		9
VALUE	Packet-Type			Accounting-Message	10
VALUE	Packet-Type			Access-Challenge	11
VALUE	Packet-Type			Status-Server		12
VALUE	Packet-Type			Status-Client		13

#
#	The following packet types are described in RFC 2882,
#	but they are NOT part of the RADIUS standard.  Instead,
#	they are informational about vendor-specific extensions
#	to the RADIUS standard.
#
VALUE	Packet-Type			Resource-Free-Request	21
VALUE	Packet-Type			Resource-Free-Response	22
VALUE	Packet-Type			Resource-Query-Request	23
VALUE	Packet-Type			Resource-Query-Response	24
VALUE	Packet-Type			Alternate-Resource-Reclaim-Request 25
VALUE	Packet-Type			NAS-Reboot-Request	26
VALUE	Packet-Type			NAS-Reboot-Response	27
VALUE	Packet-Type			Next-Passcode		29
VALUE	Packet-Type			New-Pin			30
VALUE	Packet-Type			Terminate-Session	31
VALUE	Packet-Type			Password-Expired	32
VALUE	Packet-Type			Event-Request		33
VALUE	Packet-Type			Event-Response		34

#	RFC 3576 allocates packet types 40-45

VALUE	Packet-Type			Disconnect-Request	40
VALUE	Packet-Type			Disconnect-ACK		41
VALUE	Packet-Type			Disconnect-NAK		42
VALUE	Packet-Type			CoA-Request		43
VALUE	Packet-Type			CoA-ACK			44
VALUE	Packet-Type			CoA-NAK			45

VALUE	Packet-Type			IP-Address-Allocate	50
VALUE	Packet-Type			IP-Address-Release	51

VALUE	Response-Packet-Type		Access-Request		1
VALUE	Response-Packet-Type		Access-Accept		2
VALUE	Response-Packet-Type		Access-Reject		3
VALUE	Response-Packet-Type		Accounting-Request	4
VALUE	Response-Packet-Type		Accounting-Response	5
VALUE	Response-Packet-Type		Accounting-Status	6
VALUE	Response-Packet-Type		Password-Request	7
VALUE	Response-Packet-Type		Password-Accept		8
VALUE	Response-Packet-Type		Password-Reject		9
VALUE	Response-Packet-Type		Accounting-Message	10
VALUE	Response-Packet-Type		Access-Challenge	11
VALUE	Response-Packet-Type		Status-Server		12
VALUE	Response-Packet-Type		Status-Client		13

VALUE	Response-Packet-Type		Disconnect-Request	40
VALUE	Response-Packet-Type		Disconnect-ACK		41
VALUE	Response-Packet-Type		Disconnect-NAK		42
VALUE	Response-Packet-Type		CoA-Request		43
VALUE	Response-Packet-Type		CoA-ACK			44
VALUE	Response-Packet-Type		CoA-NAK			45
#
#  Special value
#
VALUE	Response-Packet-Type		Do-Not-Respond		256

#
#	EAP Sub-types, inside of Request and Response packets
#
#	http://www.iana.org/assignments/ppp-numbers
#		"PPP EAP REQUEST/RESPONSE TYPES"
#
#
#	See dictionary.microsoft, MS-Acct-EAP-Type for similar definitions
#
VALUE	EAP-Type			None			0
VALUE	EAP-Type			Identity		1
VALUE	EAP-Type			Notification		2
VALUE	EAP-Type			NAK			3
VALUE	EAP-Type			MD5-Challenge		4
VALUE	EAP-Type			EAP-MD5			4
VALUE	EAP-Type			MD5			4
VALUE	EAP-Type			One-Time-Password	5
VALUE	EAP-Type			OTP			5
VALUE	EAP-Type			Generic-Token-Card	6
VALUE	EAP-Type			EAP-GTC			6
VALUE	EAP-Type			GTC			6
VALUE	EAP-Type			RSA-Public-Key		9
VALUE	EAP-Type			DSS-Unilateral		10
VALUE	EAP-Type			KEA			11
VALUE	EAP-Type			KEA-Validate		12
VALUE	EAP-Type			EAP-TLS			13
VALUE	EAP-Type			TLS			13
VALUE	EAP-Type			Defender-Token		14
VALUE	EAP-Type			RSA-SecurID-EAP		15
VALUE	EAP-Type			Arcot-Systems-EAP	16
VALUE	EAP-Type			Cisco-LEAP		17
VALUE	EAP-Type			LEAP			17
VALUE	EAP-Type			Nokia-IP-Smart-Card	18
VALUE	EAP-Type			EAP-SIM			18
VALUE	EAP-Type			SIM			18
VALUE	EAP-Type			SRP-SHA1		19
# 20 is unassigned
VALUE	EAP-Type			EAP-TTLS		21
VALUE	EAP-Type			TTLS			21
VALUE	EAP-Type			Remote-Access-Service	22
VALUE	EAP-Type			EAP-AKA			23
VALUE	EAP-Type			AKA			23
VALUE	EAP-Type			3Com-Wireless		24
VALUE	EAP-Type			PEAP			25
VALUE	EAP-Type			Microsoft-MS-CHAPv2	26
VALUE	EAP-Type			MAKE			27
VALUE	EAP-Type			CRYPTOCard		28
VALUE	EAP-Type			Cisco-MS-CHAPv2		29
VALUE	EAP-Type			DynamID			30
VALUE	EAP-Type			Rob-EAP			31
VALUE	EAP-Type			SecurID-EAP		32
VALUE	EAP-Type			MS-Authentication-TLV	33
VALUE	EAP-Type			SentriNET		34
VALUE	EAP-Type			Actiontec-Wireless	35
VALUE	EAP-Type			Cogent-Biomentric-EAP	36
VALUE	EAP-Type			AirFortress-EAP		37
VALUE	EAP-Type			HTTP-Digest		38
VALUE	EAP-Type			TNC			38
VALUE	EAP-Type			SecuriSuite-EAP		39
VALUE	EAP-Type			DeviceConnect-EAP	40
VALUE	EAP-Type			SPEKE			41
VALUE	EAP-Type			MOBAC			42
VALUE	EAP-Type			EAP-FAST		43
VALUE	EAP-Type			FAST			43
VALUE	EAP-Type			Zonelabs		44
VALUE	EAP-Type			Link			45
VALUE	EAP-Type			PAX			46
VALUE	EAP-Type			PSK			47
VALUE	EAP-Type			SAKE			48
VALUE	EAP-Type			EAP-IKEv2		49
VALUE	EAP-Type			IKEv2			49
VALUE	EAP-Type			AKA2			50
VALUE	EAP-Type			GPSK			51
VALUE	EAP-Type			PWD			52
VALUE	EAP-Type			EKEv1			53
VALUE	EAP-Type			PT-EAP			54
VALUE	EAP-Type			TEAP			55

#
#	And this is what most people mean by MS-CHAPv2
#
VALUE	EAP-Type			EAP-MSCHAPv2		26
VALUE	EAP-Type			MSCHAPv2		26

#
#	This says TLS, but it's only valid for TTLS & PEAP.
#	EAP-TLS *always* requires a client certificate.
#
VALUE	EAP-TLS-Require-Client-Cert	No			0
VALUE	EAP-TLS-Require-Client-Cert	Yes			1

#
# 	These are the EAP-Code values.
#
VALUE	EAP-Code			Request			1
VALUE	EAP-Code			Response		2
VALUE	EAP-Code			Success			3
VALUE	EAP-Code			Failure			4

#
#  For MS-CHAP, do we run ntlm_auth, or not.
#
VALUE	MS-CHAP-Use-NTLM-Auth		No			0
VALUE	MS-CHAP-Use-NTLM-Auth		Yes			1