ATTRIBUTE EAP-TLS-Require-Client-Cert 1019 integer
ATTRIBUTE EAP-Id 1020 integer
ATTRIBUTE EAP-Code 1021 integer
-ATTRIBUTE EAP-MD5-Password 1022 string
+# Attribute 1022 unused, was EAP-MD5-Password, which was
+# used only be radeapclient. It's been replaced by Cleartext-Password
ATTRIBUTE PEAP-Version 1023 integer
-
-#
-# Range: 1023-1028
-# unused
-#
+ATTRIBUTE Client-Shortname 1024 string
+ATTRIBUTE Load-Balance-Key 1025 string
+ATTRIBUTE Raw-Attribute 1026 octets
+ATTRIBUTE TNC-VLAN-Access 1027 string
+ATTRIBUTE TNC-VLAN-Isolate 1028 string
ATTRIBUTE User-Category 1029 string
ATTRIBUTE Group-Name 1030 string
ATTRIBUTE Huntgroup-Name 1031 string
ATTRIBUTE Digest-HA1 1081 string
ATTRIBUTE MS-CHAP-Use-NTLM-Auth 1082 integer
ATTRIBUTE NTLM-User-Name 1083 string
+ATTRIBUTE MS-CHAP-User-Name 1083 string
ATTRIBUTE Packet-Src-IP-Address 1084 ipaddr
ATTRIBUTE Packet-Dst-IP-Address 1085 ipaddr
ATTRIBUTE Packet-Src-Port 1086 integer
ATTRIBUTE Cache-Delete-Cache 1092 string
ATTRIBUTE SHA-Password 1093 octets
ATTRIBUTE SSHA-Password 1094 octets
+ATTRIBUTE SHA1-Password 1093 octets
+ATTRIBUTE SSHA1-Password 1094 octets
ATTRIBUTE MD5-Password 1095 octets
ATTRIBUTE SMD5-Password 1096 octets
ATTRIBUTE Packet-Src-IPv6-Address 1097 ipv6addr
ATTRIBUTE Packet-Dst-IPv6-Address 1098 ipv6addr
-ATTRIBUTE Server-Identity 1099 string
+ATTRIBUTE Virtual-Server 1099 string
+ATTRIBUTE Cleartext-Password 1100 string
+ATTRIBUTE Password-With-Header 1101 string
+ATTRIBUTE Inner-Tunnel-User-Name 1102 string
+
+#
+# EAP-IKEv2 is experimental.
+#
+ATTRIBUTE EAP-IKEv2-IDType 1103 integer
+
+VALUE EAP-IKEv2-IDType IPV4_ADDR 1
+VALUE EAP-IKEv2-IDType FQDN 2
+VALUE EAP-IKEv2-IDType RFC822_ADDR 3
+VALUE EAP-IKEv2-IDType IPV6_ADDR 5
+VALUE EAP-IKEv2-IDType DER_ASN1_DN 9
+VALUE EAP-IKEv2-IDType DER_ASN1_GN 10
+VALUE EAP-IKEv2-IDType KEY_ID 11
+
+ATTRIBUTE EAP-IKEv2-ID 1104 string
+ATTRIBUTE EAP-IKEv2-Secret 1105 string
+ATTRIBUTE EAP-IKEv2-AuthType 1106 integer
+
+VALUE EAP-IKEv2-AuthType none 0
+VALUE EAP-IKEv2-AuthType secret 1
+VALUE EAP-IKEv2-AuthType cert 2
+VALUE EAP-IKEv2-AuthType both 3
+
+ATTRIBUTE Send-Disconnect-Request 1107 integer
+ATTRIBUTE Send-CoA-Request 1107 integer
+
+VALUE Send-CoA-Request No 0
+VALUE Send-CoA-Request Yes 1
+
+ATTRIBUTE Module-Return-Code 1108 integer
+
+VALUE Module-Return-Code reject 0
+VALUE Module-Return-Code fail 1
+VALUE Module-Return-Code ok 2
+VALUE Module-Return-Code handled 3
+VALUE Module-Return-Code invalid 4
+VALUE Module-Return-Code userlock 5
+VALUE Module-Return-Code notfound 6
+VALUE Module-Return-Code noop 7
+VALUE Module-Return-Code updated 8
+
+ATTRIBUTE Packet-Original-Timestamp 1109 date
+ATTRIBUTE SQL-Table-Name 1110 string
+ATTRIBUTE Home-Server-Pool 1111 string
+
+ATTRIBUTE FreeRADIUS-Client-IP-Address 1120 ipaddr
+ATTRIBUTE FreeRADIUS-Client-IPv6-Address 1121 ipv6addr
+ATTRIBUTE FreeRADIUS-Client-Require-MA 1122 integer
+
+VALUE FreeRADIUS-Client-Require-MA no 0
+VALUE FreeRADIUS-Client-Require-MA yes 1
+
+ATTRIBUTE FreeRADIUS-Client-Secret 1123 string
+ATTRIBUTE FreeRADIUS-Client-Shortname 1124 string
+ATTRIBUTE FreeRADIUS-Client-NAS-Type 1125 string
+ATTRIBUTE FreeRADIUS-Client-Virtual-Server 1126 string
+
+# For session resumption
+ATTRIBUTE Allow-Session-Resumption 1127 integer
+
+VALUE Allow-Session-Resumption no 0
+VALUE Allow-Session-Resumption yes 1
+
+ATTRIBUTE EAP-Session-Resumed 1128 integer
+
+VALUE EAP-Session-Resumed no 0
+VALUE EAP-Session-Resumed yes 1
+
+#
+# Expose EAP keys in the reply.
+#
+ATTRIBUTE EAP-MSK 1129 octets
+ATTRIBUTE EAP-EMSK 1130 octets
+
+#
+# For send/recv CoA packets (like Auth-Type, Acct-Type, etc.)
+#
+ATTRIBUTE Recv-CoA-Type 1131 integer
+ATTRIBUTE Send-CoA-Type 1132 integer
+
+ATTRIBUTE MS-CHAP-Password 1133 string
+ATTRIBUTE Packet-Transmit-Counter 1134 integer
+ATTRIBUTE Cached-Session-Policy 1135 string
#
# Range: 1200-1279
ATTRIBUTE Tmp-IP-Address-8 1828 ipaddr
ATTRIBUTE Tmp-IP-Address-9 1829 ipaddr
+# Range: 1900-1909
+# WiMAX server-side attributes.
+#
+# These are NOT sent in a packet, but are otherwise
+# available for testing and validation. The various
+# things that *are* sent in a packet are derived from
+# these attributes.
+#
+ATTRIBUTE WiMAX-MN-NAI 1900 string
+ATTRIBUTE WiMAX-FA-IP-Address 1901 ipaddr
+ATTRIBUTE WiMAX-MN-FA 1902 octets
+
+ATTRIBUTE TLS-Cert-Serial 1910 string
+ATTRIBUTE TLS-Cert-Expiration 1911 string
+ATTRIBUTE TLS-Cert-Issuer 1912 string
+ATTRIBUTE TLS-Cert-Subject 1913 string
+ATTRIBUTE TLS-Cert-Common-Name 1914 string
+# 1915 - 1919: reserved for future cert attributes
+ATTRIBUTE TLS-Client-Cert-Serial 1920 string
+ATTRIBUTE TLS-Client-Cert-Expiration 1921 string
+ATTRIBUTE TLS-Client-Cert-Issuer 1922 string
+ATTRIBUTE TLS-Client-Cert-Subject 1923 string
+ATTRIBUTE TLS-Client-Cert-Common-Name 1924 string
+ATTRIBUTE TLS-Client-Cert-Filename 1925 string
+
+#
+# Range: 1910-2099
+# Free
+#
+# Range: 2100-2199
+# SoH attributes; FIXME: these should really be protocol attributes
+# so that the SoH radius request can be proxied, but from which
+# vendor? Sigh...
+#
+ATTRIBUTE SoH-MS-Machine-OS-vendor 2100 integer
+VALUE SoH-MS-Machine-OS-vendor Microsoft 311
+
+ATTRIBUTE SoH-MS-Machine-OS-version 2101 integer
+ATTRIBUTE SoH-MS-Machine-OS-release 2102 integer
+ATTRIBUTE SoH-MS-Machine-OS-build 2103 integer
+ATTRIBUTE SoH-MS-Machine-SP-version 2104 integer
+ATTRIBUTE SoH-MS-Machine-SP-release 2105 integer
+
+ATTRIBUTE SoH-MS-Machine-Processor 2106 integer
+VALUE SoH-MS-Machine-Processor x86 0
+VALUE SoH-MS-Machine-Processor i64 6
+VALUE SoH-MS-Machine-Processor x86_64 9
+
+ATTRIBUTE SoH-MS-Machine-Name 2107 string
+ATTRIBUTE SoH-MS-Correlation-Id 2108 octets
+ATTRIBUTE SoH-MS-Machine-Role 2109 integer
+VALUE SoH-MS-Machine-Role client 1
+VALUE SoH-MS-Machine-Role dc 2
+VALUE SoH-MS-Machine-Role server 3
+
+
+ATTRIBUTE SoH-Supported 2119 integer
+VALUE SoH-Supported no 0
+VALUE SoH-Supported yes 1
+
+ATTRIBUTE SoH-MS-Windows-Health-Status 2120 string
+ATTRIBUTE SoH-MS-Health-Other 2129 string
+
#
-# Range: 1900-2999
+# Range: 2200-2999
# Free
#
# Range: 3000-3999
# ldap module.
VALUE Auth-Type PAM 1027
VALUE Auth-Type MS-CHAP 1028
+VALUE Auth-Type MSCHAP 1028
VALUE Auth-Type Kerberos 1029
VALUE Auth-Type CRAM 1030
VALUE Auth-Type NS-MTA-MD5 1031
VALUE Fall-Through No 0
VALUE Fall-Through Yes 1
-#VALUE Strip-User-Name No 0
-#VALUE Strip-User-Name Yes 1
+VALUE Strip-User-Name No 0
+VALUE Strip-User-Name Yes 1
VALUE Packet-Type Access-Request 1
VALUE Packet-Type Access-Accept 2
VALUE Packet-Type Password-Expired 32
VALUE Packet-Type Event-Request 33
VALUE Packet-Type Event-Response 34
+
+# RFC 3576 allocates packet types 40-45
+
VALUE Packet-Type Disconnect-Request 40
VALUE Packet-Type Disconnect-ACK 41
VALUE Packet-Type Disconnect-NAK 42
-VALUE Packet-Type CoF-Request 43
-VALUE Packet-Type CoF-ACK 44
-VALUE Packet-Type CoF-NAK 45
+VALUE Packet-Type CoA-Request 43
+VALUE Packet-Type CoA-ACK 44
+VALUE Packet-Type CoA-NAK 45
+
VALUE Packet-Type IP-Address-Allocate 50
VALUE Packet-Type IP-Address-Release 51
VALUE Response-Packet-Type Status-Server 12
VALUE Response-Packet-Type Status-Client 13
+VALUE Response-Packet-Type Disconnect-Request 40
+VALUE Response-Packet-Type Disconnect-ACK 41
+VALUE Response-Packet-Type Disconnect-NAK 42
+VALUE Response-Packet-Type CoA-Request 43
+VALUE Response-Packet-Type CoA-ACK 44
+VALUE Response-Packet-Type CoA-NAK 45
+#
+# Special value
+#
+VALUE Response-Packet-Type Do-Not-Respond 256
+
#
# EAP Sub-types, inside of Request and Response packets
#