Contents

User's Guide
Overview
What It Is
What's New
Key Features List
ClearBox Enterprise vs ClearBox
System Requirements
Purchasing Licenses
Getting Started
Quick Start
Understanding Server Components
Managing User Accounts
Configuring RADIUS Realms
Realm Settings
Realm Rules
Dynamic Realm Rules
Authentication
Authentication Protocols Compatibility
Logging Authentication Packets
Logging Discarded Requests
Authorization
Accounting
Account Log Files
Realm Settings
Configuring SQL Queries
Private RADIUS Attributes
Regular Expressions Syntax
RADIUS Clients
RADIUS Client Settings
Dynamic Clients Settings
SQL Data Sources
SQL Data Source Settings
LDAP Servers
LDAP Server Settings
Remote RADIUS Servers
Remote RADIUS Server Settings
State Servers
State Server Settings
Meta Configuration
Meta Configuration
Meta Configuration Settings
Meta Base Schema
TLS Settings
Creating SSL Certificates
Creating Server Sertificate
Requesting Server Certificate
Creating Client Certificates
Revoking a Certificate or Renewing CRL
Exporting CA Certificate
Issuing a Certificate in Active Directory CA
Remote Configuration
Advanced ISP Billing Integration
DTH Billing Integration
Platypus Billing System Intergration
OnDO SIP Server Integration
How Do I...
Wi-Fi Security
Wireless Authentication
Wi-Fi and RADIUS
Supported EAP Authentication Types
Security Considerations
10 Tips for Wireless Network Security
Administering the Server
Logging
Debug Logs
Troubleshooting
Using Client Tool
List of Server Errors
Maintaining RADIUS Dictionary
Basic Concepts
AAA
Authentication
Wireless Authentication
Authentication Protocols
Authorization
Accounting
RADIUS
RADIUS
Realms
RADIUS Proxy
RADIUS Attributes
Example of RADIUS Packet Transactions
List of Standard RADIUS Attributes
Glossary
Technical Support
Purchasing Licenses
Contacts

 
Home
ClearBox Enterprise Server 2.0 Online Manual
Prev Page Next Page
 
 
ClearBox Enterprise Serverâ„¢ 2.0. User's Guide

Standard RADIUS Attributes Reference

For more information on RADIUS attributes see

Attribute Type Value type Vendor Vendor type Description
User-Name 1 string/binary data     Indicates the name of the user to be authenticated.
User-Password 2 string/binary data     Indicates the password of the user to be authenticated, or the user's input following an Access-Challenge.
CHAP-Password 3 string/binary data     Indicates the response value provided by a PPP Challenge-Handshake Authentication Protocol (CHAP) user in response to the challenge.
NAS-IP-Address 4 IP address     Indicates the identifying IP Address of the NAS which is requesting authentication of the user.
NAS-Port 5 integer     Indicates the physical port number of the NAS which is authenticating the user.
Service-Type 6 integer     Indicates the type of service the user has requested, or the type of service to be provided.
Framed-Protocol 7 integer     Indicates the framing to be used for framed access.
Framed-IP-Address 8 IP address     Indicates the address to be configured for the user.
Framed-IP-Netmask 9 IP address     Indicates the IP netmask to be configured for the user when the user is a router to a network.
Framed-Routing 10 integer     Indicates the routing method for the user, when the user is a router to a network.
Filter-Id 11 text     Indicates the name of the filter list for this user.
Framed-MTU 12 integer     Indicates the Maximum Transmission Unit to be configured for the user, when it is not negotiated by some other means (such as PPP).
Framed-Compression 13 integer     Indicates a compression protocol to be used for the link.
Login-IP-Host 14 IP address     Indicates the system with which to connect the user, when the Login-Service Attribute is included.
Login-Service 15 integer     Indicates the service to use to connect the user to the login host.
Login-TCP-Port 16 integer     Indicates the TCP port with which the user is to be connected, when the Login-Service Attribute is also present.
Reply-Message 18 text     Indicates text which may be displayed to the user.
Callback-Number 19 string/binary data     Indicates a dialing string to be used for callback.
Callback-Id 20 string/binary data     Indicates the name of a place to be called, to be interpreted by the NAS.
Framed-Route 22 text     Provides routing information to be configured for the user on the NAS.
Framed-IPX-Network 23 string/binary data     Indicates the IPX Network number to be configured for the user.
State 24 string/binary data     Is available to be sent by the server to the client in an Access-Challenge and must be sent unmodified from the client to the server in the new Access-Request reply to that challenge, if any.
Class 25 string/binary data     Is available to be sent by the server to the client in an Access-Accept and should be sent unmodified by the client to the accounting server as part of the Accounting-Request packet if accounting is supported.
Session-Timeout 27 integer     Sets the maximum number of seconds of service to be provided to the user before termination of the session or prompt.
Idle-Timeout 28 integer     Sets the maximum number of consecutive seconds of idle connection allowed to the user before termination of the session or prompt.
Termination-Action 29 integer     Indicates what action the NAS should take when the specified service is completed.
Called-Station-Id 30 string/binary data     Allows the NAS to send in the Access-Request packet the phone number that the user called, using Dialed Number Identification (DNIS) or similar technology.
Calling-Station-Id 31 string/binary data     Allows the NAS to send in the Access-Request packet the phone number that the call came from, using Automatic Number Identification (ANI) or similar technology.
NAS-Identifier 32 string/binary data     Contains a string identifying the NAS originating the Access-Request.
Proxy-State 33 string/binary data     Is available to be sent by a proxy server to another server when forwarding an Access-Request and must be returned unmodified in the Access-Accept, Access-Reject or Access-Challenge.
Login-LAT-Service 34 string/binary data     Indicates the system with which the user is to be connected by LAT.
Login-LAT-Node 35 string/binary data     Indicates the Node with which the user is to be automatically connected by LAT.
Login-LAT-Group 36 string/binary data     Contains a string identifying the LAT group codes which this user is authorized to use.
Framed-AppleTalk-Link 37 integer     Indicates the AppleTalk network number which should be used for the serial link to the user, which is another AppleTalk router.
Framed-AppleTalk-Network 38 integer     Indicates the AppleTalk Network number which the NAS should probe to allocate an AppleTalk node for the user.
Framed-AppleTalk-Zone 39 string/binary data     Indicates the AppleTalk Default Zone to be used for this user.
Acct-Status-Type 40 integer     Indicates whether this Accounting-Request marks the beginning of the user service (Start) or the end (Stop).
Acct-Delay-Time 41 integer     Indicates how many seconds the client has been trying to send this record for, and can be subtracted from the time of arrival on the server to find the approximate time of the event generating this Accounting-Request.
Acct-Input-Octets 42 integer     Indicates how many octets have been received from the port over the course of this service being provided, and can only be present in Accounting-Request records where the Acct-Status-Type is set to Stop.
Acct-Output-Octets 43 integer     Indicates how many octets have been sent to the port in the course of delivering this service, and can only be present in Accounting-Request records where the Acct-Status-Type is set to Stop.
Acct-Session-Id 44 text     Is a unique Accounting ID to make it easy to match start and stop records in a log file.
Acct-Authentic 45 integer     May be included in an Accounting-Request to indicate how the user was authenticated, whether by RADIUS, the NAS itself, or another remote authentication protocol.
Acct-Session-Time 46 integer     Indicates how many seconds the user has received service for, and can only be present in Accounting-Request records where the Acct-Status-Type is set to Stop.
Acct-Input-Packets 47 integer     Indicates how many packets have been received from the port over the course of this service being provided to a Framed User, and can only be present in Accounting-Request records where the Acct-Status-Type is set to Stop.
Acct-Output-Packets 48 integer     Indicates how many packets have been sent to the port in the course of delivering this service to a Framed User, and can only be present in Accounting-Request records where the Acct-Status-Type is set to Stop.
Acct-Termination-Cause 49 integer     Indicates how the session was terminated, and can only be present in Accounting-Request records where the Acct-Status-Type is set to Stop.
Acct-Multi-Session-Id 50 string/binary data     Is a unique Accounting ID to make it easy to link together multiple related sessions in a log file.
Acct-Link-Count 51 integer     Gives the count of links which are known to have been in a given multilink session at the time the accounting record is generated.
Acct-Input-Gigawords 52 integer     Indicates how many times the Acct-Input-Octets counter has wrapped around 2^32 over the course of this service being provided, and can only be present in Accounting-Request records where the Acct-Status-Type is set to Stop or Interim-Update.
Acct-Output-Gigawords 53 integer     Indicates how many times the Acct-Output-Octets counter has wrapped around 2^32 in the course of delivering this service, and can only be present in Accounting-Request records where the Acct-Status-Type is set to Stop or Interim-Update.
Event-Timestamp 55 date/time     Is included in an Accounting-Request packet to record the time that this event occurred on the NAS, in seconds since January 1, 1970 00:00 UTC.
CHAP-Challenge 60 string/binary data     Contains the CHAP Challenge sent by the NAS to a PPP Challenge-Handshake Authentication Protocol (CHAP) user.
NAS-Port-Type 61 integer     Indicates the type of the physical port of the NAS which is authenticating the user.
Port-Limit 62 integer     Sets the maximum number of ports to be provided to the user by the NAS.
Login-LAT-Port 63 string/binary data     Indicates the Port with which the user is to be connected by LAT.
Tunnel-Type 64 integer     Indicates the tunneling protocol(s) to be used (in the case of a tunnel initiator) or the the tunneling protocol in use (in the case of a tunnel terminator).
Tunnel-Medium-Type 65 integer     Indicates which transport medium to use when creating a tunnel for those protocols (such as L2TP) that can operate over multiple transports.
Tunnel-Client-Endpoint 66 string/binary data     Contains the address of the initiator end of the tunnel.
Tunnel-Server-Endpoint 67 string/binary data     Indicates the address of the server end of the tunnel.
Acct-Tunnel-Connection 68 string/binary data     Indicates the identifier assigned to the tunnel session.
Tunnel-Password 69 string/binary data     May contain a password to be used to authenticate to a remote server.
ARAP-Password 70 string/binary data     Contains a 16 octet string, used to carry the dial-in user's response to the NAS challenge and the client's own challenge to the NAS.
ARAP-Features 71 string/binary data     Includes password information that the NAS should sent to the user in an ARAP "feature flags" packet.
ARAP-Zone-Access 72 integer     Indicates how the ARAP zone list for the user should be used.
ARAP-Security 73 integer     Identifies the ARAP Security Module to be used in an Access-Challenge packet.
ARAP-Security-Data 74 string/binary data     Contains the actual security module challenge or response.
Password-Retry 75 integer     May be included in an Access-Reject to indicate how many authentication attempts a user may be allowed to attempt before being disconnected.
Prompt 76 integer     Indicates to the NAS whether it should echo the user's response as it is entered, or not echo it.
Connect-Info 77 text     Is sent from the NAS to indicate the nature of the user's connection.
Configuration-Token 78 string/binary data     Is for use in large distributed authentication networks based on proxy. It is sent from a RADIUS Proxy Server to a RADIUS Proxy Client in an Access-Accept to indicate a type of user profile to be used.
EAP-Message 79 string/binary data     Encapsulates Extended Access Protocol packets so as to allow the NAS to authenticate dial-in users via EAP without having to understand the EAP protocol.
Message-Authenticator 80 string/binary data     May be used to sign Access-Requests to prevent spoofing Access-Requests using CHAP, ARAP or EAP authentication methods.
Tunnel-Private-Group-ID 81 string/binary data     Indicates the group ID for a particular tunneled session.
Tunnel-Assignment-ID 82 string/binary data     Is used to indicate to the tunnel initiator the particular tunnel to which a session is to be assigned.
Tunnel-Preference 83 integer     If more than one set of tunneling attributes is returned by the RADIUS server to the tunnel initiator, this attribute should be included in each set to indicate the relative preference assigned to each tunnel.
ARAP-Challenge-Response 84 string/binary data     Contains the response to the dial-in client's challenge.
Acct-Interim-Interval 85 integer     Indicates the number of seconds between each interim update in seconds for this specific session.
Acct-Tunnel-Packets-Lost 86 integer     Indicates the number of packets lost on a given link.
NAS-Port-ID 87 text     Contains a text string which identifies the port of the NAS which is authenticating the user.
Framed-Pool 88 string/binary data     Contains the name of an assigned address pool that should be used to assign an address for the user.
Tunnel-Client-Auth-ID 90 string/binary data     Specifies the name used by the tunnel initiator during the authentication phase of tunnel establishment.
Tunnel-Server-Auth-ID 91 string/binary data     Specifies the name used by the tunnel terminator during the authentication phase of tunnel establishment.
NAS-IPv6-Address 95 string/binary data     Indicates the identifying IPv6 Address of the NAS which is requesting authentication of the user.
Framed-Interface-Id 96 string/binary data     Indicates the IPv6 interface identifier to be configured for the user.
Framed-IPv6-Prefix 97 string/binary data     Indicates an IPv6 prefix (and corresponding route) to be configured for the user.
Login-IPv6-Host 98 string/binary data     Indicates the system with which to connect the user, when the Login-Service Attribute is included.
Framed-IPv6-Route 99 text     Provides routing information to be configured for the user on the NAS.
Framed-IPv6-Pool 100 string/binary data     Contains the name of an assigned pool that should be used to assign an IPv6 prefix for the user.
MS-CHAP-Response 26 string/binary data Microsoft 1 Contains the response value provided by a PPP Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP) user in response to the challenge.
MS-CHAP-Error 26 string/binary data Microsoft 2 Contains error data related to the preceding MS-CHAP exchange.
MS-CHAP-CPW-1 26 string/binary data Microsoft 3 Allows the user to change their password if it has expired.
MS-CHAP-CPW-2 26 string/binary data Microsoft 4 Allows the user to change their password if it has expired.
MS-CHAP-LM-Enc-PW 26 string/binary data Microsoft 5 Contains the new Windows NT password encrypted with the old LAN Manager password hash.
MS-CHAP-NT-Enc-PW 26 string/binary data Microsoft 6 Contains the new Windows NT password encrypted with the old Windows NT password hash.
MS-MPPE-Encryption-Policy 26 integer Microsoft 7 May be used to signify whether the use of encryption is allowed or required.
MS-MPPE-Encryption-Type 26 string/binary data Microsoft 8 Is used to signify the types of encryption available for use with MPPE.
MS-RAS-Vendor 26 integer Microsoft 9 Is used to indicate the manufacturer of the RADIUS client machine.
MS-CHAP-Domain 26 string/binary data Microsoft 10 Indicates the Windows NT domain in which the user was authenticated.
MS-CHAP-Challenge 26 string/binary data Microsoft 11 Contains the challenge sent by a NAS to a Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP) user.
MS-CHAP-MPPE-Keys 26 string/binary data Microsoft 12 Contains two session keys for use by the Microsoft Point-to-Point Encryption Protocol (MPPE).
MS-BAP-Usage 26 integer Microsoft 13 Describes whether the use of BAP is allowed, disallowed or required on new multilink calls.
MS-Link-Utilization-Threshold 26 integer Microsoft 14 Represents the percentage of available bandwidth utilization below which the link must fall before the link is eligible for termination.
MS-Link-Drop-Time-Limit 26 integer Microsoft 15 Indicates the length of time (in seconds) that a link must be underutilized before it is dropped.
MS-MPPE-Send-Key 26 string/binary data Microsoft 16 Contains a session key for use by the Microsoft Point-to-Point Encryption Protocol (MPPE).
MS-MPPE-Recv-Key 26 string/binary data Microsoft 17 Contains a session key for use by the Microsoft Point-to-Point Encryption Protocol (MPPE).
MS-RAS-Version 26 string/binary data Microsoft 18 Is used to indicate the version of the RADIUS client software.
MS-Old-ARAP-Password 26 string/binary data Microsoft 19 Is used to transmit the old ARAP password during an ARAP password change operation.
MS-New-ARAP-Password 26 string/binary data Microsoft 20 Is used to transmit the new ARAP password during an ARAP password change operation.
MS-ARAP-PW-Change-Reason 26 integer Microsoft 21 Is used to indicate reason for a server-initiated password change.
MS-Filter 26 string/binary data Microsoft 22 Is used to transmit traffic filters.
MS-Acct-Auth-Type 26 integer Microsoft 23 Is used to represent the method used to authenticate the dial-up user.
MS-Acct-EAP-Type 26 integer Microsoft 24 is used to represent the Extensible Authentication Protocol (EAP) type used to authenticate the dial-up user.
MS-CHAP2-Response 26 string/binary data Microsoft 25 Contains the response value provided by an MS-CHAP-V2 peer in response to the challenge.
MS-CHAP2-Success 26 string/binary data Microsoft 26 Contains a 42-octet authenticator response string.
MS-CHAP2-CPW 26 string/binary data Microsoft 27 Allows the user to change their password if it has expired.
MS-Primary-DNS-Server 26 IP address Microsoft 28 Is used to indicate the address of the primary Domain Name Server (DNS) server to be used by the PPP peer.
MS-Secondary-DNS-Server 26 IP address Microsoft 29 Is used to indicate the address of the secondary DNS server to be used by the PPP peer.
MS-Primary-NDNS-Server 26 IP address Microsoft 30 is used to indicate the address of the primary NetBIOS Name Server (NBNS) server to be used by the PPP peer.
MS-Secondary-NBNS-Server 26 IP address Microsoft 31 Is used to indicate the address of the secondary DNS server to be used by the PPP peer.
MS-ARAP-Challenge 26 string/binary data Microsoft 33 Contains the challenge (as two 4-octet quantities) sent by the NAS to the peer.

© 2001-2007 XPerience Technologies. www.xperiencetech.com
Converted from CHM to HTML with chm2web Pro 2.7 (unicode)