3 # Non Protocol Attributes used by FreeRADIUS
8 # The attributes number ranges are allocates as follows:
11 # server-side attributes which can go in a reply list
13 # These attributes CAN go in the reply item list.
14 ATTRIBUTE Fall-Through 500 integer
15 ATTRIBUTE Exec-Program 502 string
16 ATTRIBUTE Exec-Program-Wait 503 string
18 # These attributes CANNOT go in the reply item list.
22 # Attributes which cannot go in a reply list.
26 # Miscellaneous server attributes.
29 # Non-Protocol Attributes
30 # These attributes are used internally by the server
32 ATTRIBUTE Auth-Type 1000 integer
33 ATTRIBUTE Menu 1001 string
34 ATTRIBUTE Termination-Menu 1002 string
35 ATTRIBUTE Prefix 1003 string
36 ATTRIBUTE Suffix 1004 string
37 ATTRIBUTE Group 1005 string
38 ATTRIBUTE Crypt-Password 1006 string
39 ATTRIBUTE Connect-Rate 1007 integer
40 ATTRIBUTE Add-Prefix 1008 string
41 ATTRIBUTE Add-Suffix 1009 string
42 ATTRIBUTE Expiration 1010 date
43 ATTRIBUTE Autz-Type 1011 integer
44 ATTRIBUTE Acct-Type 1012 integer
45 ATTRIBUTE Session-Type 1013 integer
46 ATTRIBUTE Post-Auth-Type 1014 integer
47 ATTRIBUTE Pre-Proxy-Type 1015 integer
48 ATTRIBUTE Post-Proxy-Type 1016 integer
49 ATTRIBUTE Pre-Acct-Type 1017 integer
52 # This is the EAP type of authentication, which is set
53 # by the EAP module, for informational purposes only.
55 ATTRIBUTE EAP-Type 1018 integer
56 ATTRIBUTE EAP-TLS-Require-Client-Cert 1019 integer
57 ATTRIBUTE EAP-Id 1020 integer
58 ATTRIBUTE EAP-Code 1021 integer
59 ATTRIBUTE EAP-MD5-Password 1022 string
60 ATTRIBUTE PEAP-Version 1023 integer
61 ATTRIBUTE Client-Shortname 1024 string
62 ATTRIBUTE Load-Balance-Key 1025 string
63 ATTRIBUTE Raw-Attribute 1026 octets
64 ATTRIBUTE TNC-VLAN-Access 1027 string
65 ATTRIBUTE TNC-VLAN-Isolate 1028 string
66 ATTRIBUTE User-Category 1029 string
67 ATTRIBUTE Group-Name 1030 string
68 ATTRIBUTE Huntgroup-Name 1031 string
69 ATTRIBUTE Simultaneous-Use 1034 integer
70 ATTRIBUTE Strip-User-Name 1035 integer
71 ATTRIBUTE Hint 1040 string
72 ATTRIBUTE Pam-Auth 1041 string
73 ATTRIBUTE Login-Time 1042 string
74 ATTRIBUTE Stripped-User-Name 1043 string
75 ATTRIBUTE Current-Time 1044 string
76 ATTRIBUTE Realm 1045 string
77 ATTRIBUTE No-Such-Attribute 1046 string
78 ATTRIBUTE Packet-Type 1047 integer
79 ATTRIBUTE Proxy-To-Realm 1048 string
80 ATTRIBUTE Replicate-To-Realm 1049 string
81 ATTRIBUTE Acct-Session-Start-Time 1050 date
82 ATTRIBUTE Acct-Unique-Session-Id 1051 string
83 ATTRIBUTE Client-IP-Address 1052 ipaddr
84 ATTRIBUTE Ldap-UserDn 1053 string
85 ATTRIBUTE NS-MTA-MD5-Password 1054 string
86 ATTRIBUTE SQL-User-Name 1055 string
87 ATTRIBUTE LM-Password 1057 octets
88 ATTRIBUTE NT-Password 1058 octets
89 ATTRIBUTE SMB-Account-CTRL 1059 integer
90 ATTRIBUTE SMB-Account-CTRL-TEXT 1061 string
91 ATTRIBUTE User-Profile 1062 string
92 ATTRIBUTE Digest-Realm 1063 string
93 ATTRIBUTE Digest-Nonce 1064 string
94 ATTRIBUTE Digest-Method 1065 string
95 ATTRIBUTE Digest-URI 1066 string
96 ATTRIBUTE Digest-QOP 1067 string
97 ATTRIBUTE Digest-Algorithm 1068 string
98 ATTRIBUTE Digest-Body-Digest 1069 string
99 ATTRIBUTE Digest-CNonce 1070 string
100 ATTRIBUTE Digest-Nonce-Count 1071 string
101 ATTRIBUTE Digest-User-Name 1072 string
102 ATTRIBUTE Pool-Name 1073 string
103 ATTRIBUTE Ldap-Group 1074 string
104 ATTRIBUTE Module-Success-Message 1075 string
105 ATTRIBUTE Module-Failure-Message 1076 string
106 # X99-Fast 1077 integer
107 ATTRIBUTE Rewrite-Rule 1078 string
108 ATTRIBUTE Sql-Group 1079 string
109 ATTRIBUTE Response-Packet-Type 1080 integer
110 ATTRIBUTE Digest-HA1 1081 string
111 ATTRIBUTE MS-CHAP-Use-NTLM-Auth 1082 integer
112 ATTRIBUTE NTLM-User-Name 1083 string
113 ATTRIBUTE MS-CHAP-User-Name 1083 string
114 ATTRIBUTE Packet-Src-IP-Address 1084 ipaddr
115 ATTRIBUTE Packet-Dst-IP-Address 1085 ipaddr
116 ATTRIBUTE Packet-Src-Port 1086 integer
117 ATTRIBUTE Packet-Dst-Port 1087 integer
118 ATTRIBUTE Packet-Authentication-Vector 1088 octets
119 ATTRIBUTE Time-Of-Day 1089 string
120 ATTRIBUTE Request-Processing-Stage 1090 string
121 ATTRIBUTE Cache-No-Caching 1091 string
122 ATTRIBUTE Cache-Delete-Cache 1092 string
123 ATTRIBUTE SHA-Password 1093 octets
124 ATTRIBUTE SSHA-Password 1094 octets
125 ATTRIBUTE SHA1-Password 1093 octets
126 ATTRIBUTE SSHA1-Password 1094 octets
127 ATTRIBUTE MD5-Password 1095 octets
128 ATTRIBUTE SMD5-Password 1096 octets
129 ATTRIBUTE Packet-Src-IPv6-Address 1097 ipv6addr
130 ATTRIBUTE Packet-Dst-IPv6-Address 1098 ipv6addr
131 ATTRIBUTE Virtual-Server 1099 string
132 ATTRIBUTE Cleartext-Password 1100 string
133 ATTRIBUTE Password-With-Header 1101 string
134 ATTRIBUTE Inner-Tunnel-User-Name 1102 string
136 # EAP-IKEv2 is experimental.
138 ATTRIBUTE EAP-IKEv2-IDType 1103 integer
140 VALUE EAP-IKEv2-IDType IPV4_ADDR 1
141 VALUE EAP-IKEv2-IDType FQDN 2
142 VALUE EAP-IKEv2-IDType RFC822_ADDR 3
143 VALUE EAP-IKEv2-IDType IPV6_ADDR 5
144 VALUE EAP-IKEv2-IDType DER_ASN1_DN 9
145 VALUE EAP-IKEv2-IDType DER_ASN1_GN 10
146 VALUE EAP-IKEv2-IDType KEY_ID 11
148 ATTRIBUTE EAP-IKEv2-ID 1104 string
149 ATTRIBUTE EAP-IKEv2-Secret 1105 string
150 ATTRIBUTE EAP-IKEv2-AuthType 1106 integer
152 VALUE EAP-IKEv2-AuthType none 0
153 VALUE EAP-IKEv2-AuthType secret 1
154 VALUE EAP-IKEv2-AuthType cert 2
155 VALUE EAP-IKEv2-AuthType both 3
157 ATTRIBUTE Send-Disconnect-Request 1107 integer
158 ATTRIBUTE Send-CoA-Request 1107 integer
160 VALUE Send-CoA-Request No 0
161 VALUE Send-CoA-Request Yes 1
163 ATTRIBUTE Module-Return-Code 1108 integer
165 VALUE Module-Return-Code reject 0
166 VALUE Module-Return-Code fail 1
167 VALUE Module-Return-Code ok 2
168 VALUE Module-Return-Code handled 3
169 VALUE Module-Return-Code invalid 4
170 VALUE Module-Return-Code userlock 5
171 VALUE Module-Return-Code notfound 6
172 VALUE Module-Return-Code noop 7
173 VALUE Module-Return-Code updated 8
175 ATTRIBUTE Packet-Original-Timestamp 1109 date
176 ATTRIBUTE SQL-Table-Name 1110 string
177 ATTRIBUTE Home-Server-Pool 1111 string
179 ATTRIBUTE FreeRADIUS-Client-IP-Address 1120 ipaddr
180 ATTRIBUTE FreeRADIUS-Client-IPv6-Address 1121 ipv6addr
181 ATTRIBUTE FreeRADIUS-Client-Require-MA 1122 integer
183 VALUE FreeRADIUS-Client-Require-MA no 0
184 VALUE FreeRADIUS-Client-Require-MA yes 1
186 ATTRIBUTE FreeRADIUS-Client-Secret 1123 string
187 ATTRIBUTE FreeRADIUS-Client-Shortname 1124 string
188 ATTRIBUTE FreeRADIUS-Client-NAS-Type 1125 string
189 ATTRIBUTE FreeRADIUS-Client-Virtual-Server 1126 string
191 # For session resumption
192 ATTRIBUTE Allow-Session-Resumption 1127 integer
194 VALUE Allow-Session-Resumption no 0
195 VALUE Allow-Session-Resumption yes 1
197 ATTRIBUTE EAP-Session-Resumed 1128 integer
199 VALUE EAP-Session-Resumed no 0
200 VALUE EAP-Session-Resumed yes 1
203 # Expose EAP keys in the reply.
205 ATTRIBUTE EAP-MSK 1129 octets
206 ATTRIBUTE EAP-EMSK 1130 octets
209 # For send/recv CoA packets (like Auth-Type, Acct-Type, etc.)
211 ATTRIBUTE Recv-CoA-Type 1131 integer
212 ATTRIBUTE Send-CoA-Type 1132 integer
214 ATTRIBUTE MS-CHAP-Password 1133 string
215 ATTRIBUTE Packet-Transmit-Counter 1134 integer
216 ATTRIBUTE Cached-Session-Policy 1135 string
217 ATTRIBUTE MS-CHAP-New-Cleartext-Password 1136 string
218 ATTRIBUTE MS-CHAP-New-NT-Password 1137 octets
220 # For default policies
222 ATTRIBUTE Stripped-User-Domain 1138 string
223 ATTRIBUTE Called-Station-SSID 1139 string
227 # EAP-SIM (and other EAP type) weirdness.
229 # For EAP-SIM, some attribute definitions for database interface
231 ATTRIBUTE EAP-Sim-Subtype 1200 integer
233 ATTRIBUTE EAP-Sim-Rand1 1201 octets
234 ATTRIBUTE EAP-Sim-Rand2 1202 octets
235 ATTRIBUTE EAP-Sim-Rand3 1203 octets
237 ATTRIBUTE EAP-Sim-SRES1 1204 octets
238 ATTRIBUTE EAP-Sim-SRES2 1205 octets
239 ATTRIBUTE EAP-Sim-SRES3 1206 octets
241 VALUE EAP-Sim-Subtype Start 10
242 VALUE EAP-Sim-Subtype Challenge 11
243 VALUE EAP-Sim-Subtype Notification 12
244 VALUE EAP-Sim-Subtype Re-authentication 13
246 # this attribute is used internally by the client code.
247 ATTRIBUTE EAP-Sim-State 1207 integer
249 ATTRIBUTE EAP-Sim-IMSI 1208 string
250 ATTRIBUTE EAP-Sim-HMAC 1209 string
251 ATTRIBUTE EAP-Sim-KEY 1210 octets
252 ATTRIBUTE EAP-Sim-EXTRA 1211 octets
254 ATTRIBUTE EAP-Sim-KC1 1212 octets
255 ATTRIBUTE EAP-Sim-KC2 1213 octets
256 ATTRIBUTE EAP-Sim-KC3 1214 octets
260 # EAP-type specific attributes
263 # these are PW_EAP_X + 1280
264 ATTRIBUTE EAP-Type-Identity 1281 string
265 ATTRIBUTE EAP-Type-Notification 1282 string
266 ATTRIBUTE EAP-Type-NAK 1283 string
267 ATTRIBUTE EAP-Type-MD5 1284 octets
268 ATTRIBUTE EAP-Type-OTP 1285 string
269 ATTRIBUTE EAP-Type-GTC 1286 string
270 ATTRIBUTE EAP-Type-TLS 1297 octets
271 ATTRIBUTE EAP-Type-SIM 1298 octets
272 ATTRIBUTE EAP-Type-LEAP 1301 octets
273 ATTRIBUTE EAP-Type-SIM2 1302 octets
274 ATTRIBUTE EAP-Type-TTLS 1305 octets
275 ATTRIBUTE EAP-Type-PEAP 1309 octets
282 # these are PW_EAP_SIM_X + 1536
283 ATTRIBUTE EAP-Sim-RAND 1537 octets
284 ATTRIBUTE EAP-Sim-PADDING 1542 octets
285 ATTRIBUTE EAP-Sim-NONCE_MT 1543 octets
286 ATTRIBUTE EAP-Sim-PERMANENT_ID_REQ 1546 octets
287 ATTRIBUTE EAP-Sim-MAC 1547 octets
288 ATTRIBUTE EAP-Sim-NOTIFICATION 1548 octets
289 ATTRIBUTE EAP-Sim-ANY_ID_REQ 1549 octets
290 ATTRIBUTE EAP-Sim-IDENTITY 1550 octets
291 ATTRIBUTE EAP-Sim-VERSION_LIST 1551 octets
292 ATTRIBUTE EAP-Sim-SELECTED_VERSION 1552 octets
293 ATTRIBUTE EAP-Sim-FULLAUTH_ID_REQ 1553 octets
294 ATTRIBUTE EAP-Sim-COUNTER 1555 octets
295 ATTRIBUTE EAP-Sim-COUNTER_TOO_SMALL 1556 octets
296 ATTRIBUTE EAP-Sim-NONCE_S 1557 octets
297 ATTRIBUTE EAP-Sim-IV 1665 octets
298 ATTRIBUTE EAP-Sim-ENCR_DATA 1666 octets
299 ATTRIBUTE EAP-Sim-NEXT_PSEUDONUM 1668 octets
300 ATTRIBUTE EAP-Sim-NEXT_REAUTH_ID 1669 octets
301 ATTRIBUTE EAP-Sim-CHECKCODE 1670 octets
305 # Temporary attributes, for local storage.
307 ATTRIBUTE Tmp-String-0 1800 string
308 ATTRIBUTE Tmp-String-1 1801 string
309 ATTRIBUTE Tmp-String-2 1802 string
310 ATTRIBUTE Tmp-String-3 1803 string
311 ATTRIBUTE Tmp-String-4 1804 string
312 ATTRIBUTE Tmp-String-5 1805 string
313 ATTRIBUTE Tmp-String-6 1806 string
314 ATTRIBUTE Tmp-String-7 1807 string
315 ATTRIBUTE Tmp-String-8 1808 string
316 ATTRIBUTE Tmp-String-9 1809 string
318 ATTRIBUTE Tmp-Integer-0 1810 integer
319 ATTRIBUTE Tmp-Integer-1 1811 integer
320 ATTRIBUTE Tmp-Integer-2 1812 integer
321 ATTRIBUTE Tmp-Integer-3 1813 integer
322 ATTRIBUTE Tmp-Integer-4 1814 integer
323 ATTRIBUTE Tmp-Integer-5 1815 integer
324 ATTRIBUTE Tmp-Integer-6 1816 integer
325 ATTRIBUTE Tmp-Integer-7 1817 integer
326 ATTRIBUTE Tmp-Integer-8 1818 integer
327 ATTRIBUTE Tmp-Integer-9 1819 integer
329 ATTRIBUTE Tmp-IP-Address-0 1820 ipaddr
330 ATTRIBUTE Tmp-IP-Address-1 1821 ipaddr
331 ATTRIBUTE Tmp-IP-Address-2 1822 ipaddr
332 ATTRIBUTE Tmp-IP-Address-3 1823 ipaddr
333 ATTRIBUTE Tmp-IP-Address-4 1824 ipaddr
334 ATTRIBUTE Tmp-IP-Address-5 1825 ipaddr
335 ATTRIBUTE Tmp-IP-Address-6 1826 ipaddr
336 ATTRIBUTE Tmp-IP-Address-7 1827 ipaddr
337 ATTRIBUTE Tmp-IP-Address-8 1828 ipaddr
338 ATTRIBUTE Tmp-IP-Address-9 1829 ipaddr
341 # WiMAX server-side attributes.
343 # These are NOT sent in a packet, but are otherwise
344 # available for testing and validation. The various
345 # things that *are* sent in a packet are derived from
348 ATTRIBUTE WiMAX-MN-NAI 1900 string
350 ATTRIBUTE TLS-Cert-Serial 1910 string
351 ATTRIBUTE TLS-Cert-Expiration 1911 string
352 ATTRIBUTE TLS-Cert-Issuer 1912 string
353 ATTRIBUTE TLS-Cert-Subject 1913 string
354 ATTRIBUTE TLS-Cert-Common-Name 1914 string
355 # 1915 - 1919: reserved for future cert attributes
356 ATTRIBUTE TLS-Client-Cert-Serial 1920 string
357 ATTRIBUTE TLS-Client-Cert-Expiration 1921 string
358 ATTRIBUTE TLS-Client-Cert-Issuer 1922 string
359 ATTRIBUTE TLS-Client-Cert-Subject 1923 string
360 ATTRIBUTE TLS-Client-Cert-Common-Name 1924 string
361 ATTRIBUTE TLS-Client-Cert-Filename 1925 string
368 # SoH attributes; FIXME: these should really be protocol attributes
369 # so that the SoH radius request can be proxied, but from which
372 ATTRIBUTE SoH-MS-Machine-OS-vendor 2100 integer
373 VALUE SoH-MS-Machine-OS-vendor Microsoft 311
375 ATTRIBUTE SoH-MS-Machine-OS-version 2101 integer
376 ATTRIBUTE SoH-MS-Machine-OS-release 2102 integer
377 ATTRIBUTE SoH-MS-Machine-OS-build 2103 integer
378 ATTRIBUTE SoH-MS-Machine-SP-version 2104 integer
379 ATTRIBUTE SoH-MS-Machine-SP-release 2105 integer
381 ATTRIBUTE SoH-MS-Machine-Processor 2106 integer
382 VALUE SoH-MS-Machine-Processor x86 0
383 VALUE SoH-MS-Machine-Processor i64 6
384 VALUE SoH-MS-Machine-Processor x86_64 9
386 ATTRIBUTE SoH-MS-Machine-Name 2107 string
387 ATTRIBUTE SoH-MS-Correlation-Id 2108 octets
388 ATTRIBUTE SoH-MS-Machine-Role 2109 integer
389 VALUE SoH-MS-Machine-Role client 1
390 VALUE SoH-MS-Machine-Role dc 2
391 VALUE SoH-MS-Machine-Role server 3
394 ATTRIBUTE SoH-Supported 2119 integer
395 VALUE SoH-Supported no 0
396 VALUE SoH-Supported yes 1
398 ATTRIBUTE SoH-MS-Windows-Health-Status 2120 string
399 ATTRIBUTE SoH-MS-Health-Other 2129 string
406 # Site-local attributes (see raddb/dictionary.in)
407 # Do NOT define attributes in this range!
413 # Invalid. Don't use.
417 # Non-Protocol Integer Translations
420 VALUE Auth-Type Local 0
421 VALUE Auth-Type System 1
422 VALUE Auth-Type SecurID 2
423 VALUE Auth-Type Crypt-Local 3
424 VALUE Auth-Type Reject 4
425 VALUE Auth-Type ActivCard 5
426 VALUE Auth-Type EAP 6
427 VALUE Auth-Type ARAP 7
430 # FreeRADIUS extensions (most originally from Cistron)
432 VALUE Auth-Type Accept 254
434 VALUE Auth-Type PAP 1024
435 VALUE Auth-Type CHAP 1025
436 # 1026 was LDAP, but we deleted it. Adding it back will break the
438 VALUE Auth-Type PAM 1027
439 VALUE Auth-Type MS-CHAP 1028
440 VALUE Auth-Type MSCHAP 1028
441 VALUE Auth-Type Kerberos 1029
442 VALUE Auth-Type CRAM 1030
443 VALUE Auth-Type NS-MTA-MD5 1031
444 # 1032 is unused (was a duplicate of CRAM)
445 VALUE Auth-Type SMB 1033
446 VALUE Auth-Type MS-CHAP-V2 1034
449 # Authorization type, too.
451 VALUE Autz-Type Local 0
456 VALUE Acct-Type Local 0
459 # And Session handling
461 VALUE Session-Type Local 0
465 VALUE Post-Auth-Type Local 0
468 # Experimental Non-Protocol Integer Translations for FreeRADIUS
470 VALUE Fall-Through No 0
471 VALUE Fall-Through Yes 1
473 VALUE Strip-User-Name No 0
474 VALUE Strip-User-Name Yes 1
476 VALUE Packet-Type Access-Request 1
477 VALUE Packet-Type Access-Accept 2
478 VALUE Packet-Type Access-Reject 3
479 VALUE Packet-Type Accounting-Request 4
480 VALUE Packet-Type Accounting-Response 5
481 VALUE Packet-Type Accounting-Status 6
482 VALUE Packet-Type Password-Request 7
483 VALUE Packet-Type Password-Accept 8
484 VALUE Packet-Type Password-Reject 9
485 VALUE Packet-Type Accounting-Message 10
486 VALUE Packet-Type Access-Challenge 11
487 VALUE Packet-Type Status-Server 12
488 VALUE Packet-Type Status-Client 13
491 # The following packet types are described in RFC 2882,
492 # but they are NOT part of the RADIUS standard. Instead,
493 # they are informational about vendor-specific extensions
494 # to the RADIUS standard.
496 VALUE Packet-Type Resource-Free-Request 21
497 VALUE Packet-Type Resource-Free-Response 22
498 VALUE Packet-Type Resource-Query-Request 23
499 VALUE Packet-Type Resource-Query-Response 24
500 VALUE Packet-Type Alternate-Resource-Reclaim-Request 25
501 VALUE Packet-Type NAS-Reboot-Request 26
502 VALUE Packet-Type NAS-Reboot-Response 27
503 VALUE Packet-Type Next-Passcode 29
504 VALUE Packet-Type New-Pin 30
505 VALUE Packet-Type Terminate-Session 31
506 VALUE Packet-Type Password-Expired 32
507 VALUE Packet-Type Event-Request 33
508 VALUE Packet-Type Event-Response 34
510 # RFC 3576 allocates packet types 40-45
512 VALUE Packet-Type Disconnect-Request 40
513 VALUE Packet-Type Disconnect-ACK 41
514 VALUE Packet-Type Disconnect-NAK 42
515 VALUE Packet-Type CoA-Request 43
516 VALUE Packet-Type CoA-ACK 44
517 VALUE Packet-Type CoA-NAK 45
519 VALUE Packet-Type IP-Address-Allocate 50
520 VALUE Packet-Type IP-Address-Release 51
522 VALUE Response-Packet-Type Access-Request 1
523 VALUE Response-Packet-Type Access-Accept 2
524 VALUE Response-Packet-Type Access-Reject 3
525 VALUE Response-Packet-Type Accounting-Request 4
526 VALUE Response-Packet-Type Accounting-Response 5
527 VALUE Response-Packet-Type Accounting-Status 6
528 VALUE Response-Packet-Type Password-Request 7
529 VALUE Response-Packet-Type Password-Accept 8
530 VALUE Response-Packet-Type Password-Reject 9
531 VALUE Response-Packet-Type Accounting-Message 10
532 VALUE Response-Packet-Type Access-Challenge 11
533 VALUE Response-Packet-Type Status-Server 12
534 VALUE Response-Packet-Type Status-Client 13
536 VALUE Response-Packet-Type Disconnect-Request 40
537 VALUE Response-Packet-Type Disconnect-ACK 41
538 VALUE Response-Packet-Type Disconnect-NAK 42
539 VALUE Response-Packet-Type CoA-Request 43
540 VALUE Response-Packet-Type CoA-ACK 44
541 VALUE Response-Packet-Type CoA-NAK 45
545 VALUE Response-Packet-Type Do-Not-Respond 256
548 # EAP Sub-types, inside of Request and Response packets
550 # http://www.iana.org/assignments/ppp-numbers
551 # "PPP EAP REQUEST/RESPONSE TYPES"
554 # See dictionary.microsoft, MS-Acct-EAP-Type for similar definitions
556 VALUE EAP-Type None 0
557 VALUE EAP-Type Identity 1
558 VALUE EAP-Type Notification 2
560 VALUE EAP-Type MD5-Challenge 4
561 VALUE EAP-Type One-Time-Password 5
562 VALUE EAP-Type Generic-Token-Card 6
563 VALUE EAP-Type RSA-Public-Key 9
564 VALUE EAP-Type DSS-Unilateral 10
565 VALUE EAP-Type KEA 11
566 VALUE EAP-Type KEA-Validate 12
567 VALUE EAP-Type EAP-TLS 13
568 VALUE EAP-Type Defender-Token 14
569 VALUE EAP-Type RSA-SecurID-EAP 15
570 VALUE EAP-Type Arcot-Systems-EAP 16
571 VALUE EAP-Type Cisco-LEAP 17
572 VALUE EAP-Type Nokia-IP-Smart-Card 18
573 VALUE EAP-Type SIM 18
574 VALUE EAP-Type SRP-SHA1-Part-1 19
575 VALUE EAP-Type SRP-SHA1-Part-2 20
576 VALUE EAP-Type EAP-TTLS 21
577 VALUE EAP-Type Remote-Access-Service 22
578 VALUE EAP-Type UMTS 23
579 VALUE EAP-Type EAP-3Com-Wireless 24
580 VALUE EAP-Type PEAP 25
581 VALUE EAP-Type MS-EAP-Authentication 26
582 VALUE EAP-Type MAKE 27
583 VALUE EAP-Type CRYPTOCard 28
584 VALUE EAP-Type EAP-MSCHAP-V2 29
585 VALUE EAP-Type DynamID 30
586 VALUE EAP-Type Rob-EAP 31
587 VALUE EAP-Type SecurID-EAP 32
588 VALUE EAP-Type MS-Authentication-TLV 33
589 VALUE EAP-Type SentriNET 34
590 VALUE EAP-Type EAP-Actiontec-Wireless 35
591 VALUE EAP-Type Cogent-Biomentric-EAP 36
592 VALUE EAP-Type AirFortress-EAP 37
593 VALUE EAP-Type EAP-HTTP-Digest 38
594 VALUE EAP-Type SecuriSuite-EAP 39
595 VALUE EAP-Type DeviceConnect-EAP 40
596 VALUE EAP-Type EAP-SPEKE 41
597 VALUE EAP-Type EAP-MOBAC 42
600 # These are duplicate values, to get around the problem of
601 # having two MS-CHAPv2 EAP types.
603 VALUE EAP-Type Microsoft-MS-CHAPv2 26
604 VALUE EAP-Type Cisco-MS-CHAPv2 29
607 # And this is what most people mean by MS-CHAPv2
609 VALUE EAP-Type MS-CHAP-V2 26
612 # This says TLS, but it's only valid for TTLS & PEAP.
613 # EAP-TLS *always* requires a client certificate.
615 VALUE EAP-TLS-Require-Client-Cert No 0
616 VALUE EAP-TLS-Require-Client-Cert Yes 1
619 # These are the EAP-Code values.
621 VALUE EAP-Code Request 1
622 VALUE EAP-Code Response 2
623 VALUE EAP-Code Success 3
624 VALUE EAP-Code Failure 4
627 # For MS-CHAP, do we run ntlm_auth, or not.
629 VALUE MS-CHAP-Use-NTLM-Auth No 0
630 VALUE MS-CHAP-Use-NTLM-Auth Yes 1