| Attribute
|
Type
|
Value type
|
Vendor
|
Vendor type
|
Description
|
| User-Name |
1 |
string/binary data |
|
|
Indicates the name of the user to be
authenticated. |
| User-Password |
2 |
string/binary data |
|
|
Indicates the password of the user to be
authenticated, or the user's input following an
Access-Challenge. |
| CHAP-Password |
3 |
string/binary data |
|
|
Indicates the response value provided by a PPP
Challenge-Handshake Authentication Protocol (CHAP) user in response
to the challenge. |
| NAS-IP-Address |
4 |
IP address |
|
|
Indicates the identifying IP Address of the NAS
which is requesting authentication of the user. |
| NAS-Port |
5 |
integer |
|
|
Indicates the physical port number of the NAS
which is authenticating the user. |
| Service-Type |
6 |
integer |
|
|
Indicates the type of service the user has
requested, or the type of service to be provided. |
| Framed-Protocol |
7 |
integer |
|
|
Indicates the framing to be used for framed
access. |
| Framed-IP-Address |
8 |
IP address |
|
|
Indicates the address to be configured for the
user. |
| Framed-IP-Netmask |
9 |
IP address |
|
|
Indicates the IP netmask to be configured for the
user when the user is a router to a network. |
| Framed-Routing |
10 |
integer |
|
|
Indicates the routing method for the user, when
the user is a router to a network. |
| Filter-Id |
11 |
text |
|
|
Indicates the name of the filter list for this
user. |
| Framed-MTU |
12 |
integer |
|
|
Indicates the Maximum Transmission Unit to be
configured for the user, when it is not negotiated by some other
means (such as PPP). |
| Framed-Compression |
13 |
integer |
|
|
Indicates a compression protocol to be used for
the link. |
| Login-IP-Host |
14 |
IP address |
|
|
Indicates the system with which to connect the
user, when the Login-Service Attribute is included. |
| Login-Service |
15 |
integer |
|
|
Indicates the service to use to connect the user
to the login host. |
| Login-TCP-Port |
16 |
integer |
|
|
Indicates the TCP port with which the user is to
be connected, when the Login-Service Attribute is also
present. |
| Reply-Message |
18 |
text |
|
|
Indicates text which may be displayed to the
user. |
| Callback-Number |
19 |
string/binary data |
|
|
Indicates a dialing string to be used for
callback. |
| Callback-Id |
20 |
string/binary data |
|
|
Indicates the name of a place to be called, to be
interpreted by the NAS. |
| Framed-Route |
22 |
text |
|
|
Provides routing information to be configured for
the user on the NAS. |
| Framed-IPX-Network |
23 |
string/binary data |
|
|
Indicates the IPX Network number to be configured
for the user. |
| State |
24 |
string/binary data |
|
|
Is available to be sent by the server to the
client in an Access-Challenge and must be sent unmodified from the
client to the server in the new Access-Request reply to that
challenge, if any. |
| Class |
25 |
string/binary data |
|
|
Is available to be sent by the server to the
client in an Access-Accept and should be sent unmodified by the
client to the accounting server as part of the Accounting-Request
packet if accounting is supported. |
| Session-Timeout |
27 |
integer |
|
|
Sets the maximum number of seconds of service to
be provided to the user before termination of the session or
prompt. |
| Idle-Timeout |
28 |
integer |
|
|
Sets the maximum number of consecutive seconds of
idle connection allowed to the user before termination of the
session or prompt. |
| Termination-Action |
29 |
integer |
|
|
Indicates what action the NAS should take when
the specified service is completed. |
| Called-Station-Id |
30 |
string/binary data |
|
|
Allows the NAS to send in the Access-Request
packet the phone number that the user called, using Dialed Number
Identification (DNIS) or similar technology. |
| Calling-Station-Id |
31 |
string/binary data |
|
|
Allows the NAS to send in the Access-Request
packet the phone number that the call came from, using Automatic
Number Identification (ANI) or similar technology. |
| NAS-Identifier |
32 |
string/binary data |
|
|
Contains a string identifying the NAS originating
the Access-Request. |
| Proxy-State |
33 |
string/binary data |
|
|
Is available to be sent by a proxy server to
another server when forwarding an Access-Request and must be
returned unmodified in the Access-Accept, Access-Reject or
Access-Challenge. |
| Login-LAT-Service |
34 |
string/binary data |
|
|
Indicates the system with which the user is to be
connected by LAT. |
| Login-LAT-Node |
35 |
string/binary data |
|
|
Indicates the Node with which the user is to be
automatically connected by LAT. |
| Login-LAT-Group |
36 |
string/binary data |
|
|
Contains a string identifying the LAT group codes
which this user is authorized to use. |
| Framed-AppleTalk-Link |
37 |
integer |
|
|
Indicates the AppleTalk network number which
should be used for the serial link to the user, which is another
AppleTalk router. |
| Framed-AppleTalk-Network |
38 |
integer |
|
|
Indicates the AppleTalk Network number which the
NAS should probe to allocate an AppleTalk node for the user. |
| Framed-AppleTalk-Zone |
39 |
string/binary data |
|
|
Indicates the AppleTalk Default Zone to be used
for this user. |
| Acct-Status-Type |
40 |
integer |
|
|
Indicates whether this Accounting-Request marks
the beginning of the user service (Start) or the end (Stop). |
| Acct-Delay-Time |
41 |
integer |
|
|
Indicates how many seconds the client has been
trying to send this record for, and can be subtracted from the time
of arrival on the server to find the approximate time of the event
generating this Accounting-Request. |
| Acct-Input-Octets |
42 |
integer |
|
|
Indicates how many octets have been received from
the port over the course of this service being provided, and can
only be present in Accounting-Request records where the
Acct-Status-Type is set to Stop. |
| Acct-Output-Octets |
43 |
integer |
|
|
Indicates how many octets have been sent to the
port in the course of delivering this service, and can only be
present in Accounting-Request records where the Acct-Status-Type is
set to Stop. |
| Acct-Session-Id |
44 |
text |
|
|
Is a unique Accounting ID to make it easy to
match start and stop records in a log file. |
| Acct-Authentic |
45 |
integer |
|
|
May be included in an Accounting-Request to
indicate how the user was authenticated, whether by RADIUS, the NAS
itself, or another remote authentication protocol. |
| Acct-Session-Time |
46 |
integer |
|
|
Indicates how many seconds the user has received
service for, and can only be present in Accounting-Request records
where the Acct-Status-Type is set to Stop. |
| Acct-Input-Packets |
47 |
integer |
|
|
Indicates how many packets have been received
from the port over the course of this service being provided to a
Framed User, and can only be present in Accounting-Request records
where the Acct-Status-Type is set to Stop. |
| Acct-Output-Packets |
48 |
integer |
|
|
Indicates how many packets have been sent to the
port in the course of delivering this service to a Framed User, and
can only be present in Accounting-Request records where the
Acct-Status-Type is set to Stop. |
| Acct-Termination-Cause |
49 |
integer |
|
|
Indicates how the session was terminated, and can
only be present in Accounting-Request records where the
Acct-Status-Type is set to Stop. |
| Acct-Multi-Session-Id |
50 |
string/binary data |
|
|
Is a unique Accounting ID to make it easy to link
together multiple related sessions in a log file. |
| Acct-Link-Count |
51 |
integer |
|
|
Gives the count of links which are known to have
been in a given multilink session at the time the accounting record
is generated. |
| Acct-Input-Gigawords |
52 |
integer |
|
|
Indicates how many times the Acct-Input-Octets
counter has wrapped around 2^32 over the course of this service
being provided, and can only be present in Accounting-Request
records where the Acct-Status-Type is set to Stop or
Interim-Update. |
| Acct-Output-Gigawords |
53 |
integer |
|
|
Indicates how many times the Acct-Output-Octets
counter has wrapped around 2^32 in the course of delivering this
service, and can only be present in Accounting-Request records
where the Acct-Status-Type is set to Stop or Interim-Update. |
| Event-Timestamp |
55 |
date/time |
|
|
Is included in an Accounting-Request packet to
record the time that this event occurred on the NAS, in seconds
since January 1, 1970 00:00 UTC. |
| CHAP-Challenge |
60 |
string/binary data |
|
|
Contains the CHAP Challenge sent by the NAS to a
PPP Challenge-Handshake Authentication Protocol (CHAP) user. |
| NAS-Port-Type |
61 |
integer |
|
|
Indicates the type of the physical port of the
NAS which is authenticating the user. |
| Port-Limit |
62 |
integer |
|
|
Sets the maximum number of ports to be provided
to the user by the NAS. |
| Login-LAT-Port |
63 |
string/binary data |
|
|
Indicates the Port with which the user is to be
connected by LAT. |
| Tunnel-Type |
64 |
integer |
|
|
Indicates the tunneling protocol(s) to be used
(in the case of a tunnel initiator) or the the tunneling protocol
in use (in the case of a tunnel terminator). |
| Tunnel-Medium-Type |
65 |
integer |
|
|
Indicates which transport medium to use when
creating a tunnel for those protocols (such as L2TP) that can
operate over multiple transports. |
| Tunnel-Client-Endpoint |
66 |
string/binary data |
|
|
Contains the address of the initiator end of the
tunnel. |
| Tunnel-Server-Endpoint |
67 |
string/binary data |
|
|
Indicates the address of the server end of the
tunnel. |
| Acct-Tunnel-Connection |
68 |
string/binary data |
|
|
Indicates the identifier assigned to the tunnel
session. |
| Tunnel-Password |
69 |
string/binary data |
|
|
May contain a password to be used to authenticate
to a remote server. |
| ARAP-Password |
70 |
string/binary data |
|
|
Contains a 16 octet string, used to carry the
dial-in user's response to the NAS challenge and the client's own
challenge to the NAS. |
| ARAP-Features |
71 |
string/binary data |
|
|
Includes password information that the NAS should
sent to the user in an ARAP "feature flags" packet. |
| ARAP-Zone-Access |
72 |
integer |
|
|
Indicates how the ARAP zone list for the user
should be used. |
| ARAP-Security |
73 |
integer |
|
|
Identifies the ARAP Security Module to be used in
an Access-Challenge packet. |
| ARAP-Security-Data |
74 |
string/binary data |
|
|
Contains the actual security module challenge or
response. |
| Password-Retry |
75 |
integer |
|
|
May be included in an Access-Reject to indicate
how many authentication attempts a user may be allowed to attempt
before being disconnected. |
| Prompt |
76 |
integer |
|
|
Indicates to the NAS whether it should echo the
user's response as it is entered, or not echo it. |
| Connect-Info |
77 |
text |
|
|
Is sent from the NAS to indicate the nature of
the user's connection. |
| Configuration-Token |
78 |
string/binary data |
|
|
Is for use in large distributed authentication
networks based on proxy. It is sent from a RADIUS Proxy Server to a
RADIUS Proxy Client in an Access-Accept to indicate a type of user
profile to be used. |
| EAP-Message |
79 |
string/binary data |
|
|
Encapsulates Extended Access Protocol packets so
as to allow the NAS to authenticate dial-in users via EAP without
having to understand the EAP protocol. |
| Message-Authenticator |
80 |
string/binary data |
|
|
May be used to sign Access-Requests to prevent
spoofing Access-Requests using CHAP, ARAP or EAP authentication
methods. |
| Tunnel-Private-Group-ID |
81 |
string/binary data |
|
|
Indicates the group ID for a particular tunneled
session. |
| Tunnel-Assignment-ID |
82 |
string/binary data |
|
|
Is used to indicate to the tunnel initiator the
particular tunnel to which a session is to be assigned. |
| Tunnel-Preference |
83 |
integer |
|
|
If more than one set of tunneling attributes is
returned by the RADIUS server to the tunnel initiator, this
attribute should be included in each set to indicate the relative
preference assigned to each tunnel. |
| ARAP-Challenge-Response |
84 |
string/binary data |
|
|
Contains the response to the dial-in client's
challenge. |
| Acct-Interim-Interval |
85 |
integer |
|
|
Indicates the number of seconds between each
interim update in seconds for this specific session. |
| Acct-Tunnel-Packets-Lost |
86 |
integer |
|
|
Indicates the number of packets lost on a given
link. |
| NAS-Port-ID |
87 |
text |
|
|
Contains a text string which identifies the port
of the NAS which is authenticating the user. |
| Framed-Pool |
88 |
string/binary data |
|
|
Contains the name of an assigned address pool
that should be used to assign an address for the user. |
| Tunnel-Client-Auth-ID |
90 |
string/binary data |
|
|
Specifies the name used by the tunnel initiator
during the authentication phase of tunnel establishment. |
| Tunnel-Server-Auth-ID |
91 |
string/binary data |
|
|
Specifies the name used by the tunnel terminator
during the authentication phase of tunnel establishment. |
| NAS-IPv6-Address |
95 |
string/binary data |
|
|
Indicates the identifying IPv6 Address of the NAS
which is requesting authentication of the user. |
| Framed-Interface-Id |
96 |
string/binary data |
|
|
Indicates the IPv6 interface identifier to be
configured for the user. |
| Framed-IPv6-Prefix |
97 |
string/binary data |
|
|
Indicates an IPv6 prefix (and corresponding
route) to be configured for the user. |
| Login-IPv6-Host |
98 |
string/binary data |
|
|
Indicates the system with which to connect the
user, when the Login-Service Attribute is included. |
| Framed-IPv6-Route |
99 |
text |
|
|
Provides routing information to be configured for
the user on the NAS. |
| Framed-IPv6-Pool |
100 |
string/binary data |
|
|
Contains the name of an assigned pool that should
be used to assign an IPv6 prefix for the user. |
| MS-CHAP-Response |
26 |
string/binary data |
Microsoft |
1 |
Contains the response value provided by a PPP
Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP)
user in response to the challenge. |
| MS-CHAP-Error |
26 |
string/binary data |
Microsoft |
2 |
Contains error data related to the preceding
MS-CHAP exchange. |
| MS-CHAP-CPW-1 |
26 |
string/binary data |
Microsoft |
3 |
Allows the user to change their password if it
has expired. |
| MS-CHAP-CPW-2 |
26 |
string/binary data |
Microsoft |
4 |
Allows the user to change their password if it
has expired. |
| MS-CHAP-LM-Enc-PW |
26 |
string/binary data |
Microsoft |
5 |
Contains the new Windows NT password encrypted
with the old LAN Manager password hash. |
| MS-CHAP-NT-Enc-PW |
26 |
string/binary data |
Microsoft |
6 |
Contains the new Windows NT password encrypted
with the old Windows NT password hash. |
| MS-MPPE-Encryption-Policy |
26 |
integer |
Microsoft |
7 |
May be used to signify whether the use of
encryption is allowed or required. |
| MS-MPPE-Encryption-Type |
26 |
string/binary data |
Microsoft |
8 |
Is used to signify the types of encryption
available for use with MPPE. |
| MS-RAS-Vendor |
26 |
integer |
Microsoft |
9 |
Is used to indicate the manufacturer of the
RADIUS client machine. |
| MS-CHAP-Domain |
26 |
string/binary data |
Microsoft |
10 |
Indicates the Windows NT domain in which the user
was authenticated. |
| MS-CHAP-Challenge |
26 |
string/binary data |
Microsoft |
11 |
Contains the challenge sent by a NAS to a
Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP)
user. |
| MS-CHAP-MPPE-Keys |
26 |
string/binary data |
Microsoft |
12 |
Contains two session keys for use by the
Microsoft Point-to-Point Encryption Protocol (MPPE). |
| MS-BAP-Usage |
26 |
integer |
Microsoft |
13 |
Describes whether the use of BAP is allowed,
disallowed or required on new multilink calls. |
| MS-Link-Utilization-Threshold |
26 |
integer |
Microsoft |
14 |
Represents the percentage of available bandwidth
utilization below which the link must fall before the link is
eligible for termination. |
| MS-Link-Drop-Time-Limit |
26 |
integer |
Microsoft |
15 |
Indicates the length of time (in seconds) that a
link must be underutilized before it is dropped. |
| MS-MPPE-Send-Key |
26 |
string/binary data |
Microsoft |
16 |
Contains a session key for use by the Microsoft
Point-to-Point Encryption Protocol (MPPE). |
| MS-MPPE-Recv-Key |
26 |
string/binary data |
Microsoft |
17 |
Contains a session key for use by the Microsoft
Point-to-Point Encryption Protocol (MPPE). |
| MS-RAS-Version |
26 |
string/binary data |
Microsoft |
18 |
Is used to indicate the version of the RADIUS
client software. |
| MS-Old-ARAP-Password |
26 |
string/binary data |
Microsoft |
19 |
Is used to transmit the old ARAP password during
an ARAP password change operation. |
| MS-New-ARAP-Password |
26 |
string/binary data |
Microsoft |
20 |
Is used to transmit the new ARAP password during
an ARAP password change operation. |
| MS-ARAP-PW-Change-Reason |
26 |
integer |
Microsoft |
21 |
Is used to indicate reason for a server-initiated
password change. |
| MS-Filter |
26 |
string/binary data |
Microsoft |
22 |
Is used to transmit traffic filters. |
| MS-Acct-Auth-Type |
26 |
integer |
Microsoft |
23 |
Is used to represent the method used to
authenticate the dial-up user. |
| MS-Acct-EAP-Type |
26 |
integer |
Microsoft |
24 |
is used to represent the Extensible
Authentication Protocol (EAP) type used to authenticate the dial-up
user. |
| MS-CHAP2-Response |
26 |
string/binary data |
Microsoft |
25 |
Contains the response value provided by an
MS-CHAP-V2 peer in response to the challenge. |
| MS-CHAP2-Success |
26 |
string/binary data |
Microsoft |
26 |
Contains a 42-octet authenticator response
string. |
| MS-CHAP2-CPW |
26 |
string/binary data |
Microsoft |
27 |
Allows the user to change their password if it
has expired. |
| MS-Primary-DNS-Server |
26 |
IP address |
Microsoft |
28 |
Is used to indicate the address of the primary
Domain Name Server (DNS) server to be used by the PPP peer. |
| MS-Secondary-DNS-Server |
26 |
IP address |
Microsoft |
29 |
Is used to indicate the address of the secondary
DNS server to be used by the PPP peer. |
| MS-Primary-NDNS-Server |
26 |
IP address |
Microsoft |
30 |
is used to indicate the address of the primary
NetBIOS Name Server (NBNS) server to be used by the PPP peer. |
| MS-Secondary-NBNS-Server |
26 |
IP address |
Microsoft |
31 |
Is used to indicate the address of the secondary
DNS server to be used by the PPP peer. |
| MS-ARAP-Challenge |
26 |
string/binary data |
Microsoft |
33 |
Contains the challenge (as two 4-octet
quantities) sent by the NAS to the peer. |
