1# -*- text -*- 2# Copyright (C) 2011 The FreeRADIUS Server project and contributors 3# 4# Non Protocol Attributes used by FreeRADIUS 5# 6# $Id: b830d56623fc3aad78122fa6af04ce66416123b6 $ 7# 8 9# The attributes number ranges are allocates as follows: 10# 11# Range: 500-999 12# server-side attributes which can go in a reply list 13 14# These attributes CAN go in the reply item list. 15ATTRIBUTE Fall-Through 500 integer 16ATTRIBUTE Relax-Filter 501 integer 17ATTRIBUTE Exec-Program 502 string 18ATTRIBUTE Exec-Program-Wait 503 string 19 20# These attributes CANNOT go in the reply item list. 21 22# 23# Range: 1000+ 24# Attributes which cannot go in a reply list. 25# 26# 27# Range: 1000-1199 28# Miscellaneous server attributes. 29# 30# 31# Non-Protocol Attributes 32# These attributes are used internally by the server 33# 34ATTRIBUTE Auth-Type 1000 integer 35ATTRIBUTE Menu 1001 string 36ATTRIBUTE Termination-Menu 1002 string 37ATTRIBUTE Prefix 1003 string 38ATTRIBUTE Suffix 1004 string 39ATTRIBUTE Group 1005 string 40ATTRIBUTE Crypt-Password 1006 string 41ATTRIBUTE Connect-Rate 1007 integer 42ATTRIBUTE Add-Prefix 1008 string 43ATTRIBUTE Add-Suffix 1009 string 44ATTRIBUTE Expiration 1010 date 45ATTRIBUTE Autz-Type 1011 integer 46ATTRIBUTE Acct-Type 1012 integer 47ATTRIBUTE Session-Type 1013 integer 48ATTRIBUTE Post-Auth-Type 1014 integer 49ATTRIBUTE Pre-Proxy-Type 1015 integer 50ATTRIBUTE Post-Proxy-Type 1016 integer 51ATTRIBUTE Pre-Acct-Type 1017 integer 52 53# 54# This is the EAP type of authentication, which is set 55# by the EAP module, for informational purposes only. 56# 57ATTRIBUTE EAP-Type 1018 integer 58ATTRIBUTE EAP-TLS-Require-Client-Cert 1019 integer 59ATTRIBUTE EAP-Id 1020 integer 60ATTRIBUTE EAP-Code 1021 integer 61ATTRIBUTE EAP-MD5-Password 1022 string 62ATTRIBUTE PEAP-Version 1023 integer 63ATTRIBUTE Client-Shortname 1024 string virtual 64ATTRIBUTE Load-Balance-Key 1025 string 65ATTRIBUTE Raw-Attribute 1026 octets 66ATTRIBUTE TNC-VLAN-Access 1027 string 67ATTRIBUTE TNC-VLAN-Isolate 1028 string 68ATTRIBUTE User-Category 1029 string 69ATTRIBUTE Group-Name 1030 string 70ATTRIBUTE Huntgroup-Name 1031 string 71ATTRIBUTE Simultaneous-Use 1034 integer 72ATTRIBUTE Strip-User-Name 1035 integer 73ATTRIBUTE Hint 1040 string 74ATTRIBUTE Pam-Auth 1041 string 75ATTRIBUTE Login-Time 1042 string 76ATTRIBUTE Stripped-User-Name 1043 string 77ATTRIBUTE Current-Time 1044 string 78ATTRIBUTE Realm 1045 string 79ATTRIBUTE No-Such-Attribute 1046 string 80ATTRIBUTE Packet-Type 1047 integer virtual 81ATTRIBUTE Proxy-To-Realm 1048 string 82ATTRIBUTE Replicate-To-Realm 1049 string 83ATTRIBUTE Acct-Session-Start-Time 1050 date 84ATTRIBUTE Acct-Unique-Session-Id 1051 string 85ATTRIBUTE Client-IP-Address 1052 ipaddr virtual 86ATTRIBUTE Ldap-UserDn 1053 string 87ATTRIBUTE NS-MTA-MD5-Password 1054 string 88ATTRIBUTE SQL-User-Name 1055 string 89ATTRIBUTE LM-Password 1057 octets 90ATTRIBUTE NT-Password 1058 octets 91ATTRIBUTE SMB-Account-CTRL 1059 integer 92ATTRIBUTE SMB-Account-CTRL-TEXT 1061 string 93ATTRIBUTE User-Profile 1062 string 94ATTRIBUTE Digest-Realm 1063 string 95ATTRIBUTE Digest-Nonce 1064 string 96ATTRIBUTE Digest-Method 1065 string 97ATTRIBUTE Digest-URI 1066 string 98ATTRIBUTE Digest-QOP 1067 string 99ATTRIBUTE Digest-Algorithm 1068 string 100ATTRIBUTE Digest-Body-Digest 1069 string 101ATTRIBUTE Digest-CNonce 1070 string 102ATTRIBUTE Digest-Nonce-Count 1071 string 103ATTRIBUTE Digest-User-Name 1072 string 104ATTRIBUTE Pool-Name 1073 string 105ATTRIBUTE Ldap-Group 1074 string 106ATTRIBUTE Module-Success-Message 1075 string 107ATTRIBUTE Module-Failure-Message 1076 string 108# X99-Fast 1077 integer 109ATTRIBUTE Rewrite-Rule 1078 string 110ATTRIBUTE Sql-Group 1079 string 111ATTRIBUTE Response-Packet-Type 1080 integer virtual 112ATTRIBUTE Digest-HA1 1081 string 113ATTRIBUTE MS-CHAP-Use-NTLM-Auth 1082 integer 114ATTRIBUTE NTLM-User-Name 1083 string 115ATTRIBUTE MS-CHAP-User-Name 1083 string 116ATTRIBUTE Packet-Src-IP-Address 1084 ipaddr virtual 117ATTRIBUTE Packet-Dst-IP-Address 1085 ipaddr virtual 118ATTRIBUTE Packet-Src-Port 1086 integer virtual 119ATTRIBUTE Packet-Dst-Port 1087 integer virtual 120ATTRIBUTE Packet-Authentication-Vector 1088 octets virtual 121ATTRIBUTE Time-Of-Day 1089 string 122ATTRIBUTE Request-Processing-Stage 1090 string virtual 123ATTRIBUTE SHA2-Password 1092 octets 124ATTRIBUTE SHA-Password 1093 octets 125ATTRIBUTE SSHA-Password 1094 octets 126ATTRIBUTE SHA1-Password 1093 octets 127ATTRIBUTE SSHA1-Password 1094 octets 128ATTRIBUTE MD5-Password 1095 octets 129ATTRIBUTE SMD5-Password 1096 octets 130ATTRIBUTE Packet-Src-IPv6-Address 1097 ipv6addr virtual 131ATTRIBUTE Packet-Dst-IPv6-Address 1098 ipv6addr virtual 132ATTRIBUTE Virtual-Server 1099 string virtual 133ATTRIBUTE Cleartext-Password 1100 string 134ATTRIBUTE Password-With-Header 1101 string 135ATTRIBUTE Inner-Tunnel-User-Name 1102 string 136# 137# EAP-IKEv2 is experimental. 138# 139ATTRIBUTE EAP-IKEv2-IDType 1103 integer 140 141VALUE EAP-IKEv2-IDType IPV4_ADDR 1 142VALUE EAP-IKEv2-IDType FQDN 2 143VALUE EAP-IKEv2-IDType RFC822_ADDR 3 144VALUE EAP-IKEv2-IDType IPV6_ADDR 5 145VALUE EAP-IKEv2-IDType DER_ASN1_DN 9 146VALUE EAP-IKEv2-IDType DER_ASN1_GN 10 147VALUE EAP-IKEv2-IDType KEY_ID 11 148 149ATTRIBUTE EAP-IKEv2-ID 1104 string 150ATTRIBUTE EAP-IKEv2-Secret 1105 string 151ATTRIBUTE EAP-IKEv2-AuthType 1106 integer 152 153VALUE EAP-IKEv2-AuthType none 0 154VALUE EAP-IKEv2-AuthType secret 1 155VALUE EAP-IKEv2-AuthType cert 2 156VALUE EAP-IKEv2-AuthType both 3 157 158ATTRIBUTE Send-Disconnect-Request 1107 integer 159ATTRIBUTE Send-CoA-Request 1107 integer 160 161VALUE Send-CoA-Request No 0 162VALUE Send-CoA-Request Yes 1 163 164ATTRIBUTE Module-Return-Code 1108 integer virtual 165 166VALUE Module-Return-Code reject 0 167VALUE Module-Return-Code fail 1 168VALUE Module-Return-Code ok 2 169VALUE Module-Return-Code handled 3 170VALUE Module-Return-Code invalid 4 171VALUE Module-Return-Code userlock 5 172VALUE Module-Return-Code notfound 6 173VALUE Module-Return-Code noop 7 174VALUE Module-Return-Code updated 8 175 176ATTRIBUTE Packet-Original-Timestamp 1109 date 177ATTRIBUTE SQL-Table-Name 1110 string 178ATTRIBUTE Home-Server-Pool 1111 string 179 180ATTRIBUTE FreeRADIUS-Client-IP-Address 1120 ipaddr 181ATTRIBUTE FreeRADIUS-Client-IPv6-Address 1121 ipv6addr 182# The rest of the FreeRADIUS-Client-* attributes are at 1150... 183 184ATTRIBUTE FreeRADIUS-Client-Require-MA 1122 integer 185 186VALUE FreeRADIUS-Client-Require-MA no 0 187VALUE FreeRADIUS-Client-Require-MA yes 1 188 189ATTRIBUTE FreeRADIUS-Client-Secret 1123 string 190ATTRIBUTE FreeRADIUS-Client-Shortname 1124 string 191ATTRIBUTE FreeRADIUS-Client-NAS-Type 1125 string 192ATTRIBUTE FreeRADIUS-Client-Virtual-Server 1126 string 193 194# For session resumption 195ATTRIBUTE Allow-Session-Resumption 1127 integer 196 197VALUE Allow-Session-Resumption no 0 198VALUE Allow-Session-Resumption yes 1 199 200ATTRIBUTE EAP-Session-Resumed 1128 integer 201 202VALUE EAP-Session-Resumed no 0 203VALUE EAP-Session-Resumed yes 1 204 205# 206# Expose EAP keys in the reply. 207# 208ATTRIBUTE EAP-MSK 1129 octets 209ATTRIBUTE EAP-EMSK 1130 octets 210 211# 212# For send/recv CoA packets (like Auth-Type, Acct-Type, etc.) 213# 214ATTRIBUTE Recv-CoA-Type 1131 integer 215ATTRIBUTE Send-CoA-Type 1132 integer 216 217ATTRIBUTE MS-CHAP-Password 1133 string 218ATTRIBUTE Packet-Transmit-Counter 1134 integer 219ATTRIBUTE Cached-Session-Policy 1135 string 220ATTRIBUTE MS-CHAP-New-Cleartext-Password 1136 string 221ATTRIBUTE MS-CHAP-New-NT-Password 1137 octets 222 223# For default policies 224 225ATTRIBUTE Stripped-User-Domain 1138 string 226ATTRIBUTE Called-Station-SSID 1139 string 227 228VALUE Cache-Status-Only no 0 229VALUE Cache-Status-Only yes 1 230 231VALUE Cache-Merge no 0 232VALUE Cache-Merge yes 1 233 234VALUE Cache-Read-Only no 0 235VALUE Cache-Read-Only yes 1 236 237ATTRIBUTE OTP-Challenge 1145 string 238ATTRIBUTE EAP-Session-Id 1146 octets 239ATTRIBUTE Chbind-Response-Code 1147 integer 240 241ATTRIBUTE Chbind-Response-Code 1147 integer 242 243VALUE Chbind-Response-Code success 2 244VALUE Chbind-Response-Code failure 3 245 246# 247# Server-side "listen type = foo" 248# 249ATTRIBUTE Listen-Socket-Type 1147 integer 250 251VALUE Listen-Socket-Type none 0 252VALUE Listen-Socket-Type status 0 253VALUE Listen-Socket-Type proxy 1 254VALUE Listen-Socket-Type auth 2 255VALUE Listen-Socket-Type auth+acct 2 256VALUE Listen-Socket-Type acct 3 257VALUE Listen-Socket-Type detail 4 258VALUE Listen-Socket-Type vmps 5 259VALUE Listen-Socket-Type dhcp 6 260VALUE Listen-Socket-Type control 7 261VALUE Listen-Socket-Type coa 8 262 263ATTRIBUTE Acct-Input-Octets64 1148 integer64 264ATTRIBUTE Acct-Output-Octets64 1149 integer64 265 266ATTRIBUTE FreeRADIUS-Client-IP-Prefix 1150 ipv4prefix 267ATTRIBUTE FreeRADIUS-Client-IPv6-Prefix 1151 ipv6prefix 268ATTRIBUTE FreeRADIUS-Response-Delay 1152 integer 269ATTRIBUTE FreeRADIUS-Client-Src-IP-Address 1153 ipaddr 270ATTRIBUTE FreeRADIUS-Client-Src-IPv6-Address 1154 ipv6addr 271ATTRIBUTE FreeRADIUS-Response-Delay-USec 1155 integer 272 273ATTRIBUTE REST-HTTP-Header 1160 string 274ATTRIBUTE REST-HTTP-Body 1161 string 275 276ATTRIBUTE Cache-Expires 1170 date 277ATTRIBUTE Cache-Created 1171 date 278ATTRIBUTE Cache-TTL 1172 signed 279ATTRIBUTE Cache-Status-Only 1173 integer 280ATTRIBUTE Cache-Merge 1174 integer 281ATTRIBUTE Cache-Entry-Hits 1175 integer 282ATTRIBUTE Cache-Read-Only 1176 integer 283 284# 285# Range: 1200-1279 286# EAP-SIM (and other EAP type) weirdness. 287# 288# For EAP-SIM, some attribute definitions for database interface 289# 290ATTRIBUTE EAP-Sim-Subtype 1200 integer 291 292ATTRIBUTE EAP-Sim-Rand1 1201 octets 293ATTRIBUTE EAP-Sim-Rand2 1202 octets 294ATTRIBUTE EAP-Sim-Rand3 1203 octets 295 296ATTRIBUTE EAP-Sim-SRES1 1204 octets 297ATTRIBUTE EAP-Sim-SRES2 1205 octets 298ATTRIBUTE EAP-Sim-SRES3 1206 octets 299 300VALUE EAP-Sim-Subtype Start 10 301VALUE EAP-Sim-Subtype Challenge 11 302VALUE EAP-Sim-Subtype Notification 12 303VALUE EAP-Sim-Subtype Re-authentication 13 304 305# this attribute is used internally by the client code. 306ATTRIBUTE EAP-Sim-State 1207 integer 307 308ATTRIBUTE EAP-Sim-IMSI 1208 string 309ATTRIBUTE EAP-Sim-HMAC 1209 string 310ATTRIBUTE EAP-Sim-KEY 1210 octets 311ATTRIBUTE EAP-Sim-EXTRA 1211 octets 312 313ATTRIBUTE EAP-Sim-Kc1 1212 octets 314ATTRIBUTE EAP-Sim-Kc2 1213 octets 315ATTRIBUTE EAP-Sim-Kc3 1214 octets 316 317ATTRIBUTE EAP-Sim-Ki 1215 octets 318ATTRIBUTE EAP-Sim-Algo-Version 1216 integer 319 320# 321# Range: 1280 - 1535 322# EAP-type specific attributes 323# 324# These are used mostly for radeapclient, and aren't 325# that useful for anyone else. 326# 327# egrep VALUE dictionary.freeradius.internal | grep EAP-Type | awk '{print "ATTRIBUTE EAP-Type-" $3 " " 1280+$4 " octets"}' > foo;./format.pl foo 328# 329ATTRIBUTE EAP-Type-Base 1280 octets 330ATTRIBUTE EAP-Type-VALUE 1280 octets 331ATTRIBUTE EAP-Type-None 1280 octets 332ATTRIBUTE EAP-Type-Identity 1281 octets 333ATTRIBUTE EAP-Type-Notification 1282 octets 334ATTRIBUTE EAP-Type-NAK 1283 octets 335ATTRIBUTE EAP-Type-MD5-Challenge 1284 octets 336ATTRIBUTE EAP-Type-One-Time-Password 1285 octets 337ATTRIBUTE EAP-Type-Generic-Token-Card 1286 octets 338ATTRIBUTE EAP-Type-RSA-Public-Key 1289 octets 339ATTRIBUTE EAP-Type-DSS-Unilateral 1290 octets 340ATTRIBUTE EAP-Type-KEA 1291 octets 341ATTRIBUTE EAP-Type-KEA-Validate 1292 octets 342ATTRIBUTE EAP-Type-EAP-TLS 1293 octets 343ATTRIBUTE EAP-Type-Defender-Token 1294 octets 344ATTRIBUTE EAP-Type-RSA-SecurID-EAP 1295 octets 345ATTRIBUTE EAP-Type-Arcot-Systems-EAP 1296 octets 346ATTRIBUTE EAP-Type-Cisco-LEAP 1297 octets 347ATTRIBUTE EAP-Type-Nokia-IP-Smart-Card 1298 octets 348ATTRIBUTE EAP-Type-SIM 1298 octets 349ATTRIBUTE EAP-Type-SRP-SHA1 1299 octets 350ATTRIBUTE EAP-Type-EAP-TTLS 1301 octets 351ATTRIBUTE EAP-Type-Remote-Access-Service 1302 octets 352ATTRIBUTE EAP-Type-AKA 1303 octets 353ATTRIBUTE EAP-Type-EAP-3Com-Wireless 1304 octets 354ATTRIBUTE EAP-Type-PEAP 1305 octets 355ATTRIBUTE EAP-Type-MS-EAP-Authentication 1306 octets 356ATTRIBUTE EAP-Type-MAKE 1307 octets 357ATTRIBUTE EAP-Type-CRYPTOCard 1308 octets 358ATTRIBUTE EAP-Type-EAP-MSCHAP-V2 1309 octets 359ATTRIBUTE EAP-Type-DynamID 1310 octets 360ATTRIBUTE EAP-Type-Rob-EAP 1311 octets 361ATTRIBUTE EAP-Type-SecurID-EAP 1312 octets 362ATTRIBUTE EAP-Type-MS-Authentication-TLV 1313 octets 363ATTRIBUTE EAP-Type-SentriNET 1314 octets 364ATTRIBUTE EAP-Type-EAP-Actiontec-Wireless 1315 octets 365ATTRIBUTE EAP-Type-Cogent-Biomentric-EAP 1316 octets 366ATTRIBUTE EAP-Type-AirFortress-EAP 1317 octets 367ATTRIBUTE EAP-Type-EAP-HTTP-Digest 1318 octets 368ATTRIBUTE EAP-Type-SecuriSuite-EAP 1319 octets 369ATTRIBUTE EAP-Type-DeviceConnect-EAP 1320 octets 370ATTRIBUTE EAP-Type-EAP-SPEKE 1321 octets 371ATTRIBUTE EAP-Type-EAP-MOBAC 1322 octets 372ATTRIBUTE EAP-Type-EAP-FAST 1323 octets 373ATTRIBUTE EAP-Type-Zonelabs 1324 octets 374ATTRIBUTE EAP-Type-EAP-Link 1325 octets 375ATTRIBUTE EAP-Type-EAP-PAX 1326 octets 376ATTRIBUTE EAP-Type-EAP-PSK 1327 octets 377ATTRIBUTE EAP-Type-EAP-SAKE 1328 octets 378ATTRIBUTE EAP-Type-EAP-IKEv2 1329 octets 379ATTRIBUTE EAP-Type-EAP-AKA2 1330 octets 380ATTRIBUTE EAP-Type-EAP-GPSK 1331 octets 381ATTRIBUTE EAP-Type-EAP-PWD 1332 octets 382ATTRIBUTE EAP-Type-EAP-EVEv1 1333 octets 383 384ATTRIBUTE EAP-Type-Microsoft-MS-CHAPv2 1306 octets 385ATTRIBUTE EAP-Type-Cisco-MS-CHAPv2 1309 octets 386ATTRIBUTE EAP-Type-MS-CHAP-V2 1306 octets 387 388# 389# Range: 1536 - 1791 390# EAP Sim sub-types. 391# 392 393# these are PW_EAP_SIM_X + 1536 394ATTRIBUTE EAP_Sim-Base 1536 octets 395ATTRIBUTE EAP-Sim-RAND 1537 octets 396ATTRIBUTE EAP-Sim-PADDING 1542 octets 397ATTRIBUTE EAP-Sim-NONCE_MT 1543 octets 398ATTRIBUTE EAP-Sim-PERMANENT_ID_REQ 1546 octets 399ATTRIBUTE EAP-Sim-MAC 1547 octets 400ATTRIBUTE EAP-Sim-NOTIFICATION 1548 octets 401ATTRIBUTE EAP-Sim-ANY_ID_REQ 1549 octets 402ATTRIBUTE EAP-Sim-IDENTITY 1550 octets 403ATTRIBUTE EAP-Sim-VERSION_LIST 1551 octets 404ATTRIBUTE EAP-Sim-SELECTED_VERSION 1552 octets 405ATTRIBUTE EAP-Sim-FULLAUTH_ID_REQ 1553 octets 406ATTRIBUTE EAP-Sim-COUNTER 1555 octets 407ATTRIBUTE EAP-Sim-COUNTER_TOO_SMALL 1556 octets 408ATTRIBUTE EAP-Sim-NONCE_S 1557 octets 409ATTRIBUTE EAP-Sim-IV 1665 octets 410ATTRIBUTE EAP-Sim-ENCR_DATA 1666 octets 411ATTRIBUTE EAP-Sim-NEXT_PSEUDONUM 1668 octets 412ATTRIBUTE EAP-Sim-NEXT_REAUTH_ID 1669 octets 413ATTRIBUTE EAP-Sim-CHECKCODE 1670 octets 414 415# 416# Range: 1800-1899 417# Temporary attributes, for local storage. 418# 419ATTRIBUTE Tmp-String-0 1800 string 420ATTRIBUTE Tmp-String-1 1801 string 421ATTRIBUTE Tmp-String-2 1802 string 422ATTRIBUTE Tmp-String-3 1803 string 423ATTRIBUTE Tmp-String-4 1804 string 424ATTRIBUTE Tmp-String-5 1805 string 425ATTRIBUTE Tmp-String-6 1806 string 426ATTRIBUTE Tmp-String-7 1807 string 427ATTRIBUTE Tmp-String-8 1808 string 428ATTRIBUTE Tmp-String-9 1809 string 429 430ATTRIBUTE Tmp-Integer-0 1810 integer 431ATTRIBUTE Tmp-Integer-1 1811 integer 432ATTRIBUTE Tmp-Integer-2 1812 integer 433ATTRIBUTE Tmp-Integer-3 1813 integer 434ATTRIBUTE Tmp-Integer-4 1814 integer 435ATTRIBUTE Tmp-Integer-5 1815 integer 436ATTRIBUTE Tmp-Integer-6 1816 integer 437ATTRIBUTE Tmp-Integer-7 1817 integer 438ATTRIBUTE Tmp-Integer-8 1818 integer 439ATTRIBUTE Tmp-Integer-9 1819 integer 440 441ATTRIBUTE Tmp-IP-Address-0 1820 ipaddr 442ATTRIBUTE Tmp-IP-Address-1 1821 ipaddr 443ATTRIBUTE Tmp-IP-Address-2 1822 ipaddr 444ATTRIBUTE Tmp-IP-Address-3 1823 ipaddr 445ATTRIBUTE Tmp-IP-Address-4 1824 ipaddr 446ATTRIBUTE Tmp-IP-Address-5 1825 ipaddr 447ATTRIBUTE Tmp-IP-Address-6 1826 ipaddr 448ATTRIBUTE Tmp-IP-Address-7 1827 ipaddr 449ATTRIBUTE Tmp-IP-Address-8 1828 ipaddr 450ATTRIBUTE Tmp-IP-Address-9 1829 ipaddr 451 452ATTRIBUTE Tmp-Octets-0 1830 octets 453ATTRIBUTE Tmp-Octets-1 1831 octets 454ATTRIBUTE Tmp-Octets-2 1832 octets 455ATTRIBUTE Tmp-Octets-3 1833 octets 456ATTRIBUTE Tmp-Octets-4 1834 octets 457ATTRIBUTE Tmp-Octets-5 1835 octets 458ATTRIBUTE Tmp-Octets-6 1836 octets 459ATTRIBUTE Tmp-Octets-7 1837 octets 460ATTRIBUTE Tmp-Octets-8 1838 octets 461ATTRIBUTE Tmp-Octets-9 1839 octets 462 463ATTRIBUTE Tmp-Date-0 1840 date 464ATTRIBUTE Tmp-Date-1 1841 date 465ATTRIBUTE Tmp-Date-2 1842 date 466ATTRIBUTE Tmp-Date-3 1843 date 467ATTRIBUTE Tmp-Date-4 1844 date 468ATTRIBUTE Tmp-Date-5 1845 date 469ATTRIBUTE Tmp-Date-6 1846 date 470ATTRIBUTE Tmp-Date-7 1847 date 471ATTRIBUTE Tmp-Date-8 1848 date 472ATTRIBUTE Tmp-Date-9 1849 date 473 474ATTRIBUTE Tmp-Integer64-0 1871 integer64 475ATTRIBUTE Tmp-Integer64-1 1872 integer64 476ATTRIBUTE Tmp-Integer64-2 1873 integer64 477ATTRIBUTE Tmp-Integer64-3 1874 integer64 478ATTRIBUTE Tmp-Integer64-4 1875 integer64 479ATTRIBUTE Tmp-Integer64-5 1876 integer64 480ATTRIBUTE Tmp-Integer64-6 1877 integer64 481ATTRIBUTE Tmp-Integer64-7 1878 integer64 482ATTRIBUTE Tmp-Integer64-8 1879 integer64 483ATTRIBUTE Tmp-Integer64-9 1880 integer64 484# 485# These attributes shouldn't be used anywhere. They are defined here 486# only for casting of values in conditional expressions. 487# 488# The order and number need to be consistent with the typedefs used 489# in the server source. 490# 491ATTRIBUTE Tmp-Cast-String 1851 string 492ATTRIBUTE Tmp-Cast-Integer 1852 integer 493ATTRIBUTE Tmp-Cast-Ipaddr 1853 ipaddr 494ATTRIBUTE Tmp-Cast-Date 1854 date 495ATTRIBUTE Tmp-Cast-Abinary 1855 abinary 496ATTRIBUTE Tmp-Cast-Octets 1856 octets 497ATTRIBUTE Tmp-Cast-Ifid 1857 ifid 498ATTRIBUTE Tmp-Cast-IPv6Addr 1858 ipv6addr 499ATTRIBUTE Tmp-Cast-IPv6Prefix 1859 ipv6prefix 500ATTRIBUTE Tmp-Cast-Byte 1860 byte 501ATTRIBUTE Tmp-Cast-Short 1861 short 502ATTRIBUTE Tmp-Cast-Ethernet 1862 ether 503ATTRIBUTE Tmp-Cast-Signed 1863 signed 504# don't use or define these 505ATTRIBUTE Tmp-Cast-Integer64 1869 integer64 506ATTRIBUTE Tmp-Cast-IPv4Prefix 1870 ipv4prefix 507# don't use or define VSA or MAX 508 509# Range: 1900-1909 510# WiMAX server-side attributes. 511# 512# These are NOT sent in a packet, but are otherwise 513# available for testing and validation. The various 514# things that *are* sent in a packet are derived from 515# these attributes. 516# 517ATTRIBUTE WiMAX-MN-NAI 1900 string 518 519ATTRIBUTE TLS-Cert-Serial 1910 string 520ATTRIBUTE TLS-Cert-Expiration 1911 string 521ATTRIBUTE TLS-Cert-Issuer 1912 string 522ATTRIBUTE TLS-Cert-Subject 1913 string 523ATTRIBUTE TLS-Cert-Common-Name 1914 string 524ATTRIBUTE TLS-Cert-Subject-Alt-Name-Email 1915 string 525ATTRIBUTE TLS-Cert-Subject-Alt-Name-Dns 1916 string 526ATTRIBUTE TLS-Cert-Subject-Alt-Name-Upn 1917 string 527# 1918 - 1919: reserved for future cert attributes 528ATTRIBUTE TLS-Client-Cert-Serial 1920 string 529ATTRIBUTE TLS-Client-Cert-Expiration 1921 string 530ATTRIBUTE TLS-Client-Cert-Issuer 1922 string 531ATTRIBUTE TLS-Client-Cert-Subject 1923 string 532ATTRIBUTE TLS-Client-Cert-Common-Name 1924 string 533ATTRIBUTE TLS-Client-Cert-Filename 1925 string 534ATTRIBUTE TLS-Client-Cert-Subject-Alt-Name-Email 1926 string 535ATTRIBUTE TLS-Client-Cert-X509v3-Extended-Key-Usage 1927 string 536ATTRIBUTE TLS-Client-Cert-X509v3-Subject-Key-Identifier 1928 string 537ATTRIBUTE TLS-Client-Cert-X509v3-Authority-Key-Identifier 1929 string 538ATTRIBUTE TLS-Client-Cert-X509v3-Basic-Constraints 1930 string 539ATTRIBUTE TLS-Client-Cert-Subject-Alt-Name-Dns 1931 string 540ATTRIBUTE TLS-Client-Cert-Subject-Alt-Name-Upn 1932 string 541ATTRIBUTE TLS-PSK-Identity 1933 string 542 543# 1934 - 1939: reserved for future cert attributes 544 545# 546# Range: 1940-2099 547# Free 548# 549# Range: 2100-2199 550# SoH attributes; FIXME: these should really be protocol attributes 551# so that the SoH radius request can be proxied, but from which 552# vendor? Sigh... 553# 554ATTRIBUTE SoH-MS-Machine-OS-vendor 2100 integer 555VALUE SoH-MS-Machine-OS-vendor Microsoft 311 556 557ATTRIBUTE SoH-MS-Machine-OS-version 2101 integer 558ATTRIBUTE SoH-MS-Machine-OS-release 2102 integer 559ATTRIBUTE SoH-MS-Machine-OS-build 2103 integer 560ATTRIBUTE SoH-MS-Machine-SP-version 2104 integer 561ATTRIBUTE SoH-MS-Machine-SP-release 2105 integer 562 563ATTRIBUTE SoH-MS-Machine-Processor 2106 integer 564VALUE SoH-MS-Machine-Processor x86 0 565VALUE SoH-MS-Machine-Processor i64 6 566VALUE SoH-MS-Machine-Processor x86_64 9 567 568ATTRIBUTE SoH-MS-Machine-Name 2107 string 569ATTRIBUTE SoH-MS-Correlation-Id 2108 octets 570ATTRIBUTE SoH-MS-Machine-Role 2109 integer 571VALUE SoH-MS-Machine-Role client 1 572VALUE SoH-MS-Machine-Role dc 2 573VALUE SoH-MS-Machine-Role server 3 574 575ATTRIBUTE SoH-Supported 2119 integer 576VALUE SoH-Supported no 0 577VALUE SoH-Supported yes 1 578 579ATTRIBUTE SoH-MS-Windows-Health-Status 2120 string 580ATTRIBUTE SoH-MS-Health-Other 2129 string 581 582# 583# Range: 2200-2219 584# Utilities bundled with the server 585# 586ATTRIBUTE Radclient-Test-Name 2200 string 587 588# 589# Range: 2220-2999 590# Free 591# 592# Range: 3000-3999 593# Site-local attributes (see raddb/dictionary.in) 594# Do NOT define attributes in this range! 595# 596# Range: 4000-65535 597# Unused 598# 599# Range: 65536- 600# Invalid. Don't use. 601# 602 603# 604# Non-Protocol Integer Translations 605# 606 607VALUE Auth-Type Local 0 608VALUE Auth-Type System 1 609VALUE Auth-Type SecurID 2 610VALUE Auth-Type Crypt-Local 3 611VALUE Auth-Type Reject 4 612VALUE Auth-Type ActivCard 5 613VALUE Auth-Type EAP 6 614VALUE Auth-Type ARAP 7 615 616# 617# FreeRADIUS extensions (most originally from Cistron) 618# 619VALUE Auth-Type Accept 254 620 621VALUE Auth-Type PAP 1024 622VALUE Auth-Type CHAP 1025 623# 1026 was LDAP, but we deleted it. Adding it back will break the 624# ldap module. 625VALUE Auth-Type PAM 1027 626VALUE Auth-Type MS-CHAP 1028 627VALUE Auth-Type MSCHAP 1028 628VALUE Auth-Type Kerberos 1029 629VALUE Auth-Type CRAM 1030 630VALUE Auth-Type NS-MTA-MD5 1031 631# 1032 is unused (was a duplicate of CRAM) 632VALUE Auth-Type SMB 1033 633VALUE Auth-Type MS-CHAP-V2 1034 634 635# 636# Authorization type, too. 637# 638VALUE Autz-Type Local 0 639 640# 641# And accounting 642# 643VALUE Acct-Type Local 0 644 645# 646# And Session handling 647# 648VALUE Session-Type Local 0 649 650# 651# And Post-Auth 652VALUE Post-Auth-Type Local 0 653VALUE Post-Auth-Type Reject 1 654 655# 656# Experimental Non-Protocol Integer Translations for FreeRADIUS 657# 658VALUE Fall-Through No 0 659VALUE Fall-Through Yes 1 660 661VALUE Relax-Filter No 0 662VALUE Relax-Filter Yes 1 663 664VALUE Strip-User-Name No 0 665VALUE Strip-User-Name Yes 1 666 667VALUE Packet-Type Access-Request 1 668VALUE Packet-Type Access-Accept 2 669VALUE Packet-Type Access-Reject 3 670VALUE Packet-Type Accounting-Request 4 671VALUE Packet-Type Accounting-Response 5 672VALUE Packet-Type Accounting-Status 6 673VALUE Packet-Type Password-Request 7 674VALUE Packet-Type Password-Accept 8 675VALUE Packet-Type Password-Reject 9 676VALUE Packet-Type Accounting-Message 10 677VALUE Packet-Type Access-Challenge 11 678VALUE Packet-Type Status-Server 12 679VALUE Packet-Type Status-Client 13 680 681# 682# The following packet types are described in RFC 2882, 683# but they are NOT part of the RADIUS standard. Instead, 684# they are informational about vendor-specific extensions 685# to the RADIUS standard. 686# 687VALUE Packet-Type Resource-Free-Request 21 688VALUE Packet-Type Resource-Free-Response 22 689VALUE Packet-Type Resource-Query-Request 23 690VALUE Packet-Type Resource-Query-Response 24 691VALUE Packet-Type Alternate-Resource-Reclaim-Request 25 692VALUE Packet-Type NAS-Reboot-Request 26 693VALUE Packet-Type NAS-Reboot-Response 27 694VALUE Packet-Type Next-Passcode 29 695VALUE Packet-Type New-Pin 30 696VALUE Packet-Type Terminate-Session 31 697VALUE Packet-Type Password-Expired 32 698VALUE Packet-Type Event-Request 33 699VALUE Packet-Type Event-Response 34 700 701# RFC 3576 allocates packet types 40-45 702 703VALUE Packet-Type Disconnect-Request 40 704VALUE Packet-Type Disconnect-ACK 41 705VALUE Packet-Type Disconnect-NAK 42 706VALUE Packet-Type CoA-Request 43 707VALUE Packet-Type CoA-ACK 44 708VALUE Packet-Type CoA-NAK 45 709 710VALUE Packet-Type IP-Address-Allocate 50 711VALUE Packet-Type IP-Address-Release 51 712 713VALUE Response-Packet-Type Access-Request 1 714VALUE Response-Packet-Type Access-Accept 2 715VALUE Response-Packet-Type Access-Reject 3 716VALUE Response-Packet-Type Accounting-Request 4 717VALUE Response-Packet-Type Accounting-Response 5 718VALUE Response-Packet-Type Accounting-Status 6 719VALUE Response-Packet-Type Password-Request 7 720VALUE Response-Packet-Type Password-Accept 8 721VALUE Response-Packet-Type Password-Reject 9 722VALUE Response-Packet-Type Accounting-Message 10 723VALUE Response-Packet-Type Access-Challenge 11 724VALUE Response-Packet-Type Status-Server 12 725VALUE Response-Packet-Type Status-Client 13 726 727VALUE Response-Packet-Type Disconnect-Request 40 728VALUE Response-Packet-Type Disconnect-ACK 41 729VALUE Response-Packet-Type Disconnect-NAK 42 730VALUE Response-Packet-Type CoA-Request 43 731VALUE Response-Packet-Type CoA-ACK 44 732VALUE Response-Packet-Type CoA-NAK 45 733# 734# Special value 735# 736VALUE Response-Packet-Type Do-Not-Respond 256 737 738# 739# EAP Sub-types, inside of Request and Response packets 740# 741# http://www.iana.org/assignments/ppp-numbers 742# "PPP EAP REQUEST/RESPONSE TYPES" 743# 744# 745# See dictionary.microsoft, MS-Acct-EAP-Type for similar definitions 746# 747VALUE EAP-Type None 0 748VALUE EAP-Type Identity 1 749VALUE EAP-Type Notification 2 750VALUE EAP-Type NAK 3 751VALUE EAP-Type MD5-Challenge 4 752VALUE EAP-Type MD5 4 753VALUE EAP-Type One-Time-Password 5 754VALUE EAP-Type OTP 5 755VALUE EAP-Type Generic-Token-Card 6 756VALUE EAP-Type GTC 6 757VALUE EAP-Type RSA-Public-Key 9 758VALUE EAP-Type DSS-Unilateral 10 759VALUE EAP-Type KEA 11 760VALUE EAP-Type KEA-Validate 12 761VALUE EAP-Type TLS 13 762VALUE EAP-Type Defender-Token 14 763VALUE EAP-Type RSA-SecurID-EAP 15 764VALUE EAP-Type Arcot-Systems-EAP 16 765VALUE EAP-Type Cisco-LEAP 17 766VALUE EAP-Type LEAP 17 767VALUE EAP-Type Nokia-IP-Smart-Card 18 768VALUE EAP-Type SIM 18 769VALUE EAP-Type SRP-SHA1 19 770# 20 is unassigned 771VALUE EAP-Type TTLS 21 772VALUE EAP-Type Remote-Access-Service 22 773VALUE EAP-Type AKA 23 774VALUE EAP-Type 3Com-Wireless 24 775VALUE EAP-Type PEAP 25 776VALUE EAP-Type Microsoft-MS-CHAPv2 26 777VALUE EAP-Type MAKE 27 778VALUE EAP-Type CRYPTOCard 28 779VALUE EAP-Type Cisco-MS-CHAPv2 29 780VALUE EAP-Type DynamID 30 781VALUE EAP-Type Rob-EAP 31 782VALUE EAP-Type SecurID-EAP 32 783VALUE EAP-Type MS-Authentication-TLV 33 784VALUE EAP-Type SentriNET 34 785VALUE EAP-Type Actiontec-Wireless 35 786VALUE EAP-Type Cogent-Biomentric-EAP 36 787VALUE EAP-Type AirFortress-EAP 37 788VALUE EAP-Type HTTP-Digest 38 789VALUE EAP-Type TNC 38 790VALUE EAP-Type SecuriSuite-EAP 39 791VALUE EAP-Type DeviceConnect-EAP 40 792VALUE EAP-Type SPEKE 41 793VALUE EAP-Type MOBAC 42 794VALUE EAP-Type FAST 43 795VALUE EAP-Type Zonelabs 44 796VALUE EAP-Type Link 45 797VALUE EAP-Type PAX 46 798VALUE EAP-Type PSK 47 799VALUE EAP-Type SAKE 48 800VALUE EAP-Type IKEv2 49 801VALUE EAP-Type AKA2 50 802VALUE EAP-Type GPSK 51 803VALUE EAP-Type PWD 52 804VALUE EAP-Type EVEv1 53 805 806# 807# And this is what most people mean by MS-CHAPv2 808# 809VALUE EAP-Type MSCHAPv2 26 810 811# 812# This says TLS, but it's only valid for TTLS & PEAP. 813# EAP-TLS *always* requires a client certificate. 814# 815VALUE EAP-TLS-Require-Client-Cert No 0 816VALUE EAP-TLS-Require-Client-Cert Yes 1 817 818# 819# These are the EAP-Code values. 820# 821VALUE EAP-Code Request 1 822VALUE EAP-Code Response 2 823VALUE EAP-Code Success 3 824VALUE EAP-Code Failure 4 825 826# 827# For MS-CHAP, do we run ntlm_auth, or not. 828# 829VALUE MS-CHAP-Use-NTLM-Auth No 0 830VALUE MS-CHAP-Use-NTLM-Auth Yes 1 831