2 # Copyright (C) 2011 The FreeRADIUS Server project and contributors
4 # Non Protocol Attributes used by FreeRADIUS
9 # The attributes number ranges are allocates as follows:
12 # server-side attributes which can go in a reply list
14 # These attributes CAN go in the reply item list.
15 ATTRIBUTE Fall-Through 500 integer
16 ATTRIBUTE Relax-Filter 501 integer
17 ATTRIBUTE Exec-Program 502 string
18 ATTRIBUTE Exec-Program-Wait 503 string
20 # These attributes CANNOT go in the reply item list.
24 # Attributes which cannot go in a reply list.
28 # Miscellaneous server attributes.
31 # Non-Protocol Attributes
32 # These attributes are used internally by the server
34 ATTRIBUTE Auth-Type 1000 integer
35 ATTRIBUTE Menu 1001 string
36 ATTRIBUTE Termination-Menu 1002 string
37 ATTRIBUTE Prefix 1003 string
38 ATTRIBUTE Suffix 1004 string
39 ATTRIBUTE Group 1005 string
40 ATTRIBUTE Crypt-Password 1006 string
41 ATTRIBUTE Connect-Rate 1007 integer
42 ATTRIBUTE Add-Prefix 1008 string
43 ATTRIBUTE Add-Suffix 1009 string
44 ATTRIBUTE Expiration 1010 date
45 ATTRIBUTE Autz-Type 1011 integer
46 ATTRIBUTE Acct-Type 1012 integer
47 ATTRIBUTE Session-Type 1013 integer
48 ATTRIBUTE Post-Auth-Type 1014 integer
49 ATTRIBUTE Pre-Proxy-Type 1015 integer
50 ATTRIBUTE Post-Proxy-Type 1016 integer
51 ATTRIBUTE Pre-Acct-Type 1017 integer
54 # This is the EAP type of authentication, which is set
55 # by the EAP module, for informational purposes only.
57 ATTRIBUTE EAP-Type 1018 integer
58 ATTRIBUTE EAP-TLS-Require-Client-Cert 1019 integer
59 ATTRIBUTE EAP-Id 1020 integer
60 ATTRIBUTE EAP-Code 1021 integer
61 # Attribute 1022 unused, was EAP-MD5-Password, which was
62 # used only be radeapclient. It's been replaced by Cleartext-Password
63 ATTRIBUTE PEAP-Version 1023 integer
64 ATTRIBUTE Client-Shortname 1024 string
65 ATTRIBUTE Load-Balance-Key 1025 string
66 ATTRIBUTE Raw-Attribute 1026 octets
67 ATTRIBUTE TNC-VLAN-Access 1027 string
68 ATTRIBUTE TNC-VLAN-Isolate 1028 string
69 ATTRIBUTE User-Category 1029 string
70 ATTRIBUTE Group-Name 1030 string
71 ATTRIBUTE Huntgroup-Name 1031 string
72 ATTRIBUTE Simultaneous-Use 1034 integer
73 ATTRIBUTE Strip-User-Name 1035 integer
74 ATTRIBUTE Hint 1040 string
75 ATTRIBUTE Pam-Auth 1041 string
76 ATTRIBUTE Login-Time 1042 string
77 ATTRIBUTE Stripped-User-Name 1043 string
78 ATTRIBUTE Current-Time 1044 string
79 ATTRIBUTE Realm 1045 string
80 ATTRIBUTE No-Such-Attribute 1046 string
81 ATTRIBUTE Packet-Type 1047 integer
82 ATTRIBUTE Proxy-To-Realm 1048 string
83 ATTRIBUTE Replicate-To-Realm 1049 string
84 ATTRIBUTE Acct-Session-Start-Time 1050 date
85 ATTRIBUTE Acct-Unique-Session-Id 1051 string
86 ATTRIBUTE Client-IP-Address 1052 ipaddr
87 ATTRIBUTE Ldap-UserDn 1053 string
88 ATTRIBUTE NS-MTA-MD5-Password 1054 string
89 ATTRIBUTE SQL-User-Name 1055 string
90 ATTRIBUTE LM-Password 1057 octets
91 ATTRIBUTE NT-Password 1058 octets
92 ATTRIBUTE SMB-Account-CTRL 1059 integer
93 ATTRIBUTE SMB-Account-CTRL-TEXT 1061 string
94 ATTRIBUTE User-Profile 1062 string
95 ATTRIBUTE Digest-Realm 1063 string
96 ATTRIBUTE Digest-Nonce 1064 string
97 ATTRIBUTE Digest-Method 1065 string
98 ATTRIBUTE Digest-URI 1066 string
99 ATTRIBUTE Digest-QOP 1067 string
100 ATTRIBUTE Digest-Algorithm 1068 string
101 ATTRIBUTE Digest-Body-Digest 1069 string
102 ATTRIBUTE Digest-CNonce 1070 string
103 ATTRIBUTE Digest-Nonce-Count 1071 string
104 ATTRIBUTE Digest-User-Name 1072 string
105 ATTRIBUTE Pool-Name 1073 string
106 ATTRIBUTE Ldap-Group 1074 string
107 ATTRIBUTE Module-Success-Message 1075 string
108 ATTRIBUTE Module-Failure-Message 1076 string
109 # X99-Fast 1077 integer
110 ATTRIBUTE Rewrite-Rule 1078 string
111 ATTRIBUTE Sql-Group 1079 string
112 ATTRIBUTE Response-Packet-Type 1080 integer
113 ATTRIBUTE Digest-HA1 1081 string
114 ATTRIBUTE MS-CHAP-Use-NTLM-Auth 1082 integer
115 ATTRIBUTE NTLM-User-Name 1083 string
116 ATTRIBUTE MS-CHAP-User-Name 1083 string
117 ATTRIBUTE Packet-Src-IP-Address 1084 ipaddr
118 ATTRIBUTE Packet-Dst-IP-Address 1085 ipaddr
119 ATTRIBUTE Packet-Src-Port 1086 integer
120 ATTRIBUTE Packet-Dst-Port 1087 integer
121 ATTRIBUTE Packet-Authentication-Vector 1088 octets
122 ATTRIBUTE Time-Of-Day 1089 string
123 ATTRIBUTE Request-Processing-Stage 1090 string
124 ATTRIBUTE Cache-No-Caching 1091 string
125 ATTRIBUTE Cache-Delete-Cache 1092 string
126 ATTRIBUTE SHA-Password 1093 octets
127 ATTRIBUTE SSHA-Password 1094 octets
128 ATTRIBUTE SHA1-Password 1093 octets
129 ATTRIBUTE SSHA1-Password 1094 octets
130 ATTRIBUTE MD5-Password 1095 octets
131 ATTRIBUTE SMD5-Password 1096 octets
132 ATTRIBUTE Packet-Src-IPv6-Address 1097 ipv6addr
133 ATTRIBUTE Packet-Dst-IPv6-Address 1098 ipv6addr
134 ATTRIBUTE Virtual-Server 1099 string
135 ATTRIBUTE Cleartext-Password 1100 string
136 ATTRIBUTE Password-With-Header 1101 string
137 ATTRIBUTE Inner-Tunnel-User-Name 1102 string
140 # EAP-IKEv2 is experimental.
142 ATTRIBUTE EAP-IKEv2-IDType 1103 integer
144 VALUE EAP-IKEv2-IDType IPV4_ADDR 1
145 VALUE EAP-IKEv2-IDType FQDN 2
146 VALUE EAP-IKEv2-IDType RFC822_ADDR 3
147 VALUE EAP-IKEv2-IDType IPV6_ADDR 5
148 VALUE EAP-IKEv2-IDType DER_ASN1_DN 9
149 VALUE EAP-IKEv2-IDType DER_ASN1_GN 10
150 VALUE EAP-IKEv2-IDType KEY_ID 11
152 ATTRIBUTE EAP-IKEv2-ID 1104 string
153 ATTRIBUTE EAP-IKEv2-Secret 1105 string
154 ATTRIBUTE EAP-IKEv2-AuthType 1106 integer
156 VALUE EAP-IKEv2-AuthType none 0
157 VALUE EAP-IKEv2-AuthType secret 1
158 VALUE EAP-IKEv2-AuthType cert 2
159 VALUE EAP-IKEv2-AuthType both 3
161 ATTRIBUTE Send-Disconnect-Request 1107 integer
162 ATTRIBUTE Send-CoA-Request 1107 integer
164 VALUE Send-CoA-Request No 0
165 VALUE Send-CoA-Request Yes 1
167 ATTRIBUTE Module-Return-Code 1108 integer
169 VALUE Module-Return-Code reject 0
170 VALUE Module-Return-Code fail 1
171 VALUE Module-Return-Code ok 2
172 VALUE Module-Return-Code handled 3
173 VALUE Module-Return-Code invalid 4
174 VALUE Module-Return-Code userlock 5
175 VALUE Module-Return-Code notfound 6
176 VALUE Module-Return-Code noop 7
177 VALUE Module-Return-Code updated 8
179 ATTRIBUTE Packet-Original-Timestamp 1109 date
180 ATTRIBUTE SQL-Table-Name 1110 string
181 ATTRIBUTE Home-Server-Pool 1111 string
183 ATTRIBUTE FreeRADIUS-Client-IP-Address 1120 ipaddr
184 ATTRIBUTE FreeRADIUS-Client-IPv6-Address 1121 ipv6addr
185 ATTRIBUTE FreeRADIUS-Client-Require-MA 1122 integer
187 VALUE FreeRADIUS-Client-Require-MA no 0
188 VALUE FreeRADIUS-Client-Require-MA yes 1
190 ATTRIBUTE FreeRADIUS-Client-Secret 1123 string
191 ATTRIBUTE FreeRADIUS-Client-Shortname 1124 string
192 ATTRIBUTE FreeRADIUS-Client-NAS-Type 1125 string
193 ATTRIBUTE FreeRADIUS-Client-Virtual-Server 1126 string
195 # For session resumption
196 ATTRIBUTE Allow-Session-Resumption 1127 integer
198 VALUE Allow-Session-Resumption no 0
199 VALUE Allow-Session-Resumption yes 1
201 ATTRIBUTE EAP-Session-Resumed 1128 integer
203 VALUE EAP-Session-Resumed no 0
204 VALUE EAP-Session-Resumed yes 1
207 # Expose EAP keys in the reply.
209 ATTRIBUTE EAP-MSK 1129 octets
210 ATTRIBUTE EAP-EMSK 1130 octets
213 # For send/recv CoA packets (like Auth-Type, Acct-Type, etc.)
215 ATTRIBUTE Recv-CoA-Type 1131 integer
216 ATTRIBUTE Send-CoA-Type 1132 integer
218 ATTRIBUTE MS-CHAP-Password 1133 string
219 ATTRIBUTE Packet-Transmit-Counter 1134 integer
220 ATTRIBUTE Cached-Session-Policy 1135 string
222 ATTRIBUTE Cache-TTL 1140 integer
223 ATTRIBUTE Cache-Status-Only 1141 integer
224 ATTRIBUTE Cache-Entry-Hits 1142 integer
226 VALUE Cache-Status-Only no 0
227 VALUE Cache-Status-Only yes 1
229 ATTRIBUTE EAP-Session-Id 1146 octets
233 # EAP-SIM (and other EAP type) weirdness.
235 # For EAP-SIM, some attribute definitions for database interface
237 ATTRIBUTE EAP-Sim-Subtype 1200 integer
239 ATTRIBUTE EAP-Sim-Rand1 1201 octets
240 ATTRIBUTE EAP-Sim-Rand2 1202 octets
241 ATTRIBUTE EAP-Sim-Rand3 1203 octets
243 ATTRIBUTE EAP-Sim-SRES1 1204 octets
244 ATTRIBUTE EAP-Sim-SRES2 1205 octets
245 ATTRIBUTE EAP-Sim-SRES3 1206 octets
247 VALUE EAP-Sim-Subtype Start 10
248 VALUE EAP-Sim-Subtype Challenge 11
249 VALUE EAP-Sim-Subtype Notification 12
250 VALUE EAP-Sim-Subtype Re-authentication 13
252 # this attribute is used internally by the client code.
253 ATTRIBUTE EAP-Sim-State 1207 integer
255 ATTRIBUTE EAP-Sim-IMSI 1208 string
256 ATTRIBUTE EAP-Sim-HMAC 1209 string
257 ATTRIBUTE EAP-Sim-KEY 1210 octets
258 ATTRIBUTE EAP-Sim-EXTRA 1211 octets
260 ATTRIBUTE EAP-Sim-KC1 1212 octets
261 ATTRIBUTE EAP-Sim-KC2 1213 octets
262 ATTRIBUTE EAP-Sim-KC3 1214 octets
266 # EAP-type specific attributes
268 # These are used mostly for radeapclient, and aren't
269 # that useful for anyone else.
271 # egrep VALUE dictionary.freeradius.internal | grep EAP-Type | awk '{print "ATTRIBUTE EAP-Type-" $3 " " 1280+$4 " octets"}' > foo;./format.pl foo
273 ATTRIBUTE EAP-Type-VALUE 1280 octets
274 ATTRIBUTE EAP-Type-None 1280 octets
275 ATTRIBUTE EAP-Type-Identity 1281 octets
276 ATTRIBUTE EAP-Type-Notification 1282 octets
277 ATTRIBUTE EAP-Type-NAK 1283 octets
278 ATTRIBUTE EAP-Type-MD5-Challenge 1284 octets
279 ATTRIBUTE EAP-Type-One-Time-Password 1285 octets
280 ATTRIBUTE EAP-Type-Generic-Token-Card 1286 octets
281 ATTRIBUTE EAP-Type-RSA-Public-Key 1289 octets
282 ATTRIBUTE EAP-Type-DSS-Unilateral 1290 octets
283 ATTRIBUTE EAP-Type-KEA 1291 octets
284 ATTRIBUTE EAP-Type-KEA-Validate 1292 octets
285 ATTRIBUTE EAP-Type-EAP-TLS 1293 octets
286 ATTRIBUTE EAP-Type-Defender-Token 1294 octets
287 ATTRIBUTE EAP-Type-RSA-SecurID-EAP 1295 octets
288 ATTRIBUTE EAP-Type-Arcot-Systems-EAP 1296 octets
289 ATTRIBUTE EAP-Type-Cisco-LEAP 1297 octets
290 ATTRIBUTE EAP-Type-Nokia-IP-Smart-Card 1298 octets
291 ATTRIBUTE EAP-Type-SIM 1298 octets
292 ATTRIBUTE EAP-Type-SRP-SHA1 1299 octets
293 ATTRIBUTE EAP-Type-EAP-TTLS 1301 octets
294 ATTRIBUTE EAP-Type-Remote-Access-Service 1302 octets
295 ATTRIBUTE EAP-Type-AKA 1303 octets
296 ATTRIBUTE EAP-Type-EAP-3Com-Wireless 1304 octets
297 ATTRIBUTE EAP-Type-PEAP 1305 octets
298 ATTRIBUTE EAP-Type-MS-EAP-Authentication 1306 octets
299 ATTRIBUTE EAP-Type-MAKE 1307 octets
300 ATTRIBUTE EAP-Type-CRYPTOCard 1308 octets
301 ATTRIBUTE EAP-Type-EAP-MSCHAP-V2 1309 octets
302 ATTRIBUTE EAP-Type-DynamID 1310 octets
303 ATTRIBUTE EAP-Type-Rob-EAP 1311 octets
304 ATTRIBUTE EAP-Type-SecurID-EAP 1312 octets
305 ATTRIBUTE EAP-Type-MS-Authentication-TLV 1313 octets
306 ATTRIBUTE EAP-Type-SentriNET 1314 octets
307 ATTRIBUTE EAP-Type-EAP-Actiontec-Wireless 1315 octets
308 ATTRIBUTE EAP-Type-Cogent-Biomentric-EAP 1316 octets
309 ATTRIBUTE EAP-Type-AirFortress-EAP 1317 octets
310 ATTRIBUTE EAP-Type-EAP-HTTP-Digest 1318 octets
311 ATTRIBUTE EAP-Type-SecuriSuite-EAP 1319 octets
312 ATTRIBUTE EAP-Type-DeviceConnect-EAP 1320 octets
313 ATTRIBUTE EAP-Type-EAP-SPEKE 1321 octets
314 ATTRIBUTE EAP-Type-EAP-MOBAC 1322 octets
315 ATTRIBUTE EAP-Type-EAP-FAST 1323 octets
316 ATTRIBUTE EAP-Type-Zonelabs 1324 octets
317 ATTRIBUTE EAP-Type-EAP-Link 1325 octets
318 ATTRIBUTE EAP-Type-EAP-PAX 1326 octets
319 ATTRIBUTE EAP-Type-EAP-PSK 1327 octets
320 ATTRIBUTE EAP-Type-EAP-SAKE 1328 octets
321 ATTRIBUTE EAP-Type-EAP-IKEv2 1329 octets
322 ATTRIBUTE EAP-Type-EAP-AKA2 1330 octets
323 ATTRIBUTE EAP-Type-EAP-GPSK 1331 octets
324 ATTRIBUTE EAP-Type-EAP-PWD 1332 octets
325 ATTRIBUTE EAP-Type-EAP-EVEv1 1333 octets
327 ATTRIBUTE EAP-Type-Microsoft-MS-CHAPv2 1306 octets
328 ATTRIBUTE EAP-Type-Cisco-MS-CHAPv2 1309 octets
329 ATTRIBUTE EAP-Type-MS-CHAP-V2 1306 octets
336 # these are PW_EAP_SIM_X + 1536
337 ATTRIBUTE EAP-Sim-RAND 1537 octets
338 ATTRIBUTE EAP-Sim-PADDING 1542 octets
339 ATTRIBUTE EAP-Sim-NONCE_MT 1543 octets
340 ATTRIBUTE EAP-Sim-PERMANENT_ID_REQ 1546 octets
341 ATTRIBUTE EAP-Sim-MAC 1547 octets
342 ATTRIBUTE EAP-Sim-NOTIFICATION 1548 octets
343 ATTRIBUTE EAP-Sim-ANY_ID_REQ 1549 octets
344 ATTRIBUTE EAP-Sim-IDENTITY 1550 octets
345 ATTRIBUTE EAP-Sim-VERSION_LIST 1551 octets
346 ATTRIBUTE EAP-Sim-SELECTED_VERSION 1552 octets
347 ATTRIBUTE EAP-Sim-FULLAUTH_ID_REQ 1553 octets
348 ATTRIBUTE EAP-Sim-COUNTER 1555 octets
349 ATTRIBUTE EAP-Sim-COUNTER_TOO_SMALL 1556 octets
350 ATTRIBUTE EAP-Sim-NONCE_S 1557 octets
351 ATTRIBUTE EAP-Sim-IV 1665 octets
352 ATTRIBUTE EAP-Sim-ENCR_DATA 1666 octets
353 ATTRIBUTE EAP-Sim-NEXT_PSEUDONUM 1668 octets
354 ATTRIBUTE EAP-Sim-NEXT_REAUTH_ID 1669 octets
355 ATTRIBUTE EAP-Sim-CHECKCODE 1670 octets
359 # Temporary attributes, for local storage.
361 ATTRIBUTE Tmp-String-0 1800 string
362 ATTRIBUTE Tmp-String-1 1801 string
363 ATTRIBUTE Tmp-String-2 1802 string
364 ATTRIBUTE Tmp-String-3 1803 string
365 ATTRIBUTE Tmp-String-4 1804 string
366 ATTRIBUTE Tmp-String-5 1805 string
367 ATTRIBUTE Tmp-String-6 1806 string
368 ATTRIBUTE Tmp-String-7 1807 string
369 ATTRIBUTE Tmp-String-8 1808 string
370 ATTRIBUTE Tmp-String-9 1809 string
372 ATTRIBUTE Tmp-Integer-0 1810 integer
373 ATTRIBUTE Tmp-Integer-1 1811 integer
374 ATTRIBUTE Tmp-Integer-2 1812 integer
375 ATTRIBUTE Tmp-Integer-3 1813 integer
376 ATTRIBUTE Tmp-Integer-4 1814 integer
377 ATTRIBUTE Tmp-Integer-5 1815 integer
378 ATTRIBUTE Tmp-Integer-6 1816 integer
379 ATTRIBUTE Tmp-Integer-7 1817 integer
380 ATTRIBUTE Tmp-Integer-8 1818 integer
381 ATTRIBUTE Tmp-Integer-9 1819 integer
383 ATTRIBUTE Tmp-IP-Address-0 1820 ipaddr
384 ATTRIBUTE Tmp-IP-Address-1 1821 ipaddr
385 ATTRIBUTE Tmp-IP-Address-2 1822 ipaddr
386 ATTRIBUTE Tmp-IP-Address-3 1823 ipaddr
387 ATTRIBUTE Tmp-IP-Address-4 1824 ipaddr
388 ATTRIBUTE Tmp-IP-Address-5 1825 ipaddr
389 ATTRIBUTE Tmp-IP-Address-6 1826 ipaddr
390 ATTRIBUTE Tmp-IP-Address-7 1827 ipaddr
391 ATTRIBUTE Tmp-IP-Address-8 1828 ipaddr
392 ATTRIBUTE Tmp-IP-Address-9 1829 ipaddr
394 ATTRIBUTE Tmp-Octets-0 1830 octets
395 ATTRIBUTE Tmp-Octets-1 1831 octets
396 ATTRIBUTE Tmp-Octets-2 1832 octets
397 ATTRIBUTE Tmp-Octets-3 1833 octets
398 ATTRIBUTE Tmp-Octets-4 1834 octets
399 ATTRIBUTE Tmp-Octets-5 1835 octets
400 ATTRIBUTE Tmp-Octets-6 1836 octets
401 ATTRIBUTE Tmp-Octets-7 1837 octets
402 ATTRIBUTE Tmp-Octets-8 1838 octets
403 ATTRIBUTE Tmp-Octets-9 1839 octets
406 # WiMAX server-side attributes.
408 # These are NOT sent in a packet, but are otherwise
409 # available for testing and validation. The various
410 # things that *are* sent in a packet are derived from
413 ATTRIBUTE WiMAX-MN-NAI 1900 string
416 # Certificate attributes
419 ATTRIBUTE TLS-Cert-Serial 1910 string
420 ATTRIBUTE TLS-Cert-Expiration 1911 string
421 ATTRIBUTE TLS-Cert-Issuer 1912 string
422 ATTRIBUTE TLS-Cert-Subject 1913 string
423 ATTRIBUTE TLS-Cert-Common-Name 1914 string
424 ATTRIBUTE TLS-Cert-Subject-Alt-Name-Email 1915 string
425 # 1916 - 1919: reserved for future cert attributes
426 ATTRIBUTE TLS-Client-Cert-Serial 1920 string
427 ATTRIBUTE TLS-Client-Cert-Expiration 1921 string
428 ATTRIBUTE TLS-Client-Cert-Issuer 1922 string
429 ATTRIBUTE TLS-Client-Cert-Subject 1923 string
430 ATTRIBUTE TLS-Client-Cert-Common-Name 1924 string
431 ATTRIBUTE TLS-Client-Cert-Filename 1925 string
432 ATTRIBUTE TLS-Client-Cert-Subject-Alt-Name-Email 1926 string
433 ATTRIBUTE TLS-Client-Cert-X509v3-Extended-Key-Usage 1927 string
434 ATTRIBUTE TLS-Client-Cert-X509v3-Subject-Key-Identifier 1928 string
435 ATTRIBUTE TLS-Client-Cert-X509v3-Authority-Key-Identifier 1929 string
436 ATTRIBUTE TLS-Client-Cert-X509v3-Basic-Constraints 1930 string
438 # 1931 - 1939: reserved for future cert attributes
444 # SoH attributes; FIXME: these should really be protocol attributes
445 # so that the SoH radius request can be proxied, but from which
448 ATTRIBUTE SoH-MS-Machine-OS-vendor 2100 integer
449 VALUE SoH-MS-Machine-OS-vendor Microsoft 311
451 ATTRIBUTE SoH-MS-Machine-OS-version 2101 integer
452 ATTRIBUTE SoH-MS-Machine-OS-release 2102 integer
453 ATTRIBUTE SoH-MS-Machine-OS-build 2103 integer
454 ATTRIBUTE SoH-MS-Machine-SP-version 2104 integer
455 ATTRIBUTE SoH-MS-Machine-SP-release 2105 integer
457 ATTRIBUTE SoH-MS-Machine-Processor 2106 integer
458 VALUE SoH-MS-Machine-Processor x86 0
459 VALUE SoH-MS-Machine-Processor i64 6
460 VALUE SoH-MS-Machine-Processor x86_64 9
462 ATTRIBUTE SoH-MS-Machine-Name 2107 string
463 ATTRIBUTE SoH-MS-Correlation-Id 2108 octets
464 ATTRIBUTE SoH-MS-Machine-Role 2109 integer
465 VALUE SoH-MS-Machine-Role client 1
466 VALUE SoH-MS-Machine-Role dc 2
467 VALUE SoH-MS-Machine-Role server 3
469 ATTRIBUTE SoH-Supported 2119 integer
470 VALUE SoH-Supported no 0
471 VALUE SoH-Supported yes 1
473 ATTRIBUTE SoH-MS-Windows-Health-Status 2120 string
474 ATTRIBUTE SoH-MS-Health-Other 2129 string
481 # Site-local attributes (see raddb/dictionary.in)
482 # Do NOT define attributes in this range!
488 # Invalid. Don't use.
492 # Non-Protocol Integer Translations
495 VALUE Auth-Type Local 0
496 VALUE Auth-Type System 1
497 VALUE Auth-Type SecurID 2
498 VALUE Auth-Type Crypt-Local 3
499 VALUE Auth-Type Reject 4
500 VALUE Auth-Type ActivCard 5
501 VALUE Auth-Type EAP 6
502 VALUE Auth-Type ARAP 7
505 # FreeRADIUS extensions (most originally from Cistron)
507 VALUE Auth-Type Accept 254
509 VALUE Auth-Type PAP 1024
510 VALUE Auth-Type CHAP 1025
511 # 1026 was LDAP, but we deleted it. Adding it back will break the
513 VALUE Auth-Type PAM 1027
514 VALUE Auth-Type MS-CHAP 1028
515 VALUE Auth-Type MSCHAP 1028
516 VALUE Auth-Type Kerberos 1029
517 VALUE Auth-Type CRAM 1030
518 VALUE Auth-Type NS-MTA-MD5 1031
519 # 1032 is unused (was a duplicate of CRAM)
520 VALUE Auth-Type SMB 1033
521 VALUE Auth-Type MS-CHAP-V2 1034
524 # Authorization type, too.
526 VALUE Autz-Type Local 0
531 VALUE Acct-Type Local 0
534 # And Session handling
536 VALUE Session-Type Local 0
540 VALUE Post-Auth-Type Local 0
541 VALUE Post-Auth-Type Reject 2
544 # Experimental Non-Protocol Integer Translations for FreeRADIUS
546 VALUE Fall-Through No 0
547 VALUE Fall-Through Yes 1
549 VALUE Relax-Filter No 0
550 VALUE Relax-Filter Yes 1
552 VALUE Strip-User-Name No 0
553 VALUE Strip-User-Name Yes 1
555 VALUE Packet-Type Access-Request 1
556 VALUE Packet-Type Access-Accept 2
557 VALUE Packet-Type Access-Reject 3
558 VALUE Packet-Type Accounting-Request 4
559 VALUE Packet-Type Accounting-Response 5
560 VALUE Packet-Type Accounting-Status 6
561 VALUE Packet-Type Password-Request 7
562 VALUE Packet-Type Password-Accept 8
563 VALUE Packet-Type Password-Reject 9
564 VALUE Packet-Type Accounting-Message 10
565 VALUE Packet-Type Access-Challenge 11
566 VALUE Packet-Type Status-Server 12
567 VALUE Packet-Type Status-Client 13
570 # The following packet types are described in RFC 2882,
571 # but they are NOT part of the RADIUS standard. Instead,
572 # they are informational about vendor-specific extensions
573 # to the RADIUS standard.
575 VALUE Packet-Type Resource-Free-Request 21
576 VALUE Packet-Type Resource-Free-Response 22
577 VALUE Packet-Type Resource-Query-Request 23
578 VALUE Packet-Type Resource-Query-Response 24
579 VALUE Packet-Type Alternate-Resource-Reclaim-Request 25
580 VALUE Packet-Type NAS-Reboot-Request 26
581 VALUE Packet-Type NAS-Reboot-Response 27
582 VALUE Packet-Type Next-Passcode 29
583 VALUE Packet-Type New-Pin 30
584 VALUE Packet-Type Terminate-Session 31
585 VALUE Packet-Type Password-Expired 32
586 VALUE Packet-Type Event-Request 33
587 VALUE Packet-Type Event-Response 34
589 # RFC 3576 allocates packet types 40-45
591 VALUE Packet-Type Disconnect-Request 40
592 VALUE Packet-Type Disconnect-ACK 41
593 VALUE Packet-Type Disconnect-NAK 42
594 VALUE Packet-Type CoA-Request 43
595 VALUE Packet-Type CoA-ACK 44
596 VALUE Packet-Type CoA-NAK 45
598 VALUE Packet-Type IP-Address-Allocate 50
599 VALUE Packet-Type IP-Address-Release 51
601 VALUE Response-Packet-Type Access-Request 1
602 VALUE Response-Packet-Type Access-Accept 2
603 VALUE Response-Packet-Type Access-Reject 3
604 VALUE Response-Packet-Type Accounting-Request 4
605 VALUE Response-Packet-Type Accounting-Response 5
606 VALUE Response-Packet-Type Accounting-Status 6
607 VALUE Response-Packet-Type Password-Request 7
608 VALUE Response-Packet-Type Password-Accept 8
609 VALUE Response-Packet-Type Password-Reject 9
610 VALUE Response-Packet-Type Accounting-Message 10
611 VALUE Response-Packet-Type Access-Challenge 11
612 VALUE Response-Packet-Type Status-Server 12
613 VALUE Response-Packet-Type Status-Client 13
615 VALUE Response-Packet-Type Disconnect-Request 40
616 VALUE Response-Packet-Type Disconnect-ACK 41
617 VALUE Response-Packet-Type Disconnect-NAK 42
618 VALUE Response-Packet-Type CoA-Request 43
619 VALUE Response-Packet-Type CoA-ACK 44
620 VALUE Response-Packet-Type CoA-NAK 45
624 VALUE Response-Packet-Type Do-Not-Respond 256
627 # EAP Sub-types, inside of Request and Response packets
629 # http://www.iana.org/assignments/ppp-numbers
630 # "PPP EAP REQUEST/RESPONSE TYPES"
633 # See dictionary.microsoft, MS-Acct-EAP-Type for similar definitions
635 VALUE EAP-Type None 0
636 VALUE EAP-Type Identity 1
637 VALUE EAP-Type Notification 2
639 VALUE EAP-Type MD5-Challenge 4
640 VALUE EAP-Type One-Time-Password 5
641 VALUE EAP-Type Generic-Token-Card 6
642 VALUE EAP-Type RSA-Public-Key 9
643 VALUE EAP-Type DSS-Unilateral 10
644 VALUE EAP-Type KEA 11
645 VALUE EAP-Type KEA-Validate 12
646 VALUE EAP-Type EAP-TLS 13
647 VALUE EAP-Type Defender-Token 14
648 VALUE EAP-Type RSA-SecurID-EAP 15
649 VALUE EAP-Type Arcot-Systems-EAP 16
650 VALUE EAP-Type Cisco-LEAP 17
651 VALUE EAP-Type Nokia-IP-Smart-Card 18
652 VALUE EAP-Type SIM 18
653 VALUE EAP-Type SRP-SHA1 19
655 VALUE EAP-Type EAP-TTLS 21
656 VALUE EAP-Type Remote-Access-Service 22
657 VALUE EAP-Type AKA 23
658 VALUE EAP-Type EAP-3Com-Wireless 24
659 VALUE EAP-Type PEAP 25
660 VALUE EAP-Type MS-EAP-Authentication 26
661 VALUE EAP-Type MAKE 27
662 VALUE EAP-Type CRYPTOCard 28
663 VALUE EAP-Type EAP-MSCHAP-V2 29
664 VALUE EAP-Type DynamID 30
665 VALUE EAP-Type Rob-EAP 31
666 VALUE EAP-Type SecurID-EAP 32
667 VALUE EAP-Type MS-Authentication-TLV 33
668 VALUE EAP-Type SentriNET 34
669 VALUE EAP-Type EAP-Actiontec-Wireless 35
670 VALUE EAP-Type Cogent-Biomentric-EAP 36
671 VALUE EAP-Type AirFortress-EAP 37
672 VALUE EAP-Type EAP-HTTP-Digest 38
673 VALUE EAP-Type SecuriSuite-EAP 39
674 VALUE EAP-Type DeviceConnect-EAP 40
675 VALUE EAP-Type EAP-SPEKE 41
676 VALUE EAP-Type EAP-MOBAC 42
677 VALUE EAP-Type EAP-FAST 43
678 VALUE EAP-Type Zonelabs 44
679 VALUE EAP-Type EAP-Link 45
680 VALUE EAP-Type EAP-PAX 46
681 VALUE EAP-Type EAP-PSK 47
682 VALUE EAP-Type EAP-SAKE 48
683 VALUE EAP-Type EAP-IKEv2 49
684 VALUE EAP-Type EAP-AKA2 50
685 VALUE EAP-Type EAP-GPSK 51
686 VALUE EAP-Type EAP-PWD 52
687 VALUE EAP-Type EAP-EVEv1 53
690 # These are duplicate values, to get around the problem of
691 # having two MS-CHAPv2 EAP types.
693 VALUE EAP-Type Microsoft-MS-CHAPv2 26
694 VALUE EAP-Type Cisco-MS-CHAPv2 29
697 # And this is what most people mean by MS-CHAPv2
699 VALUE EAP-Type MS-CHAP-V2 26
702 # This says TLS, but it's only valid for TTLS & PEAP.
703 # EAP-TLS *always* requires a client certificate.
705 VALUE EAP-TLS-Require-Client-Cert No 0
706 VALUE EAP-TLS-Require-Client-Cert Yes 1
709 # These are the EAP-Code values.
711 VALUE EAP-Code Request 1
712 VALUE EAP-Code Response 2
713 VALUE EAP-Code Success 3
714 VALUE EAP-Code Failure 4
717 # For MS-CHAP, do we run ntlm_auth, or not.
719 VALUE MS-CHAP-Use-NTLM-Auth No 0
720 VALUE MS-CHAP-Use-NTLM-Auth Yes 1