2 # Copyright (C) 2015 The FreeRADIUS Server project and contributors
4 # Microsoft's VSA's, from RFC 2548
11 BEGIN-VENDOR Microsoft
12 ATTRIBUTE MS-CHAP-Response 1 octets[50]
13 ATTRIBUTE MS-CHAP-Error 2 string
14 ATTRIBUTE MS-CHAP-CPW-1 3 octets[70]
15 ATTRIBUTE MS-CHAP-CPW-2 4 octets[84]
16 ATTRIBUTE MS-CHAP-LM-Enc-PW 5 octets
17 ATTRIBUTE MS-CHAP-NT-Enc-PW 6 octets
18 ATTRIBUTE MS-MPPE-Encryption-Policy 7 integer
20 VALUE MS-MPPE-Encryption-Policy Encryption-Allowed 1
21 VALUE MS-MPPE-Encryption-Policy Encryption-Required 2
23 # This is referred to as both singular and plural in the RFC.
24 # Plural seems to make more sense.
25 ATTRIBUTE MS-MPPE-Encryption-Type 8 integer
26 ATTRIBUTE MS-MPPE-Encryption-Types 8 integer
28 VALUE MS-MPPE-Encryption-Types RC4-40bit-Allowed 1
29 VALUE MS-MPPE-Encryption-Types RC4-128bit-Allowed 2
30 VALUE MS-MPPE-Encryption-Types RC4-40or128-bit-Allowed 6
32 ATTRIBUTE MS-RAS-Vendor 9 integer # content is Vendor-ID
33 ATTRIBUTE MS-CHAP-Domain 10 string
34 ATTRIBUTE MS-CHAP-Challenge 11 octets
35 ATTRIBUTE MS-CHAP-MPPE-Keys 12 octets[24] encrypt=1
36 ATTRIBUTE MS-BAP-Usage 13 integer
37 ATTRIBUTE MS-Link-Utilization-Threshold 14 integer # values are 1-100
38 ATTRIBUTE MS-Link-Drop-Time-Limit 15 integer
39 ATTRIBUTE MS-MPPE-Send-Key 16 octets encrypt=2
40 ATTRIBUTE MS-MPPE-Recv-Key 17 octets encrypt=2
41 ATTRIBUTE MS-RAS-Version 18 string
42 ATTRIBUTE MS-Old-ARAP-Password 19 octets
43 ATTRIBUTE MS-New-ARAP-Password 20 octets
44 ATTRIBUTE MS-ARAP-PW-Change-Reason 21 integer
46 ATTRIBUTE MS-Filter 22 octets
47 ATTRIBUTE MS-Acct-Auth-Type 23 integer
48 ATTRIBUTE MS-Acct-EAP-Type 24 integer
50 ATTRIBUTE MS-CHAP2-Response 25 octets[50]
51 ATTRIBUTE MS-CHAP2-Success 26 octets
52 ATTRIBUTE MS-CHAP2-CPW 27 octets[68]
54 ATTRIBUTE MS-Primary-DNS-Server 28 ipaddr
55 ATTRIBUTE MS-Secondary-DNS-Server 29 ipaddr
56 ATTRIBUTE MS-Primary-NBNS-Server 30 ipaddr
57 ATTRIBUTE MS-Secondary-NBNS-Server 31 ipaddr
59 #ATTRIBUTE MS-ARAP-Challenge 33 octets[8]
63 # http://download.microsoft.com/download/9/5/E/95EF66AF-9026-4BB0-A41D-A4F81802D92C/%5BMS-RNAP%5D.pdf
65 ATTRIBUTE MS-RAS-Client-Name 34 string
66 ATTRIBUTE MS-RAS-Client-Version 35 string
67 ATTRIBUTE MS-Quarantine-IPFilter 36 octets
68 ATTRIBUTE MS-Quarantine-Session-Timeout 37 integer
69 ATTRIBUTE MS-User-Security-Identity 40 string
70 ATTRIBUTE MS-Identity-Type 41 integer
71 ATTRIBUTE MS-Service-Class 42 string
72 ATTRIBUTE MS-Quarantine-User-Class 44 string
73 ATTRIBUTE MS-Quarantine-State 45 integer
74 ATTRIBUTE MS-Quarantine-Grace-Time 46 integer
75 ATTRIBUTE MS-Network-Access-Server-Type 47 integer
76 ATTRIBUTE MS-AFW-Zone 48 integer
78 VALUE MS-AFW-Zone MS-AFW-Zone-Boundary-Policy 1
79 VALUE MS-AFW-Zone MS-AFW-Zone-Unprotected-Policy 2
80 VALUE MS-AFW-Zone MS-AFW-Zone-Protected-Policy 3
82 ATTRIBUTE MS-AFW-Protection-Level 49 integer
84 VALUE MS-AFW-Protection-Level HECP-Response-Sign-Only 1
85 VALUE MS-AFW-Protection-Level HECP-Response-Sign-And-Encrypt 2
87 ATTRIBUTE MS-Machine-Name 50 string
88 ATTRIBUTE MS-IPv6-Filter 51 octets
89 ATTRIBUTE MS-IPv4-Remediation-Servers 52 octets
90 ATTRIBUTE MS-IPv6-Remediation-Servers 53 octets
91 ATTRIBUTE MS-RNAP-Not-Quarantine-Capable 54 integer
93 VALUE MS-RNAP-Not-Quarantine-Capable SoH-Sent 0
94 VALUE MS-RNAP-Not-Quarantine-Capable SoH-Not-Sent 1
96 ATTRIBUTE MS-Quarantine-SOH 55 octets
97 ATTRIBUTE MS-RAS-Correlation 56 octets
99 # Or this might be 56?
100 ATTRIBUTE MS-Extended-Quarantine-State 57 integer
102 ATTRIBUTE MS-HCAP-User-Groups 58 string
103 ATTRIBUTE MS-HCAP-Location-Group-Name 59 string
104 ATTRIBUTE MS-HCAP-User-Name 60 string
105 ATTRIBUTE MS-User-IPv4-Address 61 ipaddr
106 ATTRIBUTE MS-User-IPv6-Address 62 ipv6addr
107 ATTRIBUTE MS-TSG-Device-Redirection 63 integer
110 # Integer Translations
113 # MS-BAP-Usage Values
115 VALUE MS-BAP-Usage Not-Allowed 0
116 VALUE MS-BAP-Usage Allowed 1
117 VALUE MS-BAP-Usage Required 2
119 # MS-ARAP-Password-Change-Reason Values
121 VALUE MS-ARAP-PW-Change-Reason Just-Change-Password 1
122 VALUE MS-ARAP-PW-Change-Reason Expired-Password 2
123 VALUE MS-ARAP-PW-Change-Reason Admin-Requires-Password-Change 3
124 VALUE MS-ARAP-PW-Change-Reason Password-Too-Short 4
126 # MS-Acct-Auth-Type Values
128 VALUE MS-Acct-Auth-Type PAP 1
129 VALUE MS-Acct-Auth-Type CHAP 2
130 VALUE MS-Acct-Auth-Type MS-CHAP-1 3
131 VALUE MS-Acct-Auth-Type MS-CHAP-2 4
132 VALUE MS-Acct-Auth-Type EAP 5
134 # MS-Acct-EAP-Type Values
136 VALUE MS-Acct-EAP-Type MD5 4
137 VALUE MS-Acct-EAP-Type OTP 5
138 VALUE MS-Acct-EAP-Type Generic-Token-Card 6
139 VALUE MS-Acct-EAP-Type TLS 13
141 # MS-Identity-Type Values
143 VALUE MS-Identity-Type Machine-Health-Check 1
144 VALUE MS-Identity-Type Ignore-User-Lookup-Failure 2
146 # MS-Quarantine-State Values
148 VALUE MS-Quarantine-State Full-Access 0
149 VALUE MS-Quarantine-State Quarantine 1
150 VALUE MS-Quarantine-State Probation 2
152 # MS-Network-Access-Server-Type Values
154 VALUE MS-Network-Access-Server-Type Unspecified 0
155 VALUE MS-Network-Access-Server-Type Terminal-Server-Gateway 1
156 VALUE MS-Network-Access-Server-Type Remote-Access-Server 2
157 VALUE MS-Network-Access-Server-Type DHCP-Server 3
158 VALUE MS-Network-Access-Server-Type Wireless-Access-Point 4
159 VALUE MS-Network-Access-Server-Type HRA 5
160 VALUE MS-Network-Access-Server-Type HCAP-Server 6
162 # MS-Extended-Quarantine-State Values
164 VALUE MS-Extended-Quarantine-State Transition 1
165 VALUE MS-Extended-Quarantine-State Infected 2
166 VALUE MS-Extended-Quarantine-State Unknown 3
167 VALUE MS-Extended-Quarantine-State No-Data 4