summaryrefslogtreecommitdiffstats
path: root/resources/protocols/radius/dictionary.microsoft
blob: 31f351e77990f4462f988d468d637f4585ec61ab (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
# -*- text -*-
# Copyright (C) 2019 The FreeRADIUS Server project and contributors
# This work is licensed under CC-BY version 4.0 https://creativecommons.org/licenses/by/4.0
#
#	Microsoft's VSA's, from RFC 2548
#
#	$Id: 6ba9dd5bedec065f0535f82390a8b6e9cdbaaf0f $
#

VENDOR		Microsoft			311

BEGIN-VENDOR	Microsoft
ATTRIBUTE	MS-CHAP-Response			1	octets[50]
ATTRIBUTE	MS-CHAP-Error				2	string
ATTRIBUTE	MS-CHAP-CPW-1				3	octets[70]
ATTRIBUTE	MS-CHAP-CPW-2				4	octets[84]
ATTRIBUTE	MS-CHAP-LM-Enc-PW			5	octets
ATTRIBUTE	MS-CHAP-NT-Enc-PW			6	octets
ATTRIBUTE	MS-MPPE-Encryption-Policy		7	integer

VALUE	MS-MPPE-Encryption-Policy	Encryption-Allowed	1
VALUE	MS-MPPE-Encryption-Policy	Encryption-Required	2

# This is referred to as both singular and plural in the RFC.
# Plural seems to make more sense.
ATTRIBUTE	MS-MPPE-Encryption-Type			8	integer
ATTRIBUTE	MS-MPPE-Encryption-Types		8	integer

# The values below from FreeRADIUS are incorrect according to the RFC.
#VALUE	MS-MPPE-Encryption-Types	RC4-40bit-Allowed	1
#VALUE	MS-MPPE-Encryption-Types	RC4-128bit-Allowed	2
#VALUE	MS-MPPE-Encryption-Types	RC4-40or128-bit-Allowed	6
VALUE MS-MPPE-Encryption-Types  None                            0  ##[wireshark]
VALUE MS-MPPE-Encryption-Types  RC4-40                          2  ##[wireshark]
VALUE MS-MPPE-Encryption-Types  RC4-128                         4  ##[wireshark]
VALUE MS-MPPE-Encryption-Types  RC4-40-128                      6  ##[wireshark]
VALUE MS-MPPE-Encryption-Types  Stateless                       8  ##[wireshark]
VALUE MS-MPPE-Encryption-Types  RC4-40-Stateless               10  ##[wireshark]
VALUE MS-MPPE-Encryption-Types  RC4-128-Stateless              12  ##[wireshark]
VALUE MS-MPPE-Encryption-Types  RC4-40-128-Stateless           14  ##[wireshark]

ATTRIBUTE	MS-RAS-Vendor				9	integer	# content is Vendor-ID
ATTRIBUTE	MS-CHAP-Domain				10	string
ATTRIBUTE	MS-CHAP-Challenge			11	octets
ATTRIBUTE	MS-CHAP-MPPE-Keys			12	octets[24]  encrypt=1
ATTRIBUTE	MS-BAP-Usage				13	integer
ATTRIBUTE	MS-Link-Utilization-Threshold		14	integer # values are 1-100
ATTRIBUTE	MS-Link-Drop-Time-Limit			15	integer
ATTRIBUTE	MS-MPPE-Send-Key			16	octets	encrypt=2
ATTRIBUTE	MS-MPPE-Recv-Key			17	octets	encrypt=2
ATTRIBUTE	MS-RAS-Version				18	string
ATTRIBUTE	MS-Old-ARAP-Password			19	octets
ATTRIBUTE	MS-New-ARAP-Password			20	octets
ATTRIBUTE	MS-ARAP-PW-Change-Reason		21	integer

ATTRIBUTE	MS-Filter				22	octets
ATTRIBUTE	MS-Acct-Auth-Type			23	integer
ATTRIBUTE	MS-Acct-EAP-Type			24	integer

ATTRIBUTE	MS-CHAP2-Response			25	octets[50]
ATTRIBUTE	MS-CHAP2-Success			26	octets
ATTRIBUTE	MS-CHAP2-CPW				27	octets[68]

ATTRIBUTE	MS-Primary-DNS-Server			28	ipaddr
ATTRIBUTE	MS-Secondary-DNS-Server			29	ipaddr
ATTRIBUTE	MS-Primary-NBNS-Server			30	ipaddr
ATTRIBUTE	MS-Secondary-NBNS-Server		31	ipaddr

#ATTRIBUTE	MS-ARAP-Challenge			33	octets[8]

## MS-RNAP
#
# http://download.microsoft.com/download/9/5/E/95EF66AF-9026-4BB0-A41D-A4F81802D92C/%5BMS-RNAP%5D.pdf

ATTRIBUTE	MS-RAS-Client-Name			34	string
ATTRIBUTE	MS-RAS-Client-Version			35	string
ATTRIBUTE	MS-Quarantine-IPFilter			36	octets
ATTRIBUTE	MS-Quarantine-Session-Timeout		37	integer
ATTRIBUTE	MS-User-Security-Identity		40	string
ATTRIBUTE	MS-Identity-Type			41	integer
ATTRIBUTE	MS-Service-Class			42	string
ATTRIBUTE	MS-Quarantine-User-Class		44	string
ATTRIBUTE	MS-Quarantine-State			45	integer
ATTRIBUTE	MS-Quarantine-Grace-Time		46	integer
ATTRIBUTE	MS-Network-Access-Server-Type		47	integer
ATTRIBUTE	MS-AFW-Zone				48	integer

VALUE	MS-AFW-Zone			MS-AFW-Zone-Boundary-Policy 1
VALUE	MS-AFW-Zone			MS-AFW-Zone-Unprotected-Policy 2
VALUE	MS-AFW-Zone			MS-AFW-Zone-Protected-Policy 3

ATTRIBUTE	MS-AFW-Protection-Level			49	integer

VALUE	MS-AFW-Protection-Level		HECP-Response-Sign-Only	1
VALUE	MS-AFW-Protection-Level		HECP-Response-Sign-And-Encrypt 2

ATTRIBUTE	MS-Machine-Name				50	string
ATTRIBUTE	MS-IPv6-Filter				51	octets
ATTRIBUTE	MS-IPv4-Remediation-Servers		52	octets
ATTRIBUTE	MS-IPv6-Remediation-Servers		53	octets
ATTRIBUTE	MS-RNAP-Not-Quarantine-Capable		54	integer

VALUE	MS-RNAP-Not-Quarantine-Capable	SoH-Sent		0
VALUE	MS-RNAP-Not-Quarantine-Capable	SoH-Not-Sent		1

ATTRIBUTE	MS-Quarantine-SOH			55	octets
ATTRIBUTE	MS-RAS-Correlation			56	octets

#  Or this might be 56?
ATTRIBUTE	MS-Extended-Quarantine-State		57	integer

ATTRIBUTE	MS-HCAP-User-Groups			58	string
ATTRIBUTE	MS-HCAP-Location-Group-Name		59	string
ATTRIBUTE	MS-HCAP-User-Name			60	string
ATTRIBUTE	MS-User-IPv4-Address			61	ipaddr
ATTRIBUTE	MS-User-IPv6-Address			62	ipv6addr
ATTRIBUTE	MS-TSG-Device-Redirection		63	integer

#
#	Integer Translations
#

#	MS-BAP-Usage Values

VALUE	MS-BAP-Usage			Not-Allowed		0
VALUE	MS-BAP-Usage			Allowed			1
VALUE	MS-BAP-Usage			Required		2

#	MS-ARAP-Password-Change-Reason Values

VALUE	MS-ARAP-PW-Change-Reason	Just-Change-Password	1
VALUE	MS-ARAP-PW-Change-Reason	Expired-Password	2
VALUE	MS-ARAP-PW-Change-Reason	Admin-Requires-Password-Change 3
VALUE	MS-ARAP-PW-Change-Reason	Password-Too-Short	4

#	MS-Acct-Auth-Type Values

VALUE	MS-Acct-Auth-Type		PAP			1
VALUE	MS-Acct-Auth-Type		CHAP			2
VALUE	MS-Acct-Auth-Type		MS-CHAP-1		3
VALUE	MS-Acct-Auth-Type		MS-CHAP-2		4
VALUE	MS-Acct-Auth-Type		EAP			5

#	MS-Acct-EAP-Type Values

VALUE	MS-Acct-EAP-Type		MD5			4
VALUE	MS-Acct-EAP-Type		OTP			5
VALUE	MS-Acct-EAP-Type		Generic-Token-Card	6
VALUE	MS-Acct-EAP-Type		TLS			13

#  MS-Identity-Type Values

VALUE	MS-Identity-Type		Machine-Health-Check	1
VALUE	MS-Identity-Type		Ignore-User-Lookup-Failure 2

#  MS-Quarantine-State Values

VALUE	MS-Quarantine-State		Full-Access		0
VALUE	MS-Quarantine-State		Quarantine		1
VALUE	MS-Quarantine-State		Probation		2

#  MS-Network-Access-Server-Type Values

VALUE	MS-Network-Access-Server-Type	Unspecified		0
VALUE	MS-Network-Access-Server-Type	Terminal-Server-Gateway	1
VALUE	MS-Network-Access-Server-Type	Remote-Access-Server	2
VALUE	MS-Network-Access-Server-Type	DHCP-Server		3
VALUE	MS-Network-Access-Server-Type	Wireless-Access-Point	4
VALUE	MS-Network-Access-Server-Type	HRA			5
VALUE	MS-Network-Access-Server-Type	HCAP-Server		6

#  MS-Extended-Quarantine-State Values

VALUE	MS-Extended-Quarantine-State	Transition		1
VALUE	MS-Extended-Quarantine-State	Infected		2
VALUE	MS-Extended-Quarantine-State	Unknown			3
VALUE	MS-Extended-Quarantine-State	No-Data			4

END-VENDOR Microsoft