3
# Non Protocol Attributes used by FreeRADIUS
5
# $Id: dictionary.freeradius.internal,v 1.6.2.5 2006/03/07 18:10:09 aland Exp $
8
# The attributes number ranges are allocates as follows:
11
# server-side attributes which can go in a reply list
13
# These attributes CAN go in the reply item list.
14
ATTRIBUTE Fall-Through 500 integer
15
ATTRIBUTE Exec-Program 502 string
16
ATTRIBUTE Exec-Program-Wait 503 string
18
# These attributes CANNOT go in the reply item list.
22
# Attributes which cannot go in a reply list.
26
# Miscellaneous server attributes.
29
# Non-Protocol Attributes
30
# These attributes are used internally by the server
32
ATTRIBUTE Auth-Type 1000 integer
33
ATTRIBUTE Menu 1001 string
34
ATTRIBUTE Termination-Menu 1002 string
35
ATTRIBUTE Prefix 1003 string
36
ATTRIBUTE Suffix 1004 string
37
ATTRIBUTE Group 1005 string
38
ATTRIBUTE Crypt-Password 1006 string
39
ATTRIBUTE Connect-Rate 1007 integer
40
ATTRIBUTE Add-Prefix 1008 string
41
ATTRIBUTE Add-Suffix 1009 string
42
ATTRIBUTE Expiration 1010 date
43
ATTRIBUTE Autz-Type 1011 integer
44
ATTRIBUTE Acct-Type 1012 integer
45
ATTRIBUTE Session-Type 1013 integer
46
ATTRIBUTE Post-Auth-Type 1014 integer
47
ATTRIBUTE Pre-Proxy-Type 1015 integer
48
ATTRIBUTE Post-Proxy-Type 1016 integer
49
ATTRIBUTE Pre-Acct-Type 1017 integer
52
# This is the EAP type of authentication, which is set
53
# by the EAP module, for informational purposes only.
55
ATTRIBUTE EAP-Type 1018 integer
56
ATTRIBUTE EAP-TLS-Require-Client-Cert 1019 integer
57
ATTRIBUTE EAP-Id 1020 integer
58
ATTRIBUTE EAP-Code 1021 integer
59
ATTRIBUTE EAP-MD5-Password 1022 string
60
ATTRIBUTE PEAP-Version 1023 integer
66
ATTRIBUTE User-Category 1029 string
67
ATTRIBUTE Group-Name 1030 string
68
ATTRIBUTE Huntgroup-Name 1031 string
69
ATTRIBUTE Simultaneous-Use 1034 integer
70
ATTRIBUTE Strip-User-Name 1035 integer
71
ATTRIBUTE Hint 1040 string
72
ATTRIBUTE Pam-Auth 1041 string
73
ATTRIBUTE Login-Time 1042 string
74
ATTRIBUTE Stripped-User-Name 1043 string
75
ATTRIBUTE Current-Time 1044 string
76
ATTRIBUTE Realm 1045 string
77
ATTRIBUTE No-Such-Attribute 1046 string
78
ATTRIBUTE Packet-Type 1047 integer
79
ATTRIBUTE Proxy-To-Realm 1048 string
80
ATTRIBUTE Replicate-To-Realm 1049 string
81
ATTRIBUTE Acct-Session-Start-Time 1050 date
82
ATTRIBUTE Acct-Unique-Session-Id 1051 string
83
ATTRIBUTE Client-IP-Address 1052 ipaddr
84
ATTRIBUTE Ldap-UserDn 1053 string
85
ATTRIBUTE NS-MTA-MD5-Password 1054 string
86
ATTRIBUTE SQL-User-Name 1055 string
87
ATTRIBUTE LM-Password 1057 octets
88
ATTRIBUTE NT-Password 1058 octets
89
ATTRIBUTE SMB-Account-CTRL 1059 integer
90
ATTRIBUTE SMB-Account-CTRL-TEXT 1061 string
91
ATTRIBUTE User-Profile 1062 string
92
ATTRIBUTE Digest-Realm 1063 string
93
ATTRIBUTE Digest-Nonce 1064 string
94
ATTRIBUTE Digest-Method 1065 string
95
ATTRIBUTE Digest-URI 1066 string
96
ATTRIBUTE Digest-QOP 1067 string
97
ATTRIBUTE Digest-Algorithm 1068 string
98
ATTRIBUTE Digest-Body-Digest 1069 string
99
ATTRIBUTE Digest-CNonce 1070 string
100
ATTRIBUTE Digest-Nonce-Count 1071 string
101
ATTRIBUTE Digest-User-Name 1072 string
102
ATTRIBUTE Pool-Name 1073 string
103
ATTRIBUTE Ldap-Group 1074 string
104
ATTRIBUTE Module-Success-Message 1075 string
105
ATTRIBUTE Module-Failure-Message 1076 string
106
# X99-Fast 1077 integer
107
ATTRIBUTE Rewrite-Rule 1078 string
108
ATTRIBUTE Sql-Group 1079 string
109
ATTRIBUTE Response-Packet-Type 1080 integer
110
ATTRIBUTE Digest-HA1 1081 string
111
ATTRIBUTE MS-CHAP-Use-NTLM-Auth 1082 integer
112
ATTRIBUTE NTLM-User-Name 1083 string
113
ATTRIBUTE Packet-Src-IP-Address 1084 ipaddr
114
ATTRIBUTE Packet-Dst-IP-Address 1085 ipaddr
115
ATTRIBUTE Packet-Src-Port 1086 integer
116
ATTRIBUTE Packet-Dst-Port 1087 integer
117
ATTRIBUTE Packet-Authentication-Vector 1088 octets
118
ATTRIBUTE Time-Of-Day 1089 string
119
ATTRIBUTE Request-Processing-Stage 1090 string
120
ATTRIBUTE Cache-No-Caching 1091 string
121
ATTRIBUTE Cache-Delete-Cache 1092 string
122
ATTRIBUTE SHA-Password 1093 octets
123
ATTRIBUTE SSHA-Password 1094 octets
124
ATTRIBUTE MD5-Password 1095 octets
125
ATTRIBUTE SMD5-Password 1096 octets
126
ATTRIBUTE Packet-Src-IPv6-Address 1097 ipv6addr
127
ATTRIBUTE Packet-Dst-IPv6-Address 1098 ipv6addr
128
ATTRIBUTE Server-Identity 1099 string
132
# EAP-SIM (and other EAP type) weirdness.
134
# For EAP-SIM, some attribute definitions for database interface
136
ATTRIBUTE EAP-Sim-Subtype 1200 integer
138
ATTRIBUTE EAP-Sim-Rand1 1201 octets
139
ATTRIBUTE EAP-Sim-Rand2 1202 octets
140
ATTRIBUTE EAP-Sim-Rand3 1203 octets
142
ATTRIBUTE EAP-Sim-SRES1 1204 octets
143
ATTRIBUTE EAP-Sim-SRES2 1205 octets
144
ATTRIBUTE EAP-Sim-SRES3 1206 octets
146
VALUE EAP-Sim-Subtype Start 10
147
VALUE EAP-Sim-Subtype Challenge 11
148
VALUE EAP-Sim-Subtype Notification 12
149
VALUE EAP-Sim-Subtype Re-authentication 13
151
# this attribute is used internally by the client code.
152
ATTRIBUTE EAP-Sim-State 1207 integer
154
ATTRIBUTE EAP-Sim-IMSI 1208 string
155
ATTRIBUTE EAP-Sim-HMAC 1209 string
156
ATTRIBUTE EAP-Sim-KEY 1210 octets
157
ATTRIBUTE EAP-Sim-EXTRA 1211 octets
159
ATTRIBUTE EAP-Sim-KC1 1212 octets
160
ATTRIBUTE EAP-Sim-KC2 1213 octets
161
ATTRIBUTE EAP-Sim-KC3 1214 octets
165
# EAP-type specific attributes
168
# these are PW_EAP_X + 1280
169
ATTRIBUTE EAP-Type-Identity 1281 string
170
ATTRIBUTE EAP-Type-Notification 1282 string
171
ATTRIBUTE EAP-Type-NAK 1283 string
172
ATTRIBUTE EAP-Type-MD5 1284 octets
173
ATTRIBUTE EAP-Type-OTP 1285 string
174
ATTRIBUTE EAP-Type-GTC 1286 string
175
ATTRIBUTE EAP-Type-TLS 1297 octets
176
ATTRIBUTE EAP-Type-SIM 1298 octets
177
ATTRIBUTE EAP-Type-LEAP 1301 octets
178
ATTRIBUTE EAP-Type-SIM2 1302 octets
179
ATTRIBUTE EAP-Type-TTLS 1305 octets
180
ATTRIBUTE EAP-Type-PEAP 1309 octets
187
# these are PW_EAP_SIM_X + 1536
188
ATTRIBUTE EAP-Sim-RAND 1537 octets
189
ATTRIBUTE EAP-Sim-PADDING 1542 octets
190
ATTRIBUTE EAP-Sim-NONCE_MT 1543 octets
191
ATTRIBUTE EAP-Sim-PERMANENT_ID_REQ 1546 octets
192
ATTRIBUTE EAP-Sim-MAC 1547 octets
193
ATTRIBUTE EAP-Sim-NOTIFICATION 1548 octets
194
ATTRIBUTE EAP-Sim-ANY_ID_REQ 1549 octets
195
ATTRIBUTE EAP-Sim-IDENTITY 1550 octets
196
ATTRIBUTE EAP-Sim-VERSION_LIST 1551 octets
197
ATTRIBUTE EAP-Sim-SELECTED_VERSION 1552 octets
198
ATTRIBUTE EAP-Sim-FULLAUTH_ID_REQ 1553 octets
199
ATTRIBUTE EAP-Sim-COUNTER 1555 octets
200
ATTRIBUTE EAP-Sim-COUNTER_TOO_SMALL 1556 octets
201
ATTRIBUTE EAP-Sim-NONCE_S 1557 octets
202
ATTRIBUTE EAP-Sim-IV 1665 octets
203
ATTRIBUTE EAP-Sim-ENCR_DATA 1666 octets
204
ATTRIBUTE EAP-Sim-NEXT_PSEUDONUM 1668 octets
205
ATTRIBUTE EAP-Sim-NEXT_REAUTH_ID 1669 octets
206
ATTRIBUTE EAP-Sim-CHECKCODE 1670 octets
210
# Temporary attributes, for local storage.
212
ATTRIBUTE Tmp-String-0 1800 string
213
ATTRIBUTE Tmp-String-1 1801 string
214
ATTRIBUTE Tmp-String-2 1802 string
215
ATTRIBUTE Tmp-String-3 1803 string
216
ATTRIBUTE Tmp-String-4 1804 string
217
ATTRIBUTE Tmp-String-5 1805 string
218
ATTRIBUTE Tmp-String-6 1806 string
219
ATTRIBUTE Tmp-String-7 1807 string
220
ATTRIBUTE Tmp-String-8 1808 string
221
ATTRIBUTE Tmp-String-9 1809 string
223
ATTRIBUTE Tmp-Integer-0 1810 integer
224
ATTRIBUTE Tmp-Integer-1 1811 integer
225
ATTRIBUTE Tmp-Integer-2 1812 integer
226
ATTRIBUTE Tmp-Integer-3 1813 integer
227
ATTRIBUTE Tmp-Integer-4 1814 integer
228
ATTRIBUTE Tmp-Integer-5 1815 integer
229
ATTRIBUTE Tmp-Integer-6 1816 integer
230
ATTRIBUTE Tmp-Integer-7 1817 integer
231
ATTRIBUTE Tmp-Integer-8 1818 integer
232
ATTRIBUTE Tmp-Integer-9 1819 integer
234
ATTRIBUTE Tmp-IP-Address-0 1820 ipaddr
235
ATTRIBUTE Tmp-IP-Address-1 1821 ipaddr
236
ATTRIBUTE Tmp-IP-Address-2 1822 ipaddr
237
ATTRIBUTE Tmp-IP-Address-3 1823 ipaddr
238
ATTRIBUTE Tmp-IP-Address-4 1824 ipaddr
239
ATTRIBUTE Tmp-IP-Address-5 1825 ipaddr
240
ATTRIBUTE Tmp-IP-Address-6 1826 ipaddr
241
ATTRIBUTE Tmp-IP-Address-7 1827 ipaddr
242
ATTRIBUTE Tmp-IP-Address-8 1828 ipaddr
243
ATTRIBUTE Tmp-IP-Address-9 1829 ipaddr
250
# Site-local attributes (see raddb/dictionary.in)
251
# Do NOT define attributes in this range!
257
# Invalid. Don't use.
261
# Non-Protocol Integer Translations
264
VALUE Auth-Type Local 0
265
VALUE Auth-Type System 1
266
VALUE Auth-Type SecurID 2
267
VALUE Auth-Type Crypt-Local 3
268
VALUE Auth-Type Reject 4
269
VALUE Auth-Type ActivCard 5
270
VALUE Auth-Type EAP 6
271
VALUE Auth-Type ARAP 7
274
# FreeRADIUS extensions (most originally from Cistron)
276
VALUE Auth-Type Accept 254
278
VALUE Auth-Type PAP 1024
279
VALUE Auth-Type CHAP 1025
280
# 1026 was LDAP, but we deleted it. Adding it back will break the
282
VALUE Auth-Type PAM 1027
283
VALUE Auth-Type MS-CHAP 1028
284
VALUE Auth-Type Kerberos 1029
285
VALUE Auth-Type CRAM 1030
286
VALUE Auth-Type NS-MTA-MD5 1031
287
# 1032 is unused (was a duplicate of CRAM)
288
VALUE Auth-Type SMB 1033
291
# Authorization type, too.
293
VALUE Autz-Type Local 0
298
VALUE Acct-Type Local 0
301
# And Session handling
303
VALUE Session-Type Local 0
307
VALUE Post-Auth-Type Local 0
310
# Experimental Non-Protocol Integer Translations for FreeRADIUS
312
VALUE Fall-Through No 0
313
VALUE Fall-Through Yes 1
315
#VALUE Strip-User-Name No 0
316
#VALUE Strip-User-Name Yes 1
318
VALUE Packet-Type Access-Request 1
319
VALUE Packet-Type Access-Accept 2
320
VALUE Packet-Type Access-Reject 3
321
VALUE Packet-Type Accounting-Request 4
322
VALUE Packet-Type Accounting-Response 5
323
VALUE Packet-Type Accounting-Status 6
324
VALUE Packet-Type Password-Request 7
325
VALUE Packet-Type Password-Accept 8
326
VALUE Packet-Type Password-Reject 9
327
VALUE Packet-Type Accounting-Message 10
328
VALUE Packet-Type Access-Challenge 11
329
VALUE Packet-Type Status-Server 12
330
VALUE Packet-Type Status-Client 13
333
# The following packet types are described in RFC 2882,
334
# but they are NOT part of the RADIUS standard. Instead,
335
# they are informational about vendor-specific extensions
336
# to the RADIUS standard.
338
VALUE Packet-Type Resource-Free-Request 21
339
VALUE Packet-Type Resource-Free-Response 22
340
VALUE Packet-Type Resource-Query-Request 23
341
VALUE Packet-Type Resource-Query-Response 24
342
VALUE Packet-Type Alternate-Resource-Reclaim-Request 25
343
VALUE Packet-Type NAS-Reboot-Request 26
344
VALUE Packet-Type NAS-Reboot-Response 27
345
VALUE Packet-Type Next-Passcode 29
346
VALUE Packet-Type New-Pin 30
347
VALUE Packet-Type Terminate-Session 31
348
VALUE Packet-Type Password-Expired 32
349
VALUE Packet-Type Event-Request 33
350
VALUE Packet-Type Event-Response 34
351
VALUE Packet-Type Disconnect-Request 40
352
VALUE Packet-Type Disconnect-ACK 41
353
VALUE Packet-Type Disconnect-NAK 42
355
# Old names, if no one uses them, they should be deleted.
356
VALUE Packet-Type CoF-Request 43
357
VALUE Packet-Type CoF-ACK 44
358
VALUE Packet-Type CoF-NAK 45
360
VALUE Packet-Type CoA-Request 43
361
VALUE Packet-Type CoA-ACK 44
362
VALUE Packet-Type CoA-NAK 45
363
VALUE Packet-Type IP-Address-Allocate 50
364
VALUE Packet-Type IP-Address-Release 51
366
VALUE Response-Packet-Type Access-Request 1
367
VALUE Response-Packet-Type Access-Accept 2
368
VALUE Response-Packet-Type Access-Reject 3
369
VALUE Response-Packet-Type Accounting-Request 4
370
VALUE Response-Packet-Type Accounting-Response 5
371
VALUE Response-Packet-Type Accounting-Status 6
372
VALUE Response-Packet-Type Password-Request 7
373
VALUE Response-Packet-Type Password-Accept 8
374
VALUE Response-Packet-Type Password-Reject 9
375
VALUE Response-Packet-Type Accounting-Message 10
376
VALUE Response-Packet-Type Access-Challenge 11
377
VALUE Response-Packet-Type Status-Server 12
378
VALUE Response-Packet-Type Status-Client 13
381
# EAP Sub-types, inside of Request and Response packets
383
# http://www.iana.org/assignments/ppp-numbers
384
# "PPP EAP REQUEST/RESPONSE TYPES"
387
# See dictionary.microsoft, MS-Acct-EAP-Type for similar definitions
389
VALUE EAP-Type None 0
390
VALUE EAP-Type Identity 1
391
VALUE EAP-Type Notification 2
393
VALUE EAP-Type MD5-Challenge 4
394
VALUE EAP-Type One-Time-Password 5
395
VALUE EAP-Type Generic-Token-Card 6
396
VALUE EAP-Type RSA-Public-Key 9
397
VALUE EAP-Type DSS-Unilateral 10
398
VALUE EAP-Type KEA 11
399
VALUE EAP-Type KEA-Validate 12
400
VALUE EAP-Type EAP-TLS 13
401
VALUE EAP-Type Defender-Token 14
402
VALUE EAP-Type RSA-SecurID-EAP 15
403
VALUE EAP-Type Arcot-Systems-EAP 16
404
VALUE EAP-Type Cisco-LEAP 17
405
VALUE EAP-Type Nokia-IP-Smart-Card 18
406
VALUE EAP-Type SIM 18
407
VALUE EAP-Type SRP-SHA1-Part-1 19
408
VALUE EAP-Type SRP-SHA1-Part-2 20
409
VALUE EAP-Type EAP-TTLS 21
410
VALUE EAP-Type Remote-Access-Service 22
411
VALUE EAP-Type UMTS 23
412
VALUE EAP-Type EAP-3Com-Wireless 24
413
VALUE EAP-Type PEAP 25
414
VALUE EAP-Type MS-EAP-Authentication 26
415
VALUE EAP-Type MAKE 27
416
VALUE EAP-Type CRYPTOCard 28
417
VALUE EAP-Type EAP-MSCHAP-V2 29
418
VALUE EAP-Type DynamID 30
419
VALUE EAP-Type Rob-EAP 31
420
VALUE EAP-Type SecurID-EAP 32
421
VALUE EAP-Type MS-Authentication-TLV 33
422
VALUE EAP-Type SentriNET 34
423
VALUE EAP-Type EAP-Actiontec-Wireless 35
424
VALUE EAP-Type Cogent-Biomentric-EAP 36
425
VALUE EAP-Type AirFortress-EAP 37
426
VALUE EAP-Type EAP-HTTP-Digest 38
427
VALUE EAP-Type SecuriSuite-EAP 39
428
VALUE EAP-Type DeviceConnect-EAP 40
429
VALUE EAP-Type EAP-SPEKE 41
430
VALUE EAP-Type EAP-MOBAC 42
433
# These are duplicate values, to get around the problem of
434
# having two MS-CHAPv2 EAP types.
436
VALUE EAP-Type Microsoft-MS-CHAPv2 26
437
VALUE EAP-Type Cisco-MS-CHAPv2 29
440
# And this is what most people mean by MS-CHAPv2
442
VALUE EAP-Type MS-CHAP-V2 26
445
# This says TLS, but it's only valid for TTLS & PEAP.
446
# EAP-TLS *always* requires a client certificate.
448
VALUE EAP-TLS-Require-Client-Cert No 0
449
VALUE EAP-TLS-Require-Client-Cert Yes 1
452
# These are the EAP-Code values.
454
VALUE EAP-Code Request 1
455
VALUE EAP-Code Response 2
456
VALUE EAP-Code Success 3
457
VALUE EAP-Code Failure 4
460
# For MS-CHAP, do we run ntlm_auth, or not.
462
VALUE MS-CHAP-Use-NTLM-Auth No 0
463
VALUE MS-CHAP-Use-NTLM-Auth Yes 1