2 # Copyright (C) 2015 The FreeRADIUS Server project and contributors
4 # Non Protocol Attributes used by FreeRADIUS
9 # The attributes number ranges are allocates as follows:
12 # server-side attributes which can go in a reply list
14 # These attributes CAN go in the reply item list.
15 ATTRIBUTE Fall-Through 500 integer
16 ATTRIBUTE Relax-Filter 501 integer
17 ATTRIBUTE Exec-Program 502 string
18 ATTRIBUTE Exec-Program-Wait 503 string
20 # These attributes CANNOT go in the reply item list.
24 # Attributes which cannot go in a reply list.
28 # Miscellaneous server attributes.
31 # Non-Protocol Attributes
32 # These attributes are used internally by the server
34 ATTRIBUTE Auth-Type 1000 integer
35 ATTRIBUTE Menu 1001 string
36 ATTRIBUTE Termination-Menu 1002 string
37 ATTRIBUTE Prefix 1003 string
38 ATTRIBUTE Suffix 1004 string
39 ATTRIBUTE Group 1005 string
40 ATTRIBUTE Crypt-Password 1006 string
41 ATTRIBUTE Connect-Rate 1007 integer
42 ATTRIBUTE Add-Prefix 1008 string
43 ATTRIBUTE Add-Suffix 1009 string
44 ATTRIBUTE Expiration 1010 date
45 ATTRIBUTE Autz-Type 1011 integer
46 ATTRIBUTE Acct-Type 1012 integer
47 ATTRIBUTE Session-Type 1013 integer
48 ATTRIBUTE Post-Auth-Type 1014 integer
49 ATTRIBUTE Pre-Proxy-Type 1015 integer
50 ATTRIBUTE Post-Proxy-Type 1016 integer
51 ATTRIBUTE Pre-Acct-Type 1017 integer
54 # This is the EAP type of authentication, which is set
55 # by the EAP module, for informational purposes only.
57 ATTRIBUTE EAP-Type 1018 integer
58 ATTRIBUTE EAP-TLS-Require-Client-Cert 1019 integer
59 ATTRIBUTE EAP-Id 1020 integer
60 ATTRIBUTE EAP-Code 1021 integer
61 ATTRIBUTE EAP-MD5-Password 1022 string
62 ATTRIBUTE PEAP-Version 1023 integer
63 ATTRIBUTE Client-Shortname 1024 string virtual
64 ATTRIBUTE Load-Balance-Key 1025 string
65 ATTRIBUTE Raw-Attribute 1026 octets
66 ATTRIBUTE TNC-VLAN-Access 1027 string
67 ATTRIBUTE TNC-VLAN-Isolate 1028 string
68 ATTRIBUTE User-Category 1029 string
69 ATTRIBUTE Group-Name 1030 string
70 ATTRIBUTE Huntgroup-Name 1031 string
71 ATTRIBUTE Simultaneous-Use 1034 integer
72 ATTRIBUTE Strip-User-Name 1035 integer
73 ATTRIBUTE Hint 1040 string
74 ATTRIBUTE Pam-Auth 1041 string
75 ATTRIBUTE Login-Time 1042 string
76 ATTRIBUTE Stripped-User-Name 1043 string
77 ATTRIBUTE Current-Time 1044 string
78 ATTRIBUTE Realm 1045 string
79 ATTRIBUTE No-Such-Attribute 1046 string
80 ATTRIBUTE Packet-Type 1047 integer virtual
81 ATTRIBUTE Proxy-To-Realm 1048 string
82 ATTRIBUTE Replicate-To-Realm 1049 string
83 ATTRIBUTE Acct-Session-Start-Time 1050 date
84 ATTRIBUTE Acct-Unique-Session-Id 1051 string
85 ATTRIBUTE Client-IP-Address 1052 ipaddr virtual
86 ATTRIBUTE LDAP-UserDN 1053 string
87 ATTRIBUTE NS-MTA-MD5-Password 1054 string
88 ATTRIBUTE SQL-User-Name 1055 string
89 ATTRIBUTE LM-Password 1057 octets
90 ATTRIBUTE NT-Password 1058 octets
91 ATTRIBUTE SMB-Account-CTRL 1059 integer
92 ATTRIBUTE SMB-Account-CTRL-TEXT 1061 string
93 ATTRIBUTE User-Profile 1062 string
94 ATTRIBUTE Digest-Realm 1063 string
95 ATTRIBUTE Digest-Nonce 1064 string
96 ATTRIBUTE Digest-Method 1065 string
97 ATTRIBUTE Digest-URI 1066 string
98 ATTRIBUTE Digest-QOP 1067 string
99 ATTRIBUTE Digest-Algorithm 1068 string
100 ATTRIBUTE Digest-Body-Digest 1069 string
101 ATTRIBUTE Digest-CNonce 1070 string
102 ATTRIBUTE Digest-Nonce-Count 1071 string
103 ATTRIBUTE Digest-User-Name 1072 string
104 ATTRIBUTE Pool-Name 1073 string
105 # LDAP-Group is now dynamically created
106 ATTRIBUTE Module-Success-Message 1075 string
107 ATTRIBUTE Module-Failure-Message 1076 string
108 # X99-Fast 1077 integer
109 ATTRIBUTE Rewrite-Rule 1078 string
110 # SQL-Group is now dynamically created
111 ATTRIBUTE Response-Packet-Type 1080 integer virtual
112 ATTRIBUTE Digest-HA1 1081 string
113 ATTRIBUTE MS-CHAP-Use-NTLM-Auth 1082 integer
114 ATTRIBUTE NTLM-User-Name 1083 string
115 ATTRIBUTE MS-CHAP-User-Name 1083 string
116 ATTRIBUTE Packet-Src-IP-Address 1084 ipaddr virtual
117 ATTRIBUTE Packet-Dst-IP-Address 1085 ipaddr virtual
118 ATTRIBUTE Packet-Src-Port 1086 integer virtual
119 ATTRIBUTE Packet-Dst-Port 1087 integer virtual
120 ATTRIBUTE Packet-Authentication-Vector 1088 octets virtual
121 ATTRIBUTE Time-Of-Day 1089 string
122 ATTRIBUTE Request-Processing-Stage 1090 string virtual
123 ATTRIBUTE SHA2-Password 1092 octets
124 ATTRIBUTE SHA-Password 1093 octets
125 ATTRIBUTE SSHA-Password 1094 octets
126 ATTRIBUTE SHA1-Password 1093 octets
127 ATTRIBUTE SSHA1-Password 1094 octets
128 ATTRIBUTE MD5-Password 1095 octets
129 ATTRIBUTE SMD5-Password 1096 octets
130 ATTRIBUTE Packet-Src-IPv6-Address 1097 ipv6addr virtual
131 ATTRIBUTE Packet-Dst-IPv6-Address 1098 ipv6addr virtual
132 ATTRIBUTE Virtual-Server 1099 string virtual
133 ATTRIBUTE Cleartext-Password 1100 string
134 ATTRIBUTE Password-With-Header 1101 string
135 ATTRIBUTE Inner-Tunnel-User-Name 1102 string
137 # EAP-IKEv2 is experimental.
139 ATTRIBUTE EAP-IKEv2-IDType 1103 integer
141 VALUE EAP-IKEv2-IDType IPV4_ADDR 1
142 VALUE EAP-IKEv2-IDType FQDN 2
143 VALUE EAP-IKEv2-IDType RFC822_ADDR 3
144 VALUE EAP-IKEv2-IDType IPV6_ADDR 5
145 VALUE EAP-IKEv2-IDType DER_ASN1_DN 9
146 VALUE EAP-IKEv2-IDType DER_ASN1_GN 10
147 VALUE EAP-IKEv2-IDType KEY_ID 11
149 ATTRIBUTE EAP-IKEv2-ID 1104 string
150 ATTRIBUTE EAP-IKEv2-Secret 1105 string
151 ATTRIBUTE EAP-IKEv2-AuthType 1106 integer
153 VALUE EAP-IKEv2-AuthType none 0
154 VALUE EAP-IKEv2-AuthType secret 1
155 VALUE EAP-IKEv2-AuthType cert 2
156 VALUE EAP-IKEv2-AuthType both 3
158 ATTRIBUTE Send-Disconnect-Request 1107 integer
159 ATTRIBUTE Send-CoA-Request 1107 integer
161 VALUE Send-CoA-Request No 0
162 VALUE Send-CoA-Request Yes 1
164 ATTRIBUTE Module-Return-Code 1108 integer virtual
166 VALUE Module-Return-Code reject 0
167 VALUE Module-Return-Code fail 1
168 VALUE Module-Return-Code ok 2
169 VALUE Module-Return-Code handled 3
170 VALUE Module-Return-Code invalid 4
171 VALUE Module-Return-Code userlock 5
172 VALUE Module-Return-Code notfound 6
173 VALUE Module-Return-Code noop 7
174 VALUE Module-Return-Code updated 8
176 ATTRIBUTE Packet-Original-Timestamp 1109 date
177 ATTRIBUTE SQL-Table-Name 1110 string
178 ATTRIBUTE Home-Server-Pool 1111 string
180 # For delayed evaluation of maps
181 ATTRIBUTE Attribute-Map 1112 string
183 ATTRIBUTE FreeRADIUS-Client-IP-Address 1120 ipaddr
184 ATTRIBUTE FreeRADIUS-Client-IPv6-Address 1121 ipv6addr
185 # The rest of the FreeRADIUS-Client-* attributes are at 1150...
187 ATTRIBUTE FreeRADIUS-Client-Require-MA 1122 integer
189 VALUE FreeRADIUS-Client-Require-MA no 0
190 VALUE FreeRADIUS-Client-Require-MA yes 1
192 ATTRIBUTE FreeRADIUS-Client-Secret 1123 string
193 ATTRIBUTE FreeRADIUS-Client-Shortname 1124 string
194 ATTRIBUTE FreeRADIUS-Client-NAS-Type 1125 string
195 ATTRIBUTE FreeRADIUS-Client-Virtual-Server 1126 string
197 # For session resumption
198 ATTRIBUTE Allow-Session-Resumption 1127 integer
200 VALUE Allow-Session-Resumption no 0
201 VALUE Allow-Session-Resumption yes 1
203 ATTRIBUTE EAP-Session-Resumed 1128 integer
205 VALUE EAP-Session-Resumed no 0
206 VALUE EAP-Session-Resumed yes 1
209 # Expose EAP keys in the reply.
211 ATTRIBUTE EAP-MSK 1129 octets
212 ATTRIBUTE EAP-EMSK 1130 octets
215 # For send/recv CoA packets (like Auth-Type, Acct-Type, etc.)
217 ATTRIBUTE Recv-CoA-Type 1131 integer
218 ATTRIBUTE Send-CoA-Type 1132 integer
220 ATTRIBUTE MS-CHAP-Password 1133 string
221 ATTRIBUTE Packet-Transmit-Counter 1134 integer
222 ATTRIBUTE Cached-Session-Policy 1135 string
223 ATTRIBUTE MS-CHAP-New-Cleartext-Password 1136 string
224 ATTRIBUTE MS-CHAP-New-NT-Password 1137 octets
226 # For default policies
228 ATTRIBUTE Stripped-User-Domain 1138 string
229 ATTRIBUTE Called-Station-SSID 1139 string
231 ATTRIBUTE OTP-Challenge 1145 string
232 ATTRIBUTE EAP-Session-Id 1146 octets
233 ATTRIBUTE Chbind-Response-Code 1147 integer
235 VALUE Chbind-Response-Code success 2
236 VALUE Chbind-Response-Code failure 3
238 ATTRIBUTE Acct-Input-Octets64 1148 integer64
239 ATTRIBUTE Acct-Output-Octets64 1149 integer64
241 ATTRIBUTE FreeRADIUS-Client-IP-Prefix 1150 ipv4prefix
242 ATTRIBUTE FreeRADIUS-Client-IPv6-Prefix 1151 ipv6prefix
243 ATTRIBUTE FreeRADIUS-Response-Delay 1152 integer
244 ATTRIBUTE FreeRADIUS-Client-Src-IP-Address 1153 ipaddr
245 ATTRIBUTE FreeRADIUS-Client-Src-IPv6-Address 1154 ipv6addr
246 ATTRIBUTE FreeRADIUS-Response-Delay-USec 1155 integer
248 ATTRIBUTE REST-HTTP-Header 1160 string
249 ATTRIBUTE REST-HTTP-Body 1161 string
251 ATTRIBUTE Cache-Expires 1170 date
252 ATTRIBUTE Cache-Created 1171 date
253 ATTRIBUTE Cache-TTL 1172 signed
254 ATTRIBUTE Cache-Status-Only 1173 integer
255 ATTRIBUTE Cache-Merge 1174 integer
256 ATTRIBUTE Cache-Entry-Hits 1175 integer
257 ATTRIBUTE Cache-Read-Only 1176 integer
259 VALUE Cache-Status-Only no 0
260 VALUE Cache-Status-Only yes 1
262 VALUE Cache-Merge no 0
263 VALUE Cache-Merge yes 1
265 VALUE Cache-Read-Only no 0
266 VALUE Cache-Read-Only yes 1
268 ATTRIBUTE SSHA2-224-Password 1177 octets
269 ATTRIBUTE SSHA2-256-Password 1178 octets
270 ATTRIBUTE SSHA2-384-Password 1179 octets
271 ATTRIBUTE SSHA2-512-Password 1180 octets
273 ATTRIBUTE EAP-FAST-TLV 1191 tlv
274 ATTRIBUTE EAP-FAST-Result 1191.3 short
275 ATTRIBUTE EAP-FAST-NAK 1191.4 octets
276 ATTRIBUTE EAP-FAST-Error 1191.5 integer
277 ATTRIBUTE EAP-FAST-Vendor-Specific 1191.7 octets
278 ATTRIBUTE EAP-FAST-EAP-Payload 1191.9 octets
279 ATTRIBUTE EAP-FAST-Intermediate-Result 1191.10 octets
281 ATTRIBUTE EAP-FAST-PAC 1191.11 tlv
282 ATTRIBUTE EAP-FAST-PAC-Key 1191.11.1 octets
284 ATTRIBUTE EAP-FAST-PAC-Opaque-TLV 1191.11.2 tlv
285 ATTRIBUTE EAP-FAST-PAC-Opaque-PAC-Key 1191.11.2.1 octets
286 ATTRIBUTE EAP-FAST-PAC-Opaque-PAC-Lifetime 1191.11.2.3 integer
287 ATTRIBUTE EAP-FAST-PAC-Opaque-I-ID 1191.11.2.5 octets
288 ATTRIBUTE EAP-FAST-PAC-Opaque-PAC-Type 1191.11.2.10 short
290 ATTRIBUTE EAP-FAST-PAC-Lifetime 1191.11.3 integer
291 ATTRIBUTE EAP-FAST-PAC-A-ID 1191.11.4 octets
292 ATTRIBUTE EAP-FAST-PAC-I-ID 1191.11.5 octets
293 ATTRIBUTE EAP-FAST-PAC-A-ID-Info 1191.11.7 octets
294 ATTRIBUTE EAP-FAST-PAC-Acknowledge 1191.11.8 short
295 ATTRIBUTE EAP-FAST-PAC-Info-TLV 1191.11.9 tlv
296 ATTRIBUTE EAP-FAST-PAC-Info-PAC-Lifetime 1191.11.9.3 integer
297 ATTRIBUTE EAP-FAST-PAC-Info-A-ID 1191.11.9.4 octets
298 ATTRIBUTE EAP-FAST-PAC-Info-I-ID 1191.11.9.5 octets
299 ATTRIBUTE EAP-FAST-PAC-Info-A-ID-Info 1191.11.9.7 octets
300 ATTRIBUTE EAP-FAST-PAC-Info-PAC-Type 1191.11.9.10 short
302 ATTRIBUTE EAP-FAST-PAC-Type 1191.11.10 short
304 ATTRIBUTE EAP-FAST-Crypto-Binding 1191.12 octets
306 ATTRIBUTE EAP-FAST-Trusted-Root 1191.18 octets
307 ATTRIBUTE EAP-FAST-Request-Action 1191.19 short
308 ATTRIBUTE EAP-FAST-PKCS 1191.20 octets
309 ATTRIBUTE MS-CHAP-Peer-Challenge 1192 octets
313 # EAP-SIM (and other EAP type) weirdness.
315 # For EAP-SIM, some attribute definitions for database interface
317 ATTRIBUTE EAP-Sim-Subtype 1200 integer
319 ATTRIBUTE EAP-Sim-Rand1 1201 octets
320 ATTRIBUTE EAP-Sim-Rand2 1202 octets
321 ATTRIBUTE EAP-Sim-Rand3 1203 octets
323 ATTRIBUTE EAP-Sim-SRES1 1204 octets
324 ATTRIBUTE EAP-Sim-SRES2 1205 octets
325 ATTRIBUTE EAP-Sim-SRES3 1206 octets
327 VALUE EAP-Sim-Subtype Start 10
328 VALUE EAP-Sim-Subtype Challenge 11
329 VALUE EAP-Sim-Subtype Notification 12
330 VALUE EAP-Sim-Subtype Re-authentication 13
332 # this attribute is used internally by the client code.
333 ATTRIBUTE EAP-Sim-State 1207 integer
335 ATTRIBUTE EAP-Sim-IMSI 1208 string
336 ATTRIBUTE EAP-Sim-HMAC 1209 string
337 ATTRIBUTE EAP-Sim-KEY 1210 octets
338 ATTRIBUTE EAP-Sim-EXTRA 1211 octets
340 ATTRIBUTE EAP-Sim-KC1 1212 octets
341 ATTRIBUTE EAP-Sim-KC2 1213 octets
342 ATTRIBUTE EAP-Sim-KC3 1214 octets
344 ATTRIBUTE EAP-Sim-Ki 1215 octets
345 ATTRIBUTE EAP-Sim-Algo-Version 1216 integer
347 ATTRIBUTE Outer-Realm-Name 1218 string
348 ATTRIBUTE Inner-Realm-Name 1219 string
352 # EAP-type specific attributes
354 # These are used mostly for radeapclient, and aren't
355 # that useful for anyone else.
357 # egrep VALUE dictionary.freeradius.internal | grep EAP-Type | awk '{print "ATTRIBUTE EAP-Type-" $3 " " 1280+$4 " octets"}' > foo;./format.pl foo
359 ATTRIBUTE EAP-Type-Base 1280 octets
360 ATTRIBUTE EAP-Type-VALUE 1280 octets
361 ATTRIBUTE EAP-Type-None 1280 octets
362 ATTRIBUTE EAP-Type-Identity 1281 octets
363 ATTRIBUTE EAP-Type-Notification 1282 octets
364 ATTRIBUTE EAP-Type-NAK 1283 octets
365 ATTRIBUTE EAP-Type-MD5-Challenge 1284 octets
366 ATTRIBUTE EAP-Type-One-Time-Password 1285 octets
367 ATTRIBUTE EAP-Type-Generic-Token-Card 1286 octets
368 ATTRIBUTE EAP-Type-RSA-Public-Key 1289 octets
369 ATTRIBUTE EAP-Type-DSS-Unilateral 1290 octets
370 ATTRIBUTE EAP-Type-KEA 1291 octets
371 ATTRIBUTE EAP-Type-KEA-Validate 1292 octets
372 ATTRIBUTE EAP-Type-EAP-TLS 1293 octets
373 ATTRIBUTE EAP-Type-Defender-Token 1294 octets
374 ATTRIBUTE EAP-Type-RSA-SecurID-EAP 1295 octets
375 ATTRIBUTE EAP-Type-Arcot-Systems-EAP 1296 octets
376 ATTRIBUTE EAP-Type-Cisco-LEAP 1297 octets
377 ATTRIBUTE EAP-Type-Nokia-IP-Smart-Card 1298 octets
378 ATTRIBUTE EAP-Type-SIM 1298 octets
379 ATTRIBUTE EAP-Type-SRP-SHA1 1299 octets
380 ATTRIBUTE EAP-Type-EAP-TTLS 1301 octets
381 ATTRIBUTE EAP-Type-Remote-Access-Service 1302 octets
382 ATTRIBUTE EAP-Type-AKA 1303 octets
383 ATTRIBUTE EAP-Type-EAP-3Com-Wireless 1304 octets
384 ATTRIBUTE EAP-Type-PEAP 1305 octets
385 ATTRIBUTE EAP-Type-MS-EAP-Authentication 1306 octets
386 ATTRIBUTE EAP-Type-MAKE 1307 octets
387 ATTRIBUTE EAP-Type-CRYPTOCard 1308 octets
388 ATTRIBUTE EAP-Type-EAP-MSCHAP-V2 1309 octets
389 ATTRIBUTE EAP-Type-DynamID 1310 octets
390 ATTRIBUTE EAP-Type-Rob-EAP 1311 octets
391 ATTRIBUTE EAP-Type-SecurID-EAP 1312 octets
392 ATTRIBUTE EAP-Type-MS-Authentication-TLV 1313 octets
393 ATTRIBUTE EAP-Type-SentriNET 1314 octets
394 ATTRIBUTE EAP-Type-EAP-Actiontec-Wireless 1315 octets
395 ATTRIBUTE EAP-Type-Cogent-Biomentric-EAP 1316 octets
396 ATTRIBUTE EAP-Type-AirFortress-EAP 1317 octets
397 ATTRIBUTE EAP-Type-EAP-HTTP-Digest 1318 octets
398 ATTRIBUTE EAP-Type-SecuriSuite-EAP 1319 octets
399 ATTRIBUTE EAP-Type-DeviceConnect-EAP 1320 octets
400 ATTRIBUTE EAP-Type-EAP-SPEKE 1321 octets
401 ATTRIBUTE EAP-Type-EAP-MOBAC 1322 octets
402 ATTRIBUTE EAP-Type-EAP-FAST 1323 octets
403 ATTRIBUTE EAP-Type-Zonelabs 1324 octets
404 ATTRIBUTE EAP-Type-EAP-Link 1325 octets
405 ATTRIBUTE EAP-Type-EAP-PAX 1326 octets
406 ATTRIBUTE EAP-Type-EAP-PSK 1327 octets
407 ATTRIBUTE EAP-Type-EAP-SAKE 1328 octets
408 ATTRIBUTE EAP-Type-EAP-IKEv2 1329 octets
409 ATTRIBUTE EAP-Type-EAP-AKA2 1330 octets
410 ATTRIBUTE EAP-Type-EAP-GPSK 1331 octets
411 ATTRIBUTE EAP-Type-EAP-PWD 1332 octets
412 ATTRIBUTE EAP-Type-EAP-EVEv1 1333 octets
414 ATTRIBUTE EAP-Type-Microsoft-MS-CHAPv2 1306 octets
415 ATTRIBUTE EAP-Type-Cisco-MS-CHAPv2 1309 octets
416 ATTRIBUTE EAP-Type-MS-CHAP-V2 1306 octets
423 # these are PW_EAP_SIM_X + 1536
424 ATTRIBUTE EAP_Sim-Base 1536 octets
425 ATTRIBUTE EAP-Sim-RAND 1537 octets
426 ATTRIBUTE EAP-Sim-PADDING 1542 octets
427 ATTRIBUTE EAP-Sim-NONCE_MT 1543 octets
428 ATTRIBUTE EAP-Sim-PERMANENT_ID_REQ 1546 octets
429 ATTRIBUTE EAP-Sim-MAC 1547 octets
430 ATTRIBUTE EAP-Sim-NOTIFICATION 1548 octets
431 ATTRIBUTE EAP-Sim-ANY_ID_REQ 1549 octets
432 ATTRIBUTE EAP-Sim-IDENTITY 1550 octets
433 ATTRIBUTE EAP-Sim-VERSION_LIST 1551 octets
434 ATTRIBUTE EAP-Sim-SELECTED_VERSION 1552 octets
435 ATTRIBUTE EAP-Sim-FULLAUTH_ID_REQ 1553 octets
436 ATTRIBUTE EAP-Sim-COUNTER 1555 octets
437 ATTRIBUTE EAP-Sim-COUNTER_TOO_SMALL 1556 octets
438 ATTRIBUTE EAP-Sim-NONCE_S 1557 octets
439 ATTRIBUTE EAP-Sim-IV 1665 octets
440 ATTRIBUTE EAP-Sim-ENCR_DATA 1666 octets
441 ATTRIBUTE EAP-Sim-NEXT_PSEUDONUM 1668 octets
442 ATTRIBUTE EAP-Sim-NEXT_REAUTH_ID 1669 octets
443 ATTRIBUTE EAP-Sim-CHECKCODE 1670 octets
447 # Temporary attributes, for local storage.
449 ATTRIBUTE Tmp-String-0 1800 string
450 ATTRIBUTE Tmp-String-1 1801 string
451 ATTRIBUTE Tmp-String-2 1802 string
452 ATTRIBUTE Tmp-String-3 1803 string
453 ATTRIBUTE Tmp-String-4 1804 string
454 ATTRIBUTE Tmp-String-5 1805 string
455 ATTRIBUTE Tmp-String-6 1806 string
456 ATTRIBUTE Tmp-String-7 1807 string
457 ATTRIBUTE Tmp-String-8 1808 string
458 ATTRIBUTE Tmp-String-9 1809 string
460 ATTRIBUTE Tmp-Integer-0 1810 integer
461 ATTRIBUTE Tmp-Integer-1 1811 integer
462 ATTRIBUTE Tmp-Integer-2 1812 integer
463 ATTRIBUTE Tmp-Integer-3 1813 integer
464 ATTRIBUTE Tmp-Integer-4 1814 integer
465 ATTRIBUTE Tmp-Integer-5 1815 integer
466 ATTRIBUTE Tmp-Integer-6 1816 integer
467 ATTRIBUTE Tmp-Integer-7 1817 integer
468 ATTRIBUTE Tmp-Integer-8 1818 integer
469 ATTRIBUTE Tmp-Integer-9 1819 integer
471 ATTRIBUTE Tmp-IP-Address-0 1820 ipaddr
472 ATTRIBUTE Tmp-IP-Address-1 1821 ipaddr
473 ATTRIBUTE Tmp-IP-Address-2 1822 ipaddr
474 ATTRIBUTE Tmp-IP-Address-3 1823 ipaddr
475 ATTRIBUTE Tmp-IP-Address-4 1824 ipaddr
476 ATTRIBUTE Tmp-IP-Address-5 1825 ipaddr
477 ATTRIBUTE Tmp-IP-Address-6 1826 ipaddr
478 ATTRIBUTE Tmp-IP-Address-7 1827 ipaddr
479 ATTRIBUTE Tmp-IP-Address-8 1828 ipaddr
480 ATTRIBUTE Tmp-IP-Address-9 1829 ipaddr
482 ATTRIBUTE Tmp-Octets-0 1830 octets
483 ATTRIBUTE Tmp-Octets-1 1831 octets
484 ATTRIBUTE Tmp-Octets-2 1832 octets
485 ATTRIBUTE Tmp-Octets-3 1833 octets
486 ATTRIBUTE Tmp-Octets-4 1834 octets
487 ATTRIBUTE Tmp-Octets-5 1835 octets
488 ATTRIBUTE Tmp-Octets-6 1836 octets
489 ATTRIBUTE Tmp-Octets-7 1837 octets
490 ATTRIBUTE Tmp-Octets-8 1838 octets
491 ATTRIBUTE Tmp-Octets-9 1839 octets
493 ATTRIBUTE Tmp-Date-0 1840 date
494 ATTRIBUTE Tmp-Date-1 1841 date
495 ATTRIBUTE Tmp-Date-2 1842 date
496 ATTRIBUTE Tmp-Date-3 1843 date
497 ATTRIBUTE Tmp-Date-4 1844 date
498 ATTRIBUTE Tmp-Date-5 1845 date
499 ATTRIBUTE Tmp-Date-6 1846 date
500 ATTRIBUTE Tmp-Date-7 1847 date
501 ATTRIBUTE Tmp-Date-8 1848 date
502 ATTRIBUTE Tmp-Date-9 1849 date
504 ATTRIBUTE Tmp-Integer64-0 1871 integer64
505 ATTRIBUTE Tmp-Integer64-1 1872 integer64
506 ATTRIBUTE Tmp-Integer64-2 1873 integer64
507 ATTRIBUTE Tmp-Integer64-3 1874 integer64
508 ATTRIBUTE Tmp-Integer64-4 1875 integer64
509 ATTRIBUTE Tmp-Integer64-5 1876 integer64
510 ATTRIBUTE Tmp-Integer64-6 1877 integer64
511 ATTRIBUTE Tmp-Integer64-7 1878 integer64
512 ATTRIBUTE Tmp-Integer64-8 1879 integer64
513 ATTRIBUTE Tmp-Integer64-9 1880 integer64
515 # These attributes shouldn't be used anywhere. They are defined here
516 # only for casting of values in conditional expressions.
518 # The order and number need to be consistent with the typedefs used
519 # in the server source.
521 ATTRIBUTE Tmp-Cast-String 1851 string
522 ATTRIBUTE Tmp-Cast-Integer 1852 integer
523 ATTRIBUTE Tmp-Cast-Ipaddr 1853 ipaddr
524 ATTRIBUTE Tmp-Cast-Date 1854 date
525 ATTRIBUTE Tmp-Cast-Abinary 1855 abinary
526 ATTRIBUTE Tmp-Cast-Octets 1856 octets
527 ATTRIBUTE Tmp-Cast-Ifid 1857 ifid
528 ATTRIBUTE Tmp-Cast-IPv6Addr 1858 ipv6addr
529 ATTRIBUTE Tmp-Cast-IPv6Prefix 1859 ipv6prefix
530 ATTRIBUTE Tmp-Cast-Byte 1860 byte
531 ATTRIBUTE Tmp-Cast-Short 1861 short
532 ATTRIBUTE Tmp-Cast-Ethernet 1862 ether
533 ATTRIBUTE Tmp-Cast-Signed 1863 signed
534 # don't use or define these
535 ATTRIBUTE Tmp-Cast-Integer64 1869 integer64
536 ATTRIBUTE Tmp-Cast-IPv4Prefix 1870 ipv4prefix
537 # don't use or define VSA or MAX
540 # WiMAX server-side attributes.
542 # These are NOT sent in a packet, but are otherwise
543 # available for testing and validation. The various
544 # things that *are* sent in a packet are derived from
547 ATTRIBUTE WiMAX-MN-NAI 1900 string
549 ATTRIBUTE TLS-Cert-Serial 1910 string
550 ATTRIBUTE TLS-Cert-Expiration 1911 string
551 ATTRIBUTE TLS-Cert-Issuer 1912 string
552 ATTRIBUTE TLS-Cert-Subject 1913 string
553 ATTRIBUTE TLS-Cert-Common-Name 1914 string
554 ATTRIBUTE TLS-Cert-Subject-Alt-Name-Email 1915 string
555 ATTRIBUTE TLS-Cert-Subject-Alt-Name-Dns 1916 string
556 ATTRIBUTE TLS-Cert-Subject-Alt-Name-Upn 1917 string
557 # 1918 - 1919: reserved for future cert attributes
558 ATTRIBUTE TLS-Client-Cert-Serial 1920 string
559 ATTRIBUTE TLS-Client-Cert-Expiration 1921 string
560 ATTRIBUTE TLS-Client-Cert-Issuer 1922 string
561 ATTRIBUTE TLS-Client-Cert-Subject 1923 string
562 ATTRIBUTE TLS-Client-Cert-Common-Name 1924 string
563 ATTRIBUTE TLS-Client-Cert-Filename 1925 string
564 ATTRIBUTE TLS-Client-Cert-Subject-Alt-Name-Email 1926 string
565 ATTRIBUTE TLS-Client-Cert-X509v3-Extended-Key-Usage 1927 string
566 ATTRIBUTE TLS-Client-Cert-X509v3-Subject-Key-Identifier 1928 string
567 ATTRIBUTE TLS-Client-Cert-X509v3-Authority-Key-Identifier 1929 string
568 ATTRIBUTE TLS-Client-Cert-X509v3-Basic-Constraints 1930 string
569 ATTRIBUTE TLS-Client-Cert-Subject-Alt-Name-Dns 1931 string
570 ATTRIBUTE TLS-Client-Cert-Subject-Alt-Name-Upn 1932 string
571 ATTRIBUTE TLS-PSK-Identity 1933 string
573 # 1934 - 1939: reserved for future cert attributes
575 # 1940 - 1949: reserved for TLS session caching, mostly in 3.1
577 # Set by EAP-TLS code
578 ATTRIBUTE TLS-OCSP-Cert-Valid 1943 integer
579 VALUE TLS-OCSP-Cert-Valid unknown 3
580 VALUE TLS-OCSP-Cert-Valid skipped 2
581 VALUE TLS-OCSP-Cert-Valid yes 1
582 VALUE TLS-OCSP-Cert-Valid no 0
589 # SoH attributes; FIXME: these should really be protocol attributes
590 # so that the SoH radius request can be proxied, but from which
593 ATTRIBUTE SoH-MS-Machine-OS-vendor 2100 integer
594 VALUE SoH-MS-Machine-OS-vendor Microsoft 311
596 ATTRIBUTE SoH-MS-Machine-OS-version 2101 integer
597 ATTRIBUTE SoH-MS-Machine-OS-release 2102 integer
598 ATTRIBUTE SoH-MS-Machine-OS-build 2103 integer
599 ATTRIBUTE SoH-MS-Machine-SP-version 2104 integer
600 ATTRIBUTE SoH-MS-Machine-SP-release 2105 integer
602 ATTRIBUTE SoH-MS-Machine-Processor 2106 integer
603 VALUE SoH-MS-Machine-Processor x86 0
604 VALUE SoH-MS-Machine-Processor i64 6
605 VALUE SoH-MS-Machine-Processor x86_64 9
607 ATTRIBUTE SoH-MS-Machine-Name 2107 string
608 ATTRIBUTE SoH-MS-Correlation-Id 2108 octets
609 ATTRIBUTE SoH-MS-Machine-Role 2109 integer
610 VALUE SoH-MS-Machine-Role client 1
611 VALUE SoH-MS-Machine-Role dc 2
612 VALUE SoH-MS-Machine-Role server 3
614 ATTRIBUTE SoH-Supported 2119 integer
615 VALUE SoH-Supported no 0
616 VALUE SoH-Supported yes 1
618 ATTRIBUTE SoH-MS-Windows-Health-Status 2120 string
619 ATTRIBUTE SoH-MS-Health-Other 2129 string
623 # Utilities bundled with the server
625 ATTRIBUTE Radclient-Test-Name 2200 string
632 # Site-local attributes (see raddb/dictionary.in)
633 # Do NOT define attributes in this range!
639 # Invalid. Don't use.
643 # Non-Protocol Integer Translations
646 VALUE Auth-Type Local 1
647 VALUE Auth-Type Reject 4
650 # FreeRADIUS extensions (most originally from Cistron)
652 VALUE Auth-Type Accept 254
655 # Authorization type, too.
657 VALUE Autz-Type Local 1
662 VALUE Acct-Type Local 1
665 # And Session handling
667 VALUE Session-Type Local 1
671 VALUE Post-Auth-Type Local 1
672 VALUE Post-Auth-Type Reject 2
673 VALUE Post-Auth-Type Challenge 3
677 VALUE Post-Proxy-Type Fail 1
678 VALUE Post-Proxy-Type Fail-Authentication 2
679 VALUE Post-Proxy-Type Fail-Accounting 3
680 VALUE Post-Proxy-Type Fail-CoA 4
681 VALUE Post-Proxy-Type Fail-Disconnect 5
684 # Experimental Non-Protocol Integer Translations for FreeRADIUS
686 VALUE Fall-Through No 0
687 VALUE Fall-Through Yes 1
689 VALUE Relax-Filter No 0
690 VALUE Relax-Filter Yes 1
692 VALUE Strip-User-Name No 0
693 VALUE Strip-User-Name Yes 1
695 VALUE Packet-Type Access-Request 1
696 VALUE Packet-Type Access-Accept 2
697 VALUE Packet-Type Access-Reject 3
698 VALUE Packet-Type Accounting-Request 4
699 VALUE Packet-Type Accounting-Response 5
700 VALUE Packet-Type Accounting-Status 6
701 VALUE Packet-Type Password-Request 7
702 VALUE Packet-Type Password-Accept 8
703 VALUE Packet-Type Password-Reject 9
704 VALUE Packet-Type Accounting-Message 10
705 VALUE Packet-Type Access-Challenge 11
706 VALUE Packet-Type Status-Server 12
707 VALUE Packet-Type Status-Client 13
710 # The following packet types are described in RFC 2882,
711 # but they are NOT part of the RADIUS standard. Instead,
712 # they are informational about vendor-specific extensions
713 # to the RADIUS standard.
715 VALUE Packet-Type Resource-Free-Request 21
716 VALUE Packet-Type Resource-Free-Response 22
717 VALUE Packet-Type Resource-Query-Request 23
718 VALUE Packet-Type Resource-Query-Response 24
719 VALUE Packet-Type Alternate-Resource-Reclaim-Request 25
720 VALUE Packet-Type NAS-Reboot-Request 26
721 VALUE Packet-Type NAS-Reboot-Response 27
722 VALUE Packet-Type Next-Passcode 29
723 VALUE Packet-Type New-Pin 30
724 VALUE Packet-Type Terminate-Session 31
725 VALUE Packet-Type Password-Expired 32
726 VALUE Packet-Type Event-Request 33
727 VALUE Packet-Type Event-Response 34
729 # RFC 3576 allocates packet types 40-45
731 VALUE Packet-Type Disconnect-Request 40
732 VALUE Packet-Type Disconnect-ACK 41
733 VALUE Packet-Type Disconnect-NAK 42
734 VALUE Packet-Type CoA-Request 43
735 VALUE Packet-Type CoA-ACK 44
736 VALUE Packet-Type CoA-NAK 45
738 VALUE Packet-Type IP-Address-Allocate 50
739 VALUE Packet-Type IP-Address-Release 51
741 VALUE Response-Packet-Type Access-Request 1
742 VALUE Response-Packet-Type Access-Accept 2
743 VALUE Response-Packet-Type Access-Reject 3
744 VALUE Response-Packet-Type Accounting-Request 4
745 VALUE Response-Packet-Type Accounting-Response 5
746 VALUE Response-Packet-Type Accounting-Status 6
747 VALUE Response-Packet-Type Password-Request 7
748 VALUE Response-Packet-Type Password-Accept 8
749 VALUE Response-Packet-Type Password-Reject 9
750 VALUE Response-Packet-Type Accounting-Message 10
751 VALUE Response-Packet-Type Access-Challenge 11
752 VALUE Response-Packet-Type Status-Server 12
753 VALUE Response-Packet-Type Status-Client 13
755 VALUE Response-Packet-Type Disconnect-Request 40
756 VALUE Response-Packet-Type Disconnect-ACK 41
757 VALUE Response-Packet-Type Disconnect-NAK 42
758 VALUE Response-Packet-Type CoA-Request 43
759 VALUE Response-Packet-Type CoA-ACK 44
760 VALUE Response-Packet-Type CoA-NAK 45
764 VALUE Response-Packet-Type Do-Not-Respond 256
767 # EAP Sub-types, inside of Request and Response packets
769 # http://www.iana.org/assignments/ppp-numbers
770 # "PPP EAP REQUEST/RESPONSE TYPES"
773 # See dictionary.microsoft, MS-Acct-EAP-Type for similar definitions
775 VALUE EAP-Type None 0
776 VALUE EAP-Type Identity 1
777 VALUE EAP-Type Notification 2
779 VALUE EAP-Type MD5-Challenge 4
781 VALUE EAP-Type One-Time-Password 5
783 VALUE EAP-Type Generic-Token-Card 6
785 VALUE EAP-Type RSA-Public-Key 9
786 VALUE EAP-Type DSS-Unilateral 10
787 VALUE EAP-Type KEA 11
788 VALUE EAP-Type KEA-Validate 12
789 VALUE EAP-Type TLS 13
790 VALUE EAP-Type Defender-Token 14
791 VALUE EAP-Type RSA-SecurID-EAP 15
792 VALUE EAP-Type Arcot-Systems-EAP 16
793 VALUE EAP-Type Cisco-LEAP 17
794 VALUE EAP-Type LEAP 17
795 VALUE EAP-Type Nokia-IP-Smart-Card 18
796 VALUE EAP-Type SIM 18
797 VALUE EAP-Type SRP-SHA1 19
799 VALUE EAP-Type TTLS 21
800 VALUE EAP-Type Remote-Access-Service 22
801 VALUE EAP-Type AKA 23
802 VALUE EAP-Type 3Com-Wireless 24
803 VALUE EAP-Type PEAP 25
804 VALUE EAP-Type Microsoft-MS-CHAPv2 26
805 VALUE EAP-Type MAKE 27
806 VALUE EAP-Type CRYPTOCard 28
807 VALUE EAP-Type Cisco-MS-CHAPv2 29
808 VALUE EAP-Type DynamID 30
809 VALUE EAP-Type Rob-EAP 31
810 VALUE EAP-Type SecurID-EAP 32
811 VALUE EAP-Type MS-Authentication-TLV 33
812 VALUE EAP-Type SentriNET 34
813 VALUE EAP-Type Actiontec-Wireless 35
814 VALUE EAP-Type Cogent-Biomentric-EAP 36
815 VALUE EAP-Type AirFortress-EAP 37
816 VALUE EAP-Type HTTP-Digest 38
817 VALUE EAP-Type TNC 38
818 VALUE EAP-Type SecuriSuite-EAP 39
819 VALUE EAP-Type DeviceConnect-EAP 40
820 VALUE EAP-Type SPEKE 41
821 VALUE EAP-Type MOBAC 42
822 VALUE EAP-Type FAST 43
823 VALUE EAP-Type Zonelabs 44
824 VALUE EAP-Type Link 45
825 VALUE EAP-Type PAX 46
826 VALUE EAP-Type PSK 47
827 VALUE EAP-Type SAKE 48
828 VALUE EAP-Type IKEv2 49
829 VALUE EAP-Type AKA2 50
830 VALUE EAP-Type GPSK 51
831 VALUE EAP-Type PWD 52
832 VALUE EAP-Type EKEv1 53
835 # And this is what most people mean by MS-CHAPv2
837 VALUE EAP-Type MSCHAPv2 26
840 # This says TLS, but it's only valid for TTLS & PEAP.
841 # EAP-TLS *always* requires a client certificate.
843 VALUE EAP-TLS-Require-Client-Cert No 0
844 VALUE EAP-TLS-Require-Client-Cert Yes 1
847 # These are the EAP-Code values.
849 VALUE EAP-Code Request 1
850 VALUE EAP-Code Response 2
851 VALUE EAP-Code Success 3
852 VALUE EAP-Code Failure 4
855 # For MS-CHAP, do we run ntlm_auth, or not.
857 VALUE MS-CHAP-Use-NTLM-Auth No 0
858 VALUE MS-CHAP-Use-NTLM-Auth Yes 1
projects / freeradius.git / blob