From 3ae2ef630ee6cfbd20d214de25502df5dde27df8 Mon Sep 17 00:00:00 2001 From: MrBug Date: Wed, 16 Oct 2024 14:49:19 +0330 Subject: [PATCH] Update README-radius.md add all supported ATTRIBUTES --- doc/README-radius.md | 306 +++++++++++++++++++++++++++++++++++-------- 1 file changed, 254 insertions(+), 52 deletions(-) diff --git a/doc/README-radius.md b/doc/README-radius.md index 56f49486..ae60f09a 100644 --- a/doc/README-radius.md +++ b/doc/README-radius.md @@ -73,69 +73,271 @@ Dictionary Ocserv supports the following radious attributes. ``` -# Standard attributes ATTRIBUTE User-Name 1 string ATTRIBUTE Password 2 string -ATTRIBUTE NAS-Port 5 integer +ATTRIBUTE CHAP-Password 3 string +ATTRIBUTE NAS-IP-Address 4 ipv4addr +ATTRIBUTE NAS-Port-Id 5 integer +ATTRIBUTE Service-Type 6 integer ATTRIBUTE Framed-Protocol 7 integer +ATTRIBUTE Framed-IP-Address 8 ipv4addr +ATTRIBUTE Framed-IP-Netmask 9 ipv4addr +ATTRIBUTE Framed-Routing 10 integer +ATTRIBUTE Filter-Id 11 string +ATTRIBUTE Framed-MTU 12 integer +ATTRIBUTE Framed-Compression 13 integer +ATTRIBUTE Login-IP-Host 14 ipv4addr +ATTRIBUTE Login-Service 15 integer +ATTRIBUTE Login-TCP-Port 16 integer +ATTRIBUTE Reply-Message 18 string +ATTRIBUTE Callback-Number 19 string +ATTRIBUTE Callback-Id 20 string +ATTRIBUTE Framed-Route 22 string +ATTRIBUTE Framed-IPX-Network 23 ipv4addr +ATTRIBUTE State 24 string +ATTRIBUTE Class 25 string +ATTRIBUTE Vendor-Specific 26 string +ATTRIBUTE Session-Timeout 27 integer +ATTRIBUTE Idle-Timeout 28 integer +ATTRIBUTE Termination-Action 29 integer +ATTRIBUTE Called-Station-Id 30 string +ATTRIBUTE Calling-Station-Id 31 string ATTRIBUTE NAS-Identifier 32 string +ATTRIBUTE Proxy-State 33 string +ATTRIBUTE Login-LAT-Service 34 string +ATTRIBUTE Login-LAT-Node 35 string +ATTRIBUTE Login-LAT-Group 36 string +ATTRIBUTE Framed-AppleTalk-Link 37 integer +ATTRIBUTE Framed-AppleTalk-Network 38 integer +ATTRIBUTE Framed-AppleTalk-Zone 39 string +ATTRIBUTE Acct-Status-Type 40 integer +ATTRIBUTE Acct-Delay-Time 41 integer ATTRIBUTE Acct-Input-Octets 42 integer ATTRIBUTE Acct-Output-Octets 43 integer ATTRIBUTE Acct-Session-Id 44 string +ATTRIBUTE Acct-Authentic 45 integer +ATTRIBUTE Acct-Session-Time 46 integer +ATTRIBUTE Acct-Input-Packets 47 integer +ATTRIBUTE Acct-Output-Packets 48 integer +ATTRIBUTE Acct-Terminate-Cause 49 integer +ATTRIBUTE Acct-Multi-Session-Id 50 string +ATTRIBUTE Acct-Link-Count 51 integer ATTRIBUTE Acct-Input-Gigawords 52 integer ATTRIBUTE Acct-Output-Gigawords 53 integer -ATTRIBUTE Acct-Interim-Interval 85 integer +ATTRIBUTE Event-Timestamp 55 integer +ATTRIBUTE Egress-VLANID 56 string +ATTRIBUTE Ingress-Filters 57 integer +ATTRIBUTE Egress-VLAN-Name 58 string +ATTRIBUTE User-Priority-Table 59 string +ATTRIBUTE CHAP-Challenge 60 string +ATTRIBUTE NAS-Port-Type 61 integer +ATTRIBUTE Port-Limit 62 integer +ATTRIBUTE Login-LAT-Port 63 integer +ATTRIBUTE Tunnel-Type 64 string +ATTRIBUTE Tunnel-Medium-Type 65 string +ATTRIBUTE Tunnel-Client-Endpoint 66 string +ATTRIBUTE Tunnel-Server-Endpoint 67 string +ATTRIBUTE Acct-Tunnel-Connection 68 string +ATTRIBUTE Tunnel-Password 69 string +ATTRIBUTE ARAP-Password 70 string +ATTRIBUTE ARAP-Features 71 string +ATTRIBUTE ARAP-Zone-Access 72 integer +ATTRIBUTE ARAP-Security 73 integer +ATTRIBUTE ARAP-Security-Data 74 string +ATTRIBUTE Password-Retry 75 integer +ATTRIBUTE Prompt 76 integer ATTRIBUTE Connect-Info 77 string - - -########################### -# IPv4 attributes # -########################### - -# sets local IPv4 address in link: -ATTRIBUTE NAS-IP-Address 4 ipaddr -# sets remote IPv4 address in link: -ATTRIBUTE Framed-IP-Address 8 ipaddr -ATTRIBUTE Framed-IP-Netmask 9 ipaddr - -# sets routes (quite a kludge as it requires to have -# a CIDR string) -ATTRIBUTE Framed-Route 22 string - -# Sets group name using format "OU=group1;group2" -# Note that this works only when groupconfig is set to -# true, and if the groups sent by the server are made known -# to ocserv, via the select-group variable. -ATTRIBUTE Class 25 string - -# sets DNS servers -VENDOR Microsoft 311 - -BEGIN-VENDOR Microsoft - -ATTRIBUTE MS-Primary-DNS-Server 28 ipaddr -ATTRIBUTE MS-Secondary-DNS-Server 29 ipaddr - -END-VENDOR Microsoft - - -############################ -# IPv6 attributes # -############################ - -# sets local IPv6 address in link: -ATTRIBUTE NAS-IPv6-Address 95 string - -# sets remote IPv6 subnet in link: -ATTRIBUTE Delegated-IPv6-Prefix 123 ipv6prefix - -# sets remote IPv6 address in link: +ATTRIBUTE Configuration-Token 78 string +ATTRIBUTE EAP-Message 79 string +ATTRIBUTE Message-Authenticator 80 string +ATTRIBUTE Tunnel-Private-Group-ID 81 string +ATTRIBUTE Tunnel-Assignment-ID 82 string +ATTRIBUTE Tunnel-Preference 83 string +ATTRIBUTE ARAP-Challenge-Response 84 string +ATTRIBUTE Acct-Interim-Interval 85 integer +ATTRIBUTE Acct-Tunnel-Packets-Lost 86 integer +ATTRIBUTE NAS-Port-Id-String 87 string +ATTRIBUTE Framed-Pool 88 string +ATTRIBUTE Chargeable-User-Identity 89 string +ATTRIBUTE Tunnel-Client-Auth-ID 90 string +ATTRIBUTE Tunnel-Server-Auth-ID 91 string +ATTRIBUTE NAS-Filter-Rule 92 string +ATTRIBUTE Originating-Line-Info 94 string +ATTRIBUTE NAS-IPv6-Address 95 ipv6addr +ATTRIBUTE Framed-Interface-Id 96 string +ATTRIBUTE Framed-IPv6-Prefix 97 ipv6prefix +ATTRIBUTE Login-IPv6-Host 98 ipv6addr +ATTRIBUTE Framed-IPv6-Route 99 string +ATTRIBUTE Framed-IPv6-Pool 100 string +ATTRIBUTE Error-Cause 101 integer +ATTRIBUTE EAP-Key-Name 102 string + +# +# RFC6911 IPv6 attributes +# +ATTRIBUTE Delegated-IPv6-Prefix 123 ipv6prefix ATTRIBUTE Framed-IPv6-Address 168 ipv6addr - -# sets DNS servers ATTRIBUTE DNS-Server-IPv6-Address 169 ipv6addr - -# Sets IPv6 routes -ATTRIBUTE Framed-IPv6-Prefix 97 ipv6prefix ATTRIBUTE Route-IPv6-Information 170 ipv6prefix + +ATTRIBUTE Huntgroup-Name 221 string +# +# Non-Protocol Attributes +# These attributes are used internally by the server +# +ATTRIBUTE Expiration 21 date +ATTRIBUTE Auth-Type 1000 integer +ATTRIBUTE Menu 1001 string +ATTRIBUTE Termination-Menu 1002 string +ATTRIBUTE Prefix 1003 string +ATTRIBUTE Suffix 1004 string +ATTRIBUTE Group 1005 string +ATTRIBUTE Crypt-Password 1006 string +ATTRIBUTE Connect-Rate 1007 integer +ATTRIBUTE User-Category 1029 string +ATTRIBUTE Group-Name 1030 string +ATTRIBUTE Simultaneous-Use 1034 integer +ATTRIBUTE Strip-User-Name 1035 integer +ATTRIBUTE Fall-Through 1036 integer +ATTRIBUTE Add-Port-To-IP-Address 1037 integer +ATTRIBUTE Exec-Program 1038 string +ATTRIBUTE Exec-Program-Wait 1039 string +ATTRIBUTE Hint 1040 string + + +# +# Integer Translations +# + +# User Types + +VALUE Service-Type Login-User 1 +VALUE Service-Type Framed-User 2 +VALUE Service-Type Callback-Login-User 3 +VALUE Service-Type Callback-Framed-User 4 +VALUE Service-Type Outbound-User 5 +VALUE Service-Type Administrative-User 6 +VALUE Service-Type NAS-Prompt-User 7 +VALUE Service-Type Authenticate-Only 8 +VALUE Service-Type Callback-NAS-Prompt 9 +VALUE Service-Type Call-Check 10 +VALUE Service-Type Callback-Administrative 11 + +# Framed Protocols + +VALUE Framed-Protocol PPP 1 +VALUE Framed-Protocol SLIP 2 +VALUE Framed-Protocol ARAP 3 +VALUE Framed-Protocol GANDALF-SLMLP 4 +VALUE Framed-Protocol XYLOGICS-IPX-SLIP 5 +VALUE Framed-Protocol X75 6 + +# Framed Routing Values + +VALUE Framed-Routing None 0 +VALUE Framed-Routing Broadcast 1 +VALUE Framed-Routing Listen 2 +VALUE Framed-Routing Broadcast-Listen 3 + +# Framed Compression Types + +VALUE Framed-Compression None 0 +VALUE Framed-Compression Van-Jacobson-TCP-IP 1 +VALUE Framed-Compression IPX-Header 2 +VALUE Framed-Compression Stac-LZS 3 + +# Login Services + +VALUE Login-Service Telnet 0 +VALUE Login-Service Rlogin 1 +VALUE Login-Service TCP-Clear 2 +VALUE Login-Service PortMaster 3 +VALUE Login-Service LAT 4 +VALUE Login-Service X.25-PAD 5 +VALUE Login-Service X.25-T3POS 6 +VALUE Login-Service TCP-Clear-Quiet 8 + +# Status Types + +VALUE Acct-Status-Type Start 1 +VALUE Acct-Status-Type Stop 2 +VALUE Acct-Status-Type Alive 3 +VALUE Acct-Status-Type Accounting-On 7 +VALUE Acct-Status-Type Accounting-Off 8 + +# Authentication Types + +VALUE Acct-Authentic RADIUS 1 +VALUE Acct-Authentic Local 2 +VALUE Acct-Authentic Remote 3 + +# Termination Options + +VALUE Termination-Action Default 0 +VALUE Termination-Action RADIUS-Request 1 + +# NAS Port Types, available in 3.3.1 and later + +VALUE NAS-Port-Type Async 0 +VALUE NAS-Port-Type Sync 1 +VALUE NAS-Port-Type ISDN 2 +VALUE NAS-Port-Type ISDN-V120 3 +VALUE NAS-Port-Type ISDN-V110 4 +VALUE NAS-Port-Type Virtual 5 +VALUE NAS-Port-Type PIAFS 6 +VALUE NAS-Port-Type HDLC-Clear-Channel 7 +VALUE NAS-Port-Type X.25 8 +VALUE NAS-Port-Type X.75 9 +VALUE NAS-Port-Type G.3-Fax 10 +VALUE NAS-Port-Type SDSL 11 +VALUE NAS-Port-Type ADSL-CAP 12 +VALUE NAS-Port-Type ADSL-DMT 13 +VALUE NAS-Port-Type IDSL 14 +VALUE NAS-Port-Type Ethernet 15 + +# Acct Terminate Causes, available in 3.3.2 and later + +VALUE Acct-Terminate-Cause User-Request 1 +VALUE Acct-Terminate-Cause Lost-Carrier 2 +VALUE Acct-Terminate-Cause Lost-Service 3 +VALUE Acct-Terminate-Cause Idle-Timeout 4 +VALUE Acct-Terminate-Cause Session-Timeout 5 +VALUE Acct-Terminate-Cause Admin-Reset 6 +VALUE Acct-Terminate-Cause Admin-Reboot 7 +VALUE Acct-Terminate-Cause Port-Error 8 +VALUE Acct-Terminate-Cause NAS-Error 9 +VALUE Acct-Terminate-Cause NAS-Request 10 +VALUE Acct-Terminate-Cause NAS-Reboot 11 +VALUE Acct-Terminate-Cause Port-Unneeded 12 +VALUE Acct-Terminate-Cause Port-Preempted 13 +VALUE Acct-Terminate-Cause Port-Suspended 14 +VALUE Acct-Terminate-Cause Service-Unavailable 15 +VALUE Acct-Terminate-Cause Callback 16 +VALUE Acct-Terminate-Cause User-Error 17 +VALUE Acct-Terminate-Cause Host-Request 18 + +# +# Non-Protocol Integer Translations +# + +VALUE Auth-Type Local 0 +VALUE Auth-Type System 1 +VALUE Auth-Type SecurID 2 +VALUE Auth-Type Crypt-Local 3 +VALUE Auth-Type Reject 4 + +# +# Cistron extensions +# +VALUE Auth-Type Pam 253 +VALUE Auth-Type Accept 254 + +# +# Experimental Non-Protocol Integer Translations for Cistron-Radiusd +# +VALUE Fall-Through No 0 +VALUE Fall-Through Yes 1 +VALUE Add-Port-To-IP-Address No 0 +VALUE Add-Port-To-IP-Address Yes 1 + ```