rubius 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/Gemfile +13 -0
- data/LICENSE.txt +20 -0
- data/README.rdoc +19 -0
- data/Rakefile +53 -0
- data/VERSION +1 -0
- data/lib/generators/rubius/install_generator.rb +11 -0
- data/lib/generators/rubius/templates/radius-dictionary +892 -0
- data/lib/generators/rubius/templates/rubius.yml +13 -0
- data/lib/generators/rubius/templates/rubius_initializer.rb +2 -0
- data/lib/rubius.rb +6 -0
- data/lib/rubius/authenticator.rb +107 -0
- data/lib/rubius/dictionary.rb +57 -0
- data/lib/rubius/packet.rb +154 -0
- data/lib/rubius/rails.rb +18 -0
- data/lib/rubius/string.rb +14 -0
- data/test/helper.rb +18 -0
- data/test/test_rubius.rb +7 -0
- metadata +120 -0
data/Gemfile
ADDED
@@ -0,0 +1,13 @@
|
|
1
|
+
source "http://rubygems.org"
|
2
|
+
# Add dependencies required to use your gem here.
|
3
|
+
# Example:
|
4
|
+
# gem "activesupport", ">= 2.3.5"
|
5
|
+
|
6
|
+
# Add dependencies to develop your gem here.
|
7
|
+
# Include everything needed to run rake, tests, features, etc.
|
8
|
+
group :development do
|
9
|
+
gem "shoulda", ">= 0"
|
10
|
+
gem "bundler", "~> 1.0.0"
|
11
|
+
gem "jeweler", "~> 1.5.2"
|
12
|
+
gem "rcov", ">= 0"
|
13
|
+
end
|
data/LICENSE.txt
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright (c) 2011 Ralph Rooding
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.rdoc
ADDED
@@ -0,0 +1,19 @@
|
|
1
|
+
= rubius
|
2
|
+
|
3
|
+
A simply ruby RADIUS authentication gem
|
4
|
+
|
5
|
+
== Contributing to rubius
|
6
|
+
|
7
|
+
* Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet
|
8
|
+
* Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it
|
9
|
+
* Fork the project
|
10
|
+
* Start a feature/bugfix branch
|
11
|
+
* Commit and push until you are happy with your contribution
|
12
|
+
* Make sure to add tests for it. This is important so I don't break it in a future version unintentionally.
|
13
|
+
* Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.
|
14
|
+
|
15
|
+
== Copyright
|
16
|
+
|
17
|
+
Copyright (c) 2011 Ralph Rooding. See LICENSE.txt for
|
18
|
+
further details.
|
19
|
+
|
data/Rakefile
ADDED
@@ -0,0 +1,53 @@
|
|
1
|
+
require 'rubygems'
|
2
|
+
require 'bundler'
|
3
|
+
begin
|
4
|
+
Bundler.setup(:default, :development)
|
5
|
+
rescue Bundler::BundlerError => e
|
6
|
+
$stderr.puts e.message
|
7
|
+
$stderr.puts "Run `bundle install` to install missing gems"
|
8
|
+
exit e.status_code
|
9
|
+
end
|
10
|
+
require 'rake'
|
11
|
+
|
12
|
+
require 'jeweler'
|
13
|
+
Jeweler::Tasks.new do |gem|
|
14
|
+
# gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
|
15
|
+
gem.name = "rubius"
|
16
|
+
gem.homepage = "http://github.com/rahvin/rubius"
|
17
|
+
gem.license = "MIT"
|
18
|
+
gem.summary = %Q{A simply ruby RADIUS authentication gem}
|
19
|
+
gem.description = %Q{A simply ruby RADIUS authentication gem}
|
20
|
+
gem.email = "ralph@izerion.com"
|
21
|
+
gem.authors = ["Ralph Rooding"]
|
22
|
+
# Include your dependencies below. Runtime dependencies are required when using your gem,
|
23
|
+
# and development dependencies are only needed for development (ie running rake tasks, tests, etc)
|
24
|
+
# gem.add_runtime_dependency 'jabber4r', '> 0.1'
|
25
|
+
# gem.add_development_dependency 'rspec', '> 1.2.3'
|
26
|
+
end
|
27
|
+
Jeweler::RubygemsDotOrgTasks.new
|
28
|
+
|
29
|
+
require 'rake/testtask'
|
30
|
+
Rake::TestTask.new(:test) do |test|
|
31
|
+
test.libs << 'lib' << 'test'
|
32
|
+
test.pattern = 'test/**/test_*.rb'
|
33
|
+
test.verbose = true
|
34
|
+
end
|
35
|
+
|
36
|
+
require 'rcov/rcovtask'
|
37
|
+
Rcov::RcovTask.new do |test|
|
38
|
+
test.libs << 'test'
|
39
|
+
test.pattern = 'test/**/test_*.rb'
|
40
|
+
test.verbose = true
|
41
|
+
end
|
42
|
+
|
43
|
+
task :default => :test
|
44
|
+
|
45
|
+
require 'rake/rdoctask'
|
46
|
+
Rake::RDocTask.new do |rdoc|
|
47
|
+
version = File.exist?('VERSION') ? File.read('VERSION') : ""
|
48
|
+
|
49
|
+
rdoc.rdoc_dir = 'rdoc'
|
50
|
+
rdoc.title = "rubius #{version}"
|
51
|
+
rdoc.rdoc_files.include('README*')
|
52
|
+
rdoc.rdoc_files.include('lib/**/*.rb')
|
53
|
+
end
|
data/VERSION
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
0.0.1
|
@@ -0,0 +1,11 @@
|
|
1
|
+
module Rubius
|
2
|
+
class InstallGenerator < ::Rails::Generators::Base
|
3
|
+
source_root File.join(File.dirname(__FILE__), 'templates')
|
4
|
+
|
5
|
+
def generate_install
|
6
|
+
copy_file "rubius.yml", "config/rubius.yml"
|
7
|
+
copy_file "rubius_initializer.rb", "config/initializers/rubius.rb"
|
8
|
+
copy_file "radius-dictionary", "config/radius-dictionary"
|
9
|
+
end
|
10
|
+
end
|
11
|
+
end
|
@@ -0,0 +1,892 @@
|
|
1
|
+
# -*- text -*-
|
2
|
+
#
|
3
|
+
# Attributes and values defined in RFC 2865.
|
4
|
+
# http://www.ietf.org/rfc/rfc2865.txt
|
5
|
+
#
|
6
|
+
# $Id$
|
7
|
+
#
|
8
|
+
ATTRIBUTE User-Name 1 string
|
9
|
+
ATTRIBUTE User-Password 2 string encrypt=1
|
10
|
+
ATTRIBUTE CHAP-Password 3 octets
|
11
|
+
ATTRIBUTE NAS-IP-Address 4 ipaddr
|
12
|
+
ATTRIBUTE NAS-Port 5 integer
|
13
|
+
ATTRIBUTE Service-Type 6 integer
|
14
|
+
ATTRIBUTE Framed-Protocol 7 integer
|
15
|
+
ATTRIBUTE Framed-IP-Address 8 ipaddr
|
16
|
+
ATTRIBUTE Framed-IP-Netmask 9 ipaddr
|
17
|
+
ATTRIBUTE Framed-Routing 10 integer
|
18
|
+
ATTRIBUTE Filter-Id 11 string
|
19
|
+
ATTRIBUTE Framed-MTU 12 integer
|
20
|
+
ATTRIBUTE Framed-Compression 13 integer
|
21
|
+
ATTRIBUTE Login-IP-Host 14 ipaddr
|
22
|
+
ATTRIBUTE Login-Service 15 integer
|
23
|
+
ATTRIBUTE Login-TCP-Port 16 integer
|
24
|
+
# Attribute 17 is undefined
|
25
|
+
ATTRIBUTE Reply-Message 18 string
|
26
|
+
ATTRIBUTE Callback-Number 19 string
|
27
|
+
ATTRIBUTE Callback-Id 20 string
|
28
|
+
# Attribute 21 is undefined
|
29
|
+
ATTRIBUTE Framed-Route 22 string
|
30
|
+
ATTRIBUTE Framed-IPX-Network 23 ipaddr
|
31
|
+
ATTRIBUTE State 24 octets
|
32
|
+
ATTRIBUTE Class 25 octets
|
33
|
+
ATTRIBUTE Vendor-Specific 26 octets
|
34
|
+
ATTRIBUTE Session-Timeout 27 integer
|
35
|
+
ATTRIBUTE Idle-Timeout 28 integer
|
36
|
+
ATTRIBUTE Termination-Action 29 integer
|
37
|
+
ATTRIBUTE Called-Station-Id 30 string
|
38
|
+
ATTRIBUTE Calling-Station-Id 31 string
|
39
|
+
ATTRIBUTE NAS-Identifier 32 string
|
40
|
+
ATTRIBUTE Proxy-State 33 octets
|
41
|
+
ATTRIBUTE Login-LAT-Service 34 string
|
42
|
+
ATTRIBUTE Login-LAT-Node 35 string
|
43
|
+
ATTRIBUTE Login-LAT-Group 36 octets
|
44
|
+
ATTRIBUTE Framed-AppleTalk-Link 37 integer
|
45
|
+
ATTRIBUTE Framed-AppleTalk-Network 38 integer
|
46
|
+
ATTRIBUTE Framed-AppleTalk-Zone 39 string
|
47
|
+
|
48
|
+
ATTRIBUTE CHAP-Challenge 60 octets
|
49
|
+
ATTRIBUTE NAS-Port-Type 61 integer
|
50
|
+
ATTRIBUTE Port-Limit 62 integer
|
51
|
+
ATTRIBUTE Login-LAT-Port 63 integer
|
52
|
+
|
53
|
+
#
|
54
|
+
# Integer Translations
|
55
|
+
#
|
56
|
+
|
57
|
+
# Service types
|
58
|
+
|
59
|
+
VALUE Service-Type Login-User 1
|
60
|
+
VALUE Service-Type Framed-User 2
|
61
|
+
VALUE Service-Type Callback-Login-User 3
|
62
|
+
VALUE Service-Type Callback-Framed-User 4
|
63
|
+
VALUE Service-Type Outbound-User 5
|
64
|
+
VALUE Service-Type Administrative-User 6
|
65
|
+
VALUE Service-Type NAS-Prompt-User 7
|
66
|
+
VALUE Service-Type Authenticate-Only 8
|
67
|
+
VALUE Service-Type Callback-NAS-Prompt 9
|
68
|
+
VALUE Service-Type Call-Check 10
|
69
|
+
VALUE Service-Type Callback-Administrative 11
|
70
|
+
|
71
|
+
# Framed Protocols
|
72
|
+
|
73
|
+
VALUE Framed-Protocol PPP 1
|
74
|
+
VALUE Framed-Protocol SLIP 2
|
75
|
+
VALUE Framed-Protocol ARAP 3
|
76
|
+
VALUE Framed-Protocol Gandalf-SLML 4
|
77
|
+
VALUE Framed-Protocol Xylogics-IPX-SLIP 5
|
78
|
+
VALUE Framed-Protocol X.75-Synchronous 6
|
79
|
+
|
80
|
+
# Framed Routing Values
|
81
|
+
|
82
|
+
VALUE Framed-Routing None 0
|
83
|
+
VALUE Framed-Routing Broadcast 1
|
84
|
+
VALUE Framed-Routing Listen 2
|
85
|
+
VALUE Framed-Routing Broadcast-Listen 3
|
86
|
+
|
87
|
+
# Framed Compression Types
|
88
|
+
|
89
|
+
VALUE Framed-Compression None 0
|
90
|
+
VALUE Framed-Compression Van-Jacobson-TCP-IP 1
|
91
|
+
VALUE Framed-Compression IPX-Header-Compression 2
|
92
|
+
VALUE Framed-Compression Stac-LZS 3
|
93
|
+
|
94
|
+
# Login Services
|
95
|
+
|
96
|
+
VALUE Login-Service Telnet 0
|
97
|
+
VALUE Login-Service Rlogin 1
|
98
|
+
VALUE Login-Service TCP-Clear 2
|
99
|
+
VALUE Login-Service PortMaster 3
|
100
|
+
VALUE Login-Service LAT 4
|
101
|
+
VALUE Login-Service X25-PAD 5
|
102
|
+
VALUE Login-Service X25-T3POS 6
|
103
|
+
VALUE Login-Service TCP-Clear-Quiet 8
|
104
|
+
|
105
|
+
# Login-TCP-Port (see /etc/services for more examples)
|
106
|
+
|
107
|
+
VALUE Login-TCP-Port Telnet 23
|
108
|
+
VALUE Login-TCP-Port Rlogin 513
|
109
|
+
VALUE Login-TCP-Port Rsh 514
|
110
|
+
|
111
|
+
# Termination Options
|
112
|
+
|
113
|
+
VALUE Termination-Action Default 0
|
114
|
+
VALUE Termination-Action RADIUS-Request 1
|
115
|
+
|
116
|
+
# NAS Port Types
|
117
|
+
|
118
|
+
VALUE NAS-Port-Type Async 0
|
119
|
+
VALUE NAS-Port-Type Sync 1
|
120
|
+
VALUE NAS-Port-Type ISDN 2
|
121
|
+
VALUE NAS-Port-Type ISDN-V120 3
|
122
|
+
VALUE NAS-Port-Type ISDN-V110 4
|
123
|
+
VALUE NAS-Port-Type Virtual 5
|
124
|
+
VALUE NAS-Port-Type PIAFS 6
|
125
|
+
VALUE NAS-Port-Type HDLC-Clear-Channel 7
|
126
|
+
VALUE NAS-Port-Type X.25 8
|
127
|
+
VALUE NAS-Port-Type X.75 9
|
128
|
+
VALUE NAS-Port-Type G.3-Fax 10
|
129
|
+
VALUE NAS-Port-Type SDSL 11
|
130
|
+
VALUE NAS-Port-Type ADSL-CAP 12
|
131
|
+
VALUE NAS-Port-Type ADSL-DMT 13
|
132
|
+
VALUE NAS-Port-Type IDSL 14
|
133
|
+
VALUE NAS-Port-Type Ethernet 15
|
134
|
+
VALUE NAS-Port-Type xDSL 16
|
135
|
+
VALUE NAS-Port-Type Cable 17
|
136
|
+
VALUE NAS-Port-Type Wireless-Other 18
|
137
|
+
VALUE NAS-Port-Type Wireless-802.11 19
|
138
|
+
|
139
|
+
|
140
|
+
|
141
|
+
# -*- text -*-
|
142
|
+
#
|
143
|
+
# FreeRADIUS dictionary.freeradius.internal
|
144
|
+
#
|
145
|
+
# Non Protocol Attributes used by FreeRADIUS
|
146
|
+
#
|
147
|
+
# $Id$
|
148
|
+
#
|
149
|
+
|
150
|
+
# The attributes number ranges are allocates as follows:
|
151
|
+
#
|
152
|
+
# Range: 500-999
|
153
|
+
# server-side attributes which can go in a reply list
|
154
|
+
|
155
|
+
# These attributes CAN go in the reply item list.
|
156
|
+
ATTRIBUTE Fall-Through 500 integer
|
157
|
+
ATTRIBUTE Exec-Program 502 string
|
158
|
+
ATTRIBUTE Exec-Program-Wait 503 string
|
159
|
+
|
160
|
+
# These attributes CANNOT go in the reply item list.
|
161
|
+
|
162
|
+
#
|
163
|
+
# Range: 1000+
|
164
|
+
# Attributes which cannot go in a reply list.
|
165
|
+
#
|
166
|
+
#
|
167
|
+
# Range: 1000-1199
|
168
|
+
# Miscellaneous server attributes.
|
169
|
+
#
|
170
|
+
#
|
171
|
+
# Non-Protocol Attributes
|
172
|
+
# These attributes are used internally by the server
|
173
|
+
#
|
174
|
+
ATTRIBUTE Auth-Type 1000 integer
|
175
|
+
ATTRIBUTE Menu 1001 string
|
176
|
+
ATTRIBUTE Termination-Menu 1002 string
|
177
|
+
ATTRIBUTE Prefix 1003 string
|
178
|
+
ATTRIBUTE Suffix 1004 string
|
179
|
+
ATTRIBUTE Group 1005 string
|
180
|
+
ATTRIBUTE Crypt-Password 1006 string
|
181
|
+
ATTRIBUTE Connect-Rate 1007 integer
|
182
|
+
ATTRIBUTE Add-Prefix 1008 string
|
183
|
+
ATTRIBUTE Add-Suffix 1009 string
|
184
|
+
ATTRIBUTE Expiration 1010 date
|
185
|
+
ATTRIBUTE Autz-Type 1011 integer
|
186
|
+
ATTRIBUTE Acct-Type 1012 integer
|
187
|
+
ATTRIBUTE Session-Type 1013 integer
|
188
|
+
ATTRIBUTE Post-Auth-Type 1014 integer
|
189
|
+
ATTRIBUTE Pre-Proxy-Type 1015 integer
|
190
|
+
ATTRIBUTE Post-Proxy-Type 1016 integer
|
191
|
+
ATTRIBUTE Pre-Acct-Type 1017 integer
|
192
|
+
|
193
|
+
#
|
194
|
+
# This is the EAP type of authentication, which is set
|
195
|
+
# by the EAP module, for informational purposes only.
|
196
|
+
#
|
197
|
+
ATTRIBUTE EAP-Type 1018 integer
|
198
|
+
ATTRIBUTE EAP-TLS-Require-Client-Cert 1019 integer
|
199
|
+
ATTRIBUTE EAP-Id 1020 integer
|
200
|
+
ATTRIBUTE EAP-Code 1021 integer
|
201
|
+
ATTRIBUTE EAP-MD5-Password 1022 string
|
202
|
+
ATTRIBUTE PEAP-Version 1023 integer
|
203
|
+
|
204
|
+
#
|
205
|
+
# Range: 1023-1028
|
206
|
+
# unused
|
207
|
+
#
|
208
|
+
ATTRIBUTE User-Category 1029 string
|
209
|
+
ATTRIBUTE Group-Name 1030 string
|
210
|
+
ATTRIBUTE Huntgroup-Name 1031 string
|
211
|
+
ATTRIBUTE Simultaneous-Use 1034 integer
|
212
|
+
ATTRIBUTE Strip-User-Name 1035 integer
|
213
|
+
ATTRIBUTE Hint 1040 string
|
214
|
+
ATTRIBUTE Pam-Auth 1041 string
|
215
|
+
ATTRIBUTE Login-Time 1042 string
|
216
|
+
ATTRIBUTE Stripped-User-Name 1043 string
|
217
|
+
ATTRIBUTE Current-Time 1044 string
|
218
|
+
ATTRIBUTE Realm 1045 string
|
219
|
+
ATTRIBUTE No-Such-Attribute 1046 string
|
220
|
+
ATTRIBUTE Packet-Type 1047 integer
|
221
|
+
ATTRIBUTE Proxy-To-Realm 1048 string
|
222
|
+
ATTRIBUTE Replicate-To-Realm 1049 string
|
223
|
+
ATTRIBUTE Acct-Session-Start-Time 1050 date
|
224
|
+
ATTRIBUTE Acct-Unique-Session-Id 1051 string
|
225
|
+
ATTRIBUTE Client-IP-Address 1052 ipaddr
|
226
|
+
ATTRIBUTE Ldap-UserDn 1053 string
|
227
|
+
ATTRIBUTE NS-MTA-MD5-Password 1054 string
|
228
|
+
ATTRIBUTE SQL-User-Name 1055 string
|
229
|
+
ATTRIBUTE LM-Password 1057 octets
|
230
|
+
ATTRIBUTE NT-Password 1058 octets
|
231
|
+
ATTRIBUTE SMB-Account-CTRL 1059 integer
|
232
|
+
ATTRIBUTE SMB-Account-CTRL-TEXT 1061 string
|
233
|
+
ATTRIBUTE User-Profile 1062 string
|
234
|
+
ATTRIBUTE Digest-Realm 1063 string
|
235
|
+
ATTRIBUTE Digest-Nonce 1064 string
|
236
|
+
ATTRIBUTE Digest-Method 1065 string
|
237
|
+
ATTRIBUTE Digest-URI 1066 string
|
238
|
+
ATTRIBUTE Digest-QOP 1067 string
|
239
|
+
ATTRIBUTE Digest-Algorithm 1068 string
|
240
|
+
ATTRIBUTE Digest-Body-Digest 1069 string
|
241
|
+
ATTRIBUTE Digest-CNonce 1070 string
|
242
|
+
ATTRIBUTE Digest-Nonce-Count 1071 string
|
243
|
+
ATTRIBUTE Digest-User-Name 1072 string
|
244
|
+
ATTRIBUTE Pool-Name 1073 string
|
245
|
+
ATTRIBUTE Ldap-Group 1074 string
|
246
|
+
ATTRIBUTE Module-Success-Message 1075 string
|
247
|
+
ATTRIBUTE Module-Failure-Message 1076 string
|
248
|
+
# X99-Fast 1077 integer
|
249
|
+
ATTRIBUTE Rewrite-Rule 1078 string
|
250
|
+
ATTRIBUTE Sql-Group 1079 string
|
251
|
+
ATTRIBUTE Response-Packet-Type 1080 integer
|
252
|
+
ATTRIBUTE Digest-HA1 1081 string
|
253
|
+
ATTRIBUTE MS-CHAP-Use-NTLM-Auth 1082 integer
|
254
|
+
ATTRIBUTE NTLM-User-Name 1083 string
|
255
|
+
ATTRIBUTE Packet-Src-IP-Address 1084 ipaddr
|
256
|
+
ATTRIBUTE Packet-Dst-IP-Address 1085 ipaddr
|
257
|
+
ATTRIBUTE Packet-Src-Port 1086 integer
|
258
|
+
ATTRIBUTE Packet-Dst-Port 1087 integer
|
259
|
+
ATTRIBUTE Packet-Authentication-Vector 1088 octets
|
260
|
+
ATTRIBUTE Time-Of-Day 1089 string
|
261
|
+
ATTRIBUTE Request-Processing-Stage 1090 string
|
262
|
+
ATTRIBUTE Cache-No-Caching 1091 string
|
263
|
+
ATTRIBUTE Cache-Delete-Cache 1092 string
|
264
|
+
ATTRIBUTE SHA-Password 1093 octets
|
265
|
+
ATTRIBUTE SSHA-Password 1094 octets
|
266
|
+
ATTRIBUTE MD5-Password 1095 octets
|
267
|
+
ATTRIBUTE SMD5-Password 1096 octets
|
268
|
+
ATTRIBUTE Packet-Src-IPv6-Address 1097 ipv6addr
|
269
|
+
ATTRIBUTE Packet-Dst-IPv6-Address 1098 ipv6addr
|
270
|
+
ATTRIBUTE Server-Identity 1099 string
|
271
|
+
ATTRIBUTE Cleartext-Password 1100 string
|
272
|
+
ATTRIBUTE Password-With-Header 1101 string
|
273
|
+
|
274
|
+
#
|
275
|
+
# Range: 1200-1279
|
276
|
+
# EAP-SIM (and other EAP type) weirdness.
|
277
|
+
#
|
278
|
+
# For EAP-SIM, some attribute definitions for database interface
|
279
|
+
#
|
280
|
+
ATTRIBUTE EAP-Sim-Subtype 1200 integer
|
281
|
+
|
282
|
+
ATTRIBUTE EAP-Sim-Rand1 1201 octets
|
283
|
+
ATTRIBUTE EAP-Sim-Rand2 1202 octets
|
284
|
+
ATTRIBUTE EAP-Sim-Rand3 1203 octets
|
285
|
+
|
286
|
+
ATTRIBUTE EAP-Sim-SRES1 1204 octets
|
287
|
+
ATTRIBUTE EAP-Sim-SRES2 1205 octets
|
288
|
+
ATTRIBUTE EAP-Sim-SRES3 1206 octets
|
289
|
+
|
290
|
+
VALUE EAP-Sim-Subtype Start 10
|
291
|
+
VALUE EAP-Sim-Subtype Challenge 11
|
292
|
+
VALUE EAP-Sim-Subtype Notification 12
|
293
|
+
VALUE EAP-Sim-Subtype Re-authentication 13
|
294
|
+
|
295
|
+
# this attribute is used internally by the client code.
|
296
|
+
ATTRIBUTE EAP-Sim-State 1207 integer
|
297
|
+
|
298
|
+
ATTRIBUTE EAP-Sim-IMSI 1208 string
|
299
|
+
ATTRIBUTE EAP-Sim-HMAC 1209 string
|
300
|
+
ATTRIBUTE EAP-Sim-KEY 1210 octets
|
301
|
+
ATTRIBUTE EAP-Sim-EXTRA 1211 octets
|
302
|
+
|
303
|
+
ATTRIBUTE EAP-Sim-KC1 1212 octets
|
304
|
+
ATTRIBUTE EAP-Sim-KC2 1213 octets
|
305
|
+
ATTRIBUTE EAP-Sim-KC3 1214 octets
|
306
|
+
|
307
|
+
#
|
308
|
+
# Range: 1280 - 1535
|
309
|
+
# EAP-type specific attributes
|
310
|
+
#
|
311
|
+
|
312
|
+
# these are PW_EAP_X + 1280
|
313
|
+
ATTRIBUTE EAP-Type-Identity 1281 string
|
314
|
+
ATTRIBUTE EAP-Type-Notification 1282 string
|
315
|
+
ATTRIBUTE EAP-Type-NAK 1283 string
|
316
|
+
ATTRIBUTE EAP-Type-MD5 1284 octets
|
317
|
+
ATTRIBUTE EAP-Type-OTP 1285 string
|
318
|
+
ATTRIBUTE EAP-Type-GTC 1286 string
|
319
|
+
ATTRIBUTE EAP-Type-TLS 1297 octets
|
320
|
+
ATTRIBUTE EAP-Type-SIM 1298 octets
|
321
|
+
ATTRIBUTE EAP-Type-LEAP 1301 octets
|
322
|
+
ATTRIBUTE EAP-Type-SIM2 1302 octets
|
323
|
+
ATTRIBUTE EAP-Type-TTLS 1305 octets
|
324
|
+
ATTRIBUTE EAP-Type-PEAP 1309 octets
|
325
|
+
|
326
|
+
#
|
327
|
+
# Range: 1536 - 1791
|
328
|
+
# EAP Sim sub-types.
|
329
|
+
#
|
330
|
+
|
331
|
+
# these are PW_EAP_SIM_X + 1536
|
332
|
+
ATTRIBUTE EAP-Sim-RAND 1537 octets
|
333
|
+
ATTRIBUTE EAP-Sim-PADDING 1542 octets
|
334
|
+
ATTRIBUTE EAP-Sim-NONCE_MT 1543 octets
|
335
|
+
ATTRIBUTE EAP-Sim-PERMANENT_ID_REQ 1546 octets
|
336
|
+
ATTRIBUTE EAP-Sim-MAC 1547 octets
|
337
|
+
ATTRIBUTE EAP-Sim-NOTIFICATION 1548 octets
|
338
|
+
ATTRIBUTE EAP-Sim-ANY_ID_REQ 1549 octets
|
339
|
+
ATTRIBUTE EAP-Sim-IDENTITY 1550 octets
|
340
|
+
ATTRIBUTE EAP-Sim-VERSION_LIST 1551 octets
|
341
|
+
ATTRIBUTE EAP-Sim-SELECTED_VERSION 1552 octets
|
342
|
+
ATTRIBUTE EAP-Sim-FULLAUTH_ID_REQ 1553 octets
|
343
|
+
ATTRIBUTE EAP-Sim-COUNTER 1555 octets
|
344
|
+
ATTRIBUTE EAP-Sim-COUNTER_TOO_SMALL 1556 octets
|
345
|
+
ATTRIBUTE EAP-Sim-NONCE_S 1557 octets
|
346
|
+
ATTRIBUTE EAP-Sim-IV 1665 octets
|
347
|
+
ATTRIBUTE EAP-Sim-ENCR_DATA 1666 octets
|
348
|
+
ATTRIBUTE EAP-Sim-NEXT_PSEUDONUM 1668 octets
|
349
|
+
ATTRIBUTE EAP-Sim-NEXT_REAUTH_ID 1669 octets
|
350
|
+
ATTRIBUTE EAP-Sim-CHECKCODE 1670 octets
|
351
|
+
|
352
|
+
#
|
353
|
+
# Range: 1800-1899
|
354
|
+
# Temporary attributes, for local storage.
|
355
|
+
#
|
356
|
+
ATTRIBUTE Tmp-String-0 1800 string
|
357
|
+
ATTRIBUTE Tmp-String-1 1801 string
|
358
|
+
ATTRIBUTE Tmp-String-2 1802 string
|
359
|
+
ATTRIBUTE Tmp-String-3 1803 string
|
360
|
+
ATTRIBUTE Tmp-String-4 1804 string
|
361
|
+
ATTRIBUTE Tmp-String-5 1805 string
|
362
|
+
ATTRIBUTE Tmp-String-6 1806 string
|
363
|
+
ATTRIBUTE Tmp-String-7 1807 string
|
364
|
+
ATTRIBUTE Tmp-String-8 1808 string
|
365
|
+
ATTRIBUTE Tmp-String-9 1809 string
|
366
|
+
|
367
|
+
ATTRIBUTE Tmp-Integer-0 1810 integer
|
368
|
+
ATTRIBUTE Tmp-Integer-1 1811 integer
|
369
|
+
ATTRIBUTE Tmp-Integer-2 1812 integer
|
370
|
+
ATTRIBUTE Tmp-Integer-3 1813 integer
|
371
|
+
ATTRIBUTE Tmp-Integer-4 1814 integer
|
372
|
+
ATTRIBUTE Tmp-Integer-5 1815 integer
|
373
|
+
ATTRIBUTE Tmp-Integer-6 1816 integer
|
374
|
+
ATTRIBUTE Tmp-Integer-7 1817 integer
|
375
|
+
ATTRIBUTE Tmp-Integer-8 1818 integer
|
376
|
+
ATTRIBUTE Tmp-Integer-9 1819 integer
|
377
|
+
|
378
|
+
ATTRIBUTE Tmp-IP-Address-0 1820 ipaddr
|
379
|
+
ATTRIBUTE Tmp-IP-Address-1 1821 ipaddr
|
380
|
+
ATTRIBUTE Tmp-IP-Address-2 1822 ipaddr
|
381
|
+
ATTRIBUTE Tmp-IP-Address-3 1823 ipaddr
|
382
|
+
ATTRIBUTE Tmp-IP-Address-4 1824 ipaddr
|
383
|
+
ATTRIBUTE Tmp-IP-Address-5 1825 ipaddr
|
384
|
+
ATTRIBUTE Tmp-IP-Address-6 1826 ipaddr
|
385
|
+
ATTRIBUTE Tmp-IP-Address-7 1827 ipaddr
|
386
|
+
ATTRIBUTE Tmp-IP-Address-8 1828 ipaddr
|
387
|
+
ATTRIBUTE Tmp-IP-Address-9 1829 ipaddr
|
388
|
+
|
389
|
+
#
|
390
|
+
# Range: 1900-2999
|
391
|
+
# Free
|
392
|
+
#
|
393
|
+
# Range: 3000-3999
|
394
|
+
# Site-local attributes (see raddb/dictionary.in)
|
395
|
+
# Do NOT define attributes in this range!
|
396
|
+
#
|
397
|
+
# Range: 4000-65535
|
398
|
+
# Unused
|
399
|
+
#
|
400
|
+
# Range: 65536-
|
401
|
+
# Invalid. Don't use.
|
402
|
+
#
|
403
|
+
|
404
|
+
#
|
405
|
+
# Non-Protocol Integer Translations
|
406
|
+
#
|
407
|
+
|
408
|
+
VALUE Auth-Type Local 0
|
409
|
+
VALUE Auth-Type System 1
|
410
|
+
VALUE Auth-Type SecurID 2
|
411
|
+
VALUE Auth-Type Crypt-Local 3
|
412
|
+
VALUE Auth-Type Reject 4
|
413
|
+
VALUE Auth-Type ActivCard 5
|
414
|
+
VALUE Auth-Type EAP 6
|
415
|
+
VALUE Auth-Type ARAP 7
|
416
|
+
|
417
|
+
#
|
418
|
+
# FreeRADIUS extensions (most originally from Cistron)
|
419
|
+
#
|
420
|
+
VALUE Auth-Type Accept 254
|
421
|
+
|
422
|
+
VALUE Auth-Type PAP 1024
|
423
|
+
VALUE Auth-Type CHAP 1025
|
424
|
+
# 1026 was LDAP, but we deleted it. Adding it back will break the
|
425
|
+
# ldap module.
|
426
|
+
VALUE Auth-Type PAM 1027
|
427
|
+
VALUE Auth-Type MS-CHAP 1028
|
428
|
+
VALUE Auth-Type Kerberos 1029
|
429
|
+
VALUE Auth-Type CRAM 1030
|
430
|
+
VALUE Auth-Type NS-MTA-MD5 1031
|
431
|
+
# 1032 is unused (was a duplicate of CRAM)
|
432
|
+
VALUE Auth-Type SMB 1033
|
433
|
+
|
434
|
+
#
|
435
|
+
# Authorization type, too.
|
436
|
+
#
|
437
|
+
VALUE Autz-Type Local 0
|
438
|
+
|
439
|
+
#
|
440
|
+
# And accounting
|
441
|
+
#
|
442
|
+
VALUE Acct-Type Local 0
|
443
|
+
|
444
|
+
#
|
445
|
+
# And Session handling
|
446
|
+
#
|
447
|
+
VALUE Session-Type Local 0
|
448
|
+
|
449
|
+
#
|
450
|
+
# And Post-Auth
|
451
|
+
VALUE Post-Auth-Type Local 0
|
452
|
+
|
453
|
+
#
|
454
|
+
# Experimental Non-Protocol Integer Translations for FreeRADIUS
|
455
|
+
#
|
456
|
+
VALUE Fall-Through No 0
|
457
|
+
VALUE Fall-Through Yes 1
|
458
|
+
|
459
|
+
#VALUE Strip-User-Name No 0
|
460
|
+
#VALUE Strip-User-Name Yes 1
|
461
|
+
|
462
|
+
VALUE Packet-Type Access-Request 1
|
463
|
+
VALUE Packet-Type Access-Accept 2
|
464
|
+
VALUE Packet-Type Access-Reject 3
|
465
|
+
VALUE Packet-Type Accounting-Request 4
|
466
|
+
VALUE Packet-Type Accounting-Response 5
|
467
|
+
VALUE Packet-Type Accounting-Status 6
|
468
|
+
VALUE Packet-Type Password-Request 7
|
469
|
+
VALUE Packet-Type Password-Accept 8
|
470
|
+
VALUE Packet-Type Password-Reject 9
|
471
|
+
VALUE Packet-Type Accounting-Message 10
|
472
|
+
VALUE Packet-Type Access-Challenge 11
|
473
|
+
VALUE Packet-Type Status-Server 12
|
474
|
+
VALUE Packet-Type Status-Client 13
|
475
|
+
|
476
|
+
#
|
477
|
+
# The following packet types are described in RFC 2882,
|
478
|
+
# but they are NOT part of the RADIUS standard. Instead,
|
479
|
+
# they are informational about vendor-specific extensions
|
480
|
+
# to the RADIUS standard.
|
481
|
+
#
|
482
|
+
VALUE Packet-Type Resource-Free-Request 21
|
483
|
+
VALUE Packet-Type Resource-Free-Response 22
|
484
|
+
VALUE Packet-Type Resource-Query-Request 23
|
485
|
+
VALUE Packet-Type Resource-Query-Response 24
|
486
|
+
VALUE Packet-Type Alternate-Resource-Reclaim-Request 25
|
487
|
+
VALUE Packet-Type NAS-Reboot-Request 26
|
488
|
+
VALUE Packet-Type NAS-Reboot-Response 27
|
489
|
+
VALUE Packet-Type Next-Passcode 29
|
490
|
+
VALUE Packet-Type New-Pin 30
|
491
|
+
VALUE Packet-Type Terminate-Session 31
|
492
|
+
VALUE Packet-Type Password-Expired 32
|
493
|
+
VALUE Packet-Type Event-Request 33
|
494
|
+
VALUE Packet-Type Event-Response 34
|
495
|
+
VALUE Packet-Type Disconnect-Request 40
|
496
|
+
VALUE Packet-Type Disconnect-ACK 41
|
497
|
+
VALUE Packet-Type Disconnect-NAK 42
|
498
|
+
|
499
|
+
# Old names, if no one uses them, they should be deleted.
|
500
|
+
VALUE Packet-Type CoF-Request 43
|
501
|
+
VALUE Packet-Type CoF-ACK 44
|
502
|
+
VALUE Packet-Type CoF-NAK 45
|
503
|
+
|
504
|
+
VALUE Packet-Type CoA-Request 43
|
505
|
+
VALUE Packet-Type CoA-ACK 44
|
506
|
+
VALUE Packet-Type CoA-NAK 45
|
507
|
+
VALUE Packet-Type IP-Address-Allocate 50
|
508
|
+
VALUE Packet-Type IP-Address-Release 51
|
509
|
+
|
510
|
+
VALUE Response-Packet-Type Access-Request 1
|
511
|
+
VALUE Response-Packet-Type Access-Accept 2
|
512
|
+
VALUE Response-Packet-Type Access-Reject 3
|
513
|
+
VALUE Response-Packet-Type Accounting-Request 4
|
514
|
+
VALUE Response-Packet-Type Accounting-Response 5
|
515
|
+
VALUE Response-Packet-Type Accounting-Status 6
|
516
|
+
VALUE Response-Packet-Type Password-Request 7
|
517
|
+
VALUE Response-Packet-Type Password-Accept 8
|
518
|
+
VALUE Response-Packet-Type Password-Reject 9
|
519
|
+
VALUE Response-Packet-Type Accounting-Message 10
|
520
|
+
VALUE Response-Packet-Type Access-Challenge 11
|
521
|
+
VALUE Response-Packet-Type Status-Server 12
|
522
|
+
VALUE Response-Packet-Type Status-Client 13
|
523
|
+
|
524
|
+
#
|
525
|
+
# EAP Sub-types, inside of Request and Response packets
|
526
|
+
#
|
527
|
+
# http://www.iana.org/assignments/ppp-numbers
|
528
|
+
# "PPP EAP REQUEST/RESPONSE TYPES"
|
529
|
+
#
|
530
|
+
#
|
531
|
+
# See dictionary.microsoft, MS-Acct-EAP-Type for similar definitions
|
532
|
+
#
|
533
|
+
VALUE EAP-Type None 0
|
534
|
+
VALUE EAP-Type Identity 1
|
535
|
+
VALUE EAP-Type Notification 2
|
536
|
+
VALUE EAP-Type NAK 3
|
537
|
+
VALUE EAP-Type MD5-Challenge 4
|
538
|
+
VALUE EAP-Type One-Time-Password 5
|
539
|
+
VALUE EAP-Type Generic-Token-Card 6
|
540
|
+
VALUE EAP-Type RSA-Public-Key 9
|
541
|
+
VALUE EAP-Type DSS-Unilateral 10
|
542
|
+
VALUE EAP-Type KEA 11
|
543
|
+
VALUE EAP-Type KEA-Validate 12
|
544
|
+
VALUE EAP-Type EAP-TLS 13
|
545
|
+
VALUE EAP-Type Defender-Token 14
|
546
|
+
VALUE EAP-Type RSA-SecurID-EAP 15
|
547
|
+
VALUE EAP-Type Arcot-Systems-EAP 16
|
548
|
+
VALUE EAP-Type Cisco-LEAP 17
|
549
|
+
VALUE EAP-Type Nokia-IP-Smart-Card 18
|
550
|
+
VALUE EAP-Type SIM 18
|
551
|
+
VALUE EAP-Type SRP-SHA1-Part-1 19
|
552
|
+
VALUE EAP-Type SRP-SHA1-Part-2 20
|
553
|
+
VALUE EAP-Type EAP-TTLS 21
|
554
|
+
VALUE EAP-Type Remote-Access-Service 22
|
555
|
+
VALUE EAP-Type UMTS 23
|
556
|
+
VALUE EAP-Type EAP-3Com-Wireless 24
|
557
|
+
VALUE EAP-Type PEAP 25
|
558
|
+
VALUE EAP-Type MS-EAP-Authentication 26
|
559
|
+
VALUE EAP-Type MAKE 27
|
560
|
+
VALUE EAP-Type CRYPTOCard 28
|
561
|
+
VALUE EAP-Type EAP-MSCHAP-V2 29
|
562
|
+
VALUE EAP-Type DynamID 30
|
563
|
+
VALUE EAP-Type Rob-EAP 31
|
564
|
+
VALUE EAP-Type SecurID-EAP 32
|
565
|
+
VALUE EAP-Type MS-Authentication-TLV 33
|
566
|
+
VALUE EAP-Type SentriNET 34
|
567
|
+
VALUE EAP-Type EAP-Actiontec-Wireless 35
|
568
|
+
VALUE EAP-Type Cogent-Biomentric-EAP 36
|
569
|
+
VALUE EAP-Type AirFortress-EAP 37
|
570
|
+
VALUE EAP-Type EAP-HTTP-Digest 38
|
571
|
+
VALUE EAP-Type SecuriSuite-EAP 39
|
572
|
+
VALUE EAP-Type DeviceConnect-EAP 40
|
573
|
+
VALUE EAP-Type EAP-SPEKE 41
|
574
|
+
VALUE EAP-Type EAP-MOBAC 42
|
575
|
+
|
576
|
+
#
|
577
|
+
# These are duplicate values, to get around the problem of
|
578
|
+
# having two MS-CHAPv2 EAP types.
|
579
|
+
#
|
580
|
+
VALUE EAP-Type Microsoft-MS-CHAPv2 26
|
581
|
+
VALUE EAP-Type Cisco-MS-CHAPv2 29
|
582
|
+
|
583
|
+
#
|
584
|
+
# And this is what most people mean by MS-CHAPv2
|
585
|
+
#
|
586
|
+
VALUE EAP-Type MS-CHAP-V2 26
|
587
|
+
|
588
|
+
#
|
589
|
+
# This says TLS, but it's only valid for TTLS & PEAP.
|
590
|
+
# EAP-TLS *always* requires a client certificate.
|
591
|
+
#
|
592
|
+
VALUE EAP-TLS-Require-Client-Cert No 0
|
593
|
+
VALUE EAP-TLS-Require-Client-Cert Yes 1
|
594
|
+
|
595
|
+
#
|
596
|
+
# These are the EAP-Code values.
|
597
|
+
#
|
598
|
+
VALUE EAP-Code Request 1
|
599
|
+
VALUE EAP-Code Response 2
|
600
|
+
VALUE EAP-Code Success 3
|
601
|
+
VALUE EAP-Code Failure 4
|
602
|
+
|
603
|
+
#
|
604
|
+
# For MS-CHAP, do we run ntlm_auth, or not.
|
605
|
+
#
|
606
|
+
VALUE MS-CHAP-Use-NTLM-Auth No 0
|
607
|
+
VALUE MS-CHAP-Use-NTLM-Auth Yes 1
|
608
|
+
|
609
|
+
|
610
|
+
|
611
|
+
|
612
|
+
|
613
|
+
# -*- text -*-
|
614
|
+
#
|
615
|
+
# FreeRADIUS dictionary.rfc2868
|
616
|
+
#
|
617
|
+
# Attributes and values defined in RFC 2868.
|
618
|
+
# http://www.ietf.org/rfc/rfc2868.txt
|
619
|
+
#
|
620
|
+
# $Id$
|
621
|
+
#
|
622
|
+
ATTRIBUTE Tunnel-Type 64 integer has_tag
|
623
|
+
ATTRIBUTE Tunnel-Medium-Type 65 integer has_tag
|
624
|
+
ATTRIBUTE Tunnel-Client-Endpoint 66 string has_tag
|
625
|
+
ATTRIBUTE Tunnel-Server-Endpoint 67 string has_tag
|
626
|
+
|
627
|
+
ATTRIBUTE Tunnel-Password 69 string has_tag,encrypt=2
|
628
|
+
|
629
|
+
ATTRIBUTE Tunnel-Private-Group-Id 81 string has_tag
|
630
|
+
ATTRIBUTE Tunnel-Assignment-Id 82 string has_tag
|
631
|
+
ATTRIBUTE Tunnel-Preference 83 integer has_tag
|
632
|
+
|
633
|
+
ATTRIBUTE Tunnel-Client-Auth-Id 90 string has_tag
|
634
|
+
ATTRIBUTE Tunnel-Server-Auth-Id 91 string has_tag
|
635
|
+
|
636
|
+
# Tunnel Type
|
637
|
+
|
638
|
+
VALUE Tunnel-Type PPTP 1
|
639
|
+
VALUE Tunnel-Type L2F 2
|
640
|
+
VALUE Tunnel-Type L2TP 3
|
641
|
+
VALUE Tunnel-Type ATMP 4
|
642
|
+
VALUE Tunnel-Type VTP 5
|
643
|
+
VALUE Tunnel-Type AH 6
|
644
|
+
VALUE Tunnel-Type IP 7
|
645
|
+
VALUE Tunnel-Type MIN-IP 8
|
646
|
+
VALUE Tunnel-Type ESP 9
|
647
|
+
VALUE Tunnel-Type GRE 10
|
648
|
+
VALUE Tunnel-Type DVS 11
|
649
|
+
VALUE Tunnel-Type IP-in-IP 12
|
650
|
+
|
651
|
+
# Tunnel Medium Type
|
652
|
+
|
653
|
+
VALUE Tunnel-Medium-Type IP 1
|
654
|
+
VALUE Tunnel-Medium-Type IPv4 1
|
655
|
+
VALUE Tunnel-Medium-Type IPv6 2
|
656
|
+
VALUE Tunnel-Medium-Type NSAP 3
|
657
|
+
VALUE Tunnel-Medium-Type HDLC 4
|
658
|
+
VALUE Tunnel-Medium-Type BBN-1822 5
|
659
|
+
VALUE Tunnel-Medium-Type IEEE-802 6
|
660
|
+
VALUE Tunnel-Medium-Type E.163 7
|
661
|
+
VALUE Tunnel-Medium-Type E.164 8
|
662
|
+
VALUE Tunnel-Medium-Type F.69 9
|
663
|
+
VALUE Tunnel-Medium-Type X.121 10
|
664
|
+
VALUE Tunnel-Medium-Type IPX 11
|
665
|
+
VALUE Tunnel-Medium-Type Appletalk 12
|
666
|
+
VALUE Tunnel-Medium-Type DecNet-IV 13
|
667
|
+
VALUE Tunnel-Medium-Type Banyan-Vines 14
|
668
|
+
VALUE Tunnel-Medium-Type E.164-NSAP 15
|
669
|
+
|
670
|
+
|
671
|
+
|
672
|
+
# APC
|
673
|
+
VENDOR APC 318
|
674
|
+
|
675
|
+
ATTRIBUTE APC-Service-Type 1 integer APC
|
676
|
+
ATTRIBUTE APC-Outlets 2 string APC
|
677
|
+
|
678
|
+
VALUE APC-Service-Type Admin 1
|
679
|
+
VALUE APC-Service-Type Device 2
|
680
|
+
VALUE APC-Service-Type ReadOnly 3
|
681
|
+
VALUE APC-Service-Type Outlet 4
|
682
|
+
|
683
|
+
|
684
|
+
|
685
|
+
# -*- text -*-
|
686
|
+
#
|
687
|
+
# dictionary.cisco
|
688
|
+
#
|
689
|
+
# Accounting VSAs originally by
|
690
|
+
# "Marcelo M. Sosa Lugones" <marcelo@sosa.com.ar>
|
691
|
+
#
|
692
|
+
# Version: $Id$
|
693
|
+
#
|
694
|
+
# For documentation on Cisco RADIUS attributes, see:
|
695
|
+
#
|
696
|
+
# http://www.cisco.com/univercd/cc/td/doc/product/access/acs_serv/vapp_dev/vsaig3.htm
|
697
|
+
#
|
698
|
+
|
699
|
+
VENDOR Cisco 9
|
700
|
+
|
701
|
+
#
|
702
|
+
# Standard attribute
|
703
|
+
#
|
704
|
+
BEGIN-VENDOR Cisco
|
705
|
+
|
706
|
+
ATTRIBUTE Cisco-AVPair 1 string
|
707
|
+
ATTRIBUTE Cisco-NAS-Port 2 string
|
708
|
+
|
709
|
+
#
|
710
|
+
# T.37 Store-and-Forward attributes.
|
711
|
+
#
|
712
|
+
ATTRIBUTE Cisco-Fax-Account-Id-Origin 3 string
|
713
|
+
ATTRIBUTE Cisco-Fax-Msg-Id 4 string
|
714
|
+
ATTRIBUTE Cisco-Fax-Pages 5 string
|
715
|
+
ATTRIBUTE Cisco-Fax-Coverpage-Flag 6 string
|
716
|
+
ATTRIBUTE Cisco-Fax-Modem-Time 7 string
|
717
|
+
ATTRIBUTE Cisco-Fax-Connect-Speed 8 string
|
718
|
+
ATTRIBUTE Cisco-Fax-Recipient-Count 9 string
|
719
|
+
ATTRIBUTE Cisco-Fax-Process-Abort-Flag 10 string
|
720
|
+
ATTRIBUTE Cisco-Fax-Dsn-Address 11 string
|
721
|
+
ATTRIBUTE Cisco-Fax-Dsn-Flag 12 string
|
722
|
+
ATTRIBUTE Cisco-Fax-Mdn-Address 13 string
|
723
|
+
ATTRIBUTE Cisco-Fax-Mdn-Flag 14 string
|
724
|
+
ATTRIBUTE Cisco-Fax-Auth-Status 15 string
|
725
|
+
ATTRIBUTE Cisco-Email-Server-Address 16 string
|
726
|
+
ATTRIBUTE Cisco-Email-Server-Ack-Flag 17 string
|
727
|
+
ATTRIBUTE Cisco-Gateway-Id 18 string
|
728
|
+
ATTRIBUTE Cisco-Call-Type 19 string
|
729
|
+
ATTRIBUTE Cisco-Port-Used 20 string
|
730
|
+
ATTRIBUTE Cisco-Abort-Cause 21 string
|
731
|
+
|
732
|
+
#
|
733
|
+
# Voice over IP attributes.
|
734
|
+
#
|
735
|
+
ATTRIBUTE h323-remote-address 23 string
|
736
|
+
ATTRIBUTE h323-conf-id 24 string
|
737
|
+
ATTRIBUTE h323-setup-time 25 string
|
738
|
+
ATTRIBUTE h323-call-origin 26 string
|
739
|
+
ATTRIBUTE h323-call-type 27 string
|
740
|
+
ATTRIBUTE h323-connect-time 28 string
|
741
|
+
ATTRIBUTE h323-disconnect-time 29 string
|
742
|
+
ATTRIBUTE h323-disconnect-cause 30 string
|
743
|
+
ATTRIBUTE h323-voice-quality 31 string
|
744
|
+
ATTRIBUTE h323-gw-id 33 string
|
745
|
+
ATTRIBUTE h323-incoming-conf-id 35 string
|
746
|
+
|
747
|
+
ATTRIBUTE h323-credit-amount 101 string
|
748
|
+
ATTRIBUTE h323-credit-time 102 string
|
749
|
+
ATTRIBUTE h323-return-code 103 string
|
750
|
+
ATTRIBUTE h323-prompt-id 104 string
|
751
|
+
ATTRIBUTE h323-time-and-day 105 string
|
752
|
+
ATTRIBUTE h323-redirect-number 106 string
|
753
|
+
ATTRIBUTE h323-preferred-lang 107 string
|
754
|
+
ATTRIBUTE h323-redirect-ip-address 108 string
|
755
|
+
ATTRIBUTE h323-billing-model 109 string
|
756
|
+
ATTRIBUTE h323-currency 110 string
|
757
|
+
ATTRIBUTE subscriber 111 string
|
758
|
+
ATTRIBUTE gw-rxd-cdn 112 string
|
759
|
+
ATTRIBUTE gw-final-xlated-cdn 113 string
|
760
|
+
ATTRIBUTE remote-media-address 114 string
|
761
|
+
ATTRIBUTE release-source 115 string
|
762
|
+
ATTRIBUTE gw-rxd-cgn 116 string
|
763
|
+
ATTRIBUTE gw-final-xlated-cgn 117 string
|
764
|
+
|
765
|
+
# SIP Attributes
|
766
|
+
ATTRIBUTE call-id 141 string
|
767
|
+
ATTRIBUTE session-protocol 142 string
|
768
|
+
ATTRIBUTE method 143 string
|
769
|
+
ATTRIBUTE prev-hop-via 144 string
|
770
|
+
ATTRIBUTE prev-hop-ip 145 string
|
771
|
+
ATTRIBUTE incoming-req-uri 146 string
|
772
|
+
ATTRIBUTE outgoing-req-uri 147 string
|
773
|
+
ATTRIBUTE next-hop-ip 148 string
|
774
|
+
ATTRIBUTE next-hop-dn 149 string
|
775
|
+
ATTRIBUTE sip-hdr 150 string
|
776
|
+
|
777
|
+
#
|
778
|
+
# Extra attributes sent by the Cisco, if you configure
|
779
|
+
# "radius-server vsa accounting" (requires IOS11.2+).
|
780
|
+
#
|
781
|
+
ATTRIBUTE Cisco-Multilink-ID 187 integer
|
782
|
+
ATTRIBUTE Cisco-Num-In-Multilink 188 integer
|
783
|
+
ATTRIBUTE Cisco-Pre-Input-Octets 190 integer
|
784
|
+
ATTRIBUTE Cisco-Pre-Output-Octets 191 integer
|
785
|
+
ATTRIBUTE Cisco-Pre-Input-Packets 192 integer
|
786
|
+
ATTRIBUTE Cisco-Pre-Output-Packets 193 integer
|
787
|
+
ATTRIBUTE Cisco-Maximum-Time 194 integer
|
788
|
+
ATTRIBUTE Cisco-Disconnect-Cause 195 integer
|
789
|
+
ATTRIBUTE Cisco-Data-Rate 197 integer
|
790
|
+
ATTRIBUTE Cisco-PreSession-Time 198 integer
|
791
|
+
ATTRIBUTE Cisco-PW-Lifetime 208 integer
|
792
|
+
ATTRIBUTE Cisco-IP-Direct 209 integer
|
793
|
+
ATTRIBUTE Cisco-PPP-VJ-Slot-Comp 210 integer
|
794
|
+
ATTRIBUTE Cisco-PPP-Async-Map 212 integer
|
795
|
+
ATTRIBUTE Cisco-IP-Pool-Definition 217 string
|
796
|
+
ATTRIBUTE Cisco-Assign-IP-Pool 218 integer
|
797
|
+
ATTRIBUTE Cisco-Route-IP 228 integer
|
798
|
+
ATTRIBUTE Cisco-Link-Compression 233 integer
|
799
|
+
ATTRIBUTE Cisco-Target-Util 234 integer
|
800
|
+
ATTRIBUTE Cisco-Maximum-Channels 235 integer
|
801
|
+
ATTRIBUTE Cisco-Data-Filter 242 integer
|
802
|
+
ATTRIBUTE Cisco-Call-Filter 243 integer
|
803
|
+
ATTRIBUTE Cisco-Idle-Limit 244 integer
|
804
|
+
ATTRIBUTE Cisco-Account-Info 250 string
|
805
|
+
ATTRIBUTE Cisco-Service-Info 251 string
|
806
|
+
ATTRIBUTE Cisco-Command-Code 252 string
|
807
|
+
ATTRIBUTE Cisco-Control-Info 253 string
|
808
|
+
ATTRIBUTE Cisco-Xmit-Rate 255 integer
|
809
|
+
|
810
|
+
VALUE Cisco-Disconnect-Cause Unknown 2
|
811
|
+
VALUE Cisco-Disconnect-Cause CLID-Authentication-Failure 4
|
812
|
+
VALUE Cisco-Disconnect-Cause No-Carrier 10
|
813
|
+
VALUE Cisco-Disconnect-Cause Lost-Carrier 11
|
814
|
+
VALUE Cisco-Disconnect-Cause No-Detected-Result-Codes 12
|
815
|
+
VALUE Cisco-Disconnect-Cause User-Ends-Session 20
|
816
|
+
VALUE Cisco-Disconnect-Cause Idle-Timeout 21
|
817
|
+
VALUE Cisco-Disconnect-Cause Exit-Telnet-Session 22
|
818
|
+
VALUE Cisco-Disconnect-Cause No-Remote-IP-Addr 23
|
819
|
+
VALUE Cisco-Disconnect-Cause Exit-Raw-TCP 24
|
820
|
+
VALUE Cisco-Disconnect-Cause Password-Fail 25
|
821
|
+
VALUE Cisco-Disconnect-Cause Raw-TCP-Disabled 26
|
822
|
+
VALUE Cisco-Disconnect-Cause Control-C-Detected 27
|
823
|
+
VALUE Cisco-Disconnect-Cause EXEC-Program-Destroyed 28
|
824
|
+
VALUE Cisco-Disconnect-Cause Timeout-PPP-LCP 40
|
825
|
+
VALUE Cisco-Disconnect-Cause Failed-PPP-LCP-Negotiation 41
|
826
|
+
VALUE Cisco-Disconnect-Cause Failed-PPP-PAP-Auth-Fail 42
|
827
|
+
VALUE Cisco-Disconnect-Cause Failed-PPP-CHAP-Auth 43
|
828
|
+
VALUE Cisco-Disconnect-Cause Failed-PPP-Remote-Auth 44
|
829
|
+
VALUE Cisco-Disconnect-Cause PPP-Remote-Terminate 45
|
830
|
+
VALUE Cisco-Disconnect-Cause PPP-Closed-Event 46
|
831
|
+
VALUE Cisco-Disconnect-Cause Session-Timeout 100
|
832
|
+
VALUE Cisco-Disconnect-Cause Session-Failed-Security 101
|
833
|
+
VALUE Cisco-Disconnect-Cause Session-End-Callback 102
|
834
|
+
VALUE Cisco-Disconnect-Cause Invalid-Protocol 120
|
835
|
+
|
836
|
+
END-VENDOR Cisco
|
837
|
+
|
838
|
+
|
839
|
+
|
840
|
+
# -*- text -*-
|
841
|
+
#
|
842
|
+
# dictionary.juniper
|
843
|
+
#
|
844
|
+
# As posted to the list by Eric Kilfoil <ekilfoil@uslec.net>
|
845
|
+
#
|
846
|
+
# Version: $Id$
|
847
|
+
#
|
848
|
+
|
849
|
+
VENDOR Juniper 2636
|
850
|
+
|
851
|
+
BEGIN-VENDOR Juniper
|
852
|
+
|
853
|
+
ATTRIBUTE Juniper-Local-User-Name 1 string
|
854
|
+
ATTRIBUTE Juniper-Allow-Commands 2 string
|
855
|
+
ATTRIBUTE Juniper-Deny-Commands 3 string
|
856
|
+
ATTRIBUTE Juniper-Allow-Configuration 4 string
|
857
|
+
ATTRIBUTE Juniper-Deny-Configuration 5 string
|
858
|
+
|
859
|
+
END-VENDOR Juniper
|
860
|
+
|
861
|
+
|
862
|
+
|
863
|
+
|
864
|
+
# -*- text -*-
|
865
|
+
#
|
866
|
+
# From:
|
867
|
+
# http://www.netscreen.com/support/downloads/4.0_configuring_screenOS_for_NTdomain_v11.pdf
|
868
|
+
#
|
869
|
+
|
870
|
+
VENDOR Netscreen 3224
|
871
|
+
|
872
|
+
BEGIN-VENDOR Netscreen
|
873
|
+
|
874
|
+
ATTRIBUTE NS-Admin-Privilege 1 integer
|
875
|
+
ATTRIBUTE NS-VSYS-Name 2 string
|
876
|
+
ATTRIBUTE NS-User-Group 3 string
|
877
|
+
ATTRIBUTE NS-Primary-DNS 4 ipaddr
|
878
|
+
ATTRIBUTE NS-Secondary-DNS 5 ipaddr
|
879
|
+
ATTRIBUTE NS-Primary-WINS 6 ipaddr
|
880
|
+
ATTRIBUTE NS-Secondary-WINS 7 ipaddr
|
881
|
+
|
882
|
+
#
|
883
|
+
# Values VSYS-Admin and Read-Only-VSYS-Admin require a NS-VSYS-Name
|
884
|
+
# attribute in the response packet.
|
885
|
+
#
|
886
|
+
VALUE NS-Admin-Privilege Root-Admin 1
|
887
|
+
VALUE NS-Admin-Privilege All-VSYS-Root-Admin 2
|
888
|
+
VALUE NS-Admin-Privilege VSYS-Admin 3
|
889
|
+
VALUE NS-Admin-Privilege Read-Only-Admin 4
|
890
|
+
VALUE NS-Admin-Privilege Read-Only-VSYS-Admin 5
|
891
|
+
|
892
|
+
END-VENDOR Netscreen
|