diff options
author | Alexis La Goutte <alexis.lagoutte@gmail.com> | 2014-11-26 20:08:07 +0100 |
---|---|---|
committer | Anders Broman <a.broman58@gmail.com> | 2014-11-28 04:43:17 +0000 |
commit | 3f8576157be83d746cc200991f6fc5149833e8ce (patch) | |
tree | 423e4ab9cce2a3ac66b614d2c029965b90282f50 /radius | |
parent | 8839d7b4526656a04ef563651bbd03ac001c3a66 (diff) |
RADIUS: Sync with FreeRADIUS Master
commit 30dac6d3dc87aaaa9c29ecdb33874fa57c2bcbc6
Author: Alan T. DeKok <aland@freeradius.org>
Date: Tue Nov 25 16:45:45 2014 -0500
as found on the net
commit ee79c59d3a1cae76fcb1940710d9a0f7fbdf8427
Author: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Date: Thu Nov 13 17:39:46 2014 -0500
Add memcached rlm_cache_driver
commit 6277960bc830891123b00400af56912e51d4d311
Author: Alan T. DeKok <aland@freeradius.org>
Date: Tue Oct 28 17:01:49 2014 -0400
Add FreeRADIUS-Response-Delay-USec
Change-Id: I705d0e852d38eaace4f71cfc0a38ecdd41c0b58f
Reviewed-on: https://code.wireshark.org/review/5510
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'radius')
-rw-r--r-- | radius/dictionary | 2 | ||||
-rw-r--r-- | radius/dictionary.arbor | 19 | ||||
-rw-r--r-- | radius/dictionary.freeradius.internal | 362 | ||||
-rw-r--r-- | radius/dictionary.meinberg | 17 |
4 files changed, 340 insertions, 60 deletions
diff --git a/radius/dictionary b/radius/dictionary index 8c81daa8e3..bdfc179471 100644 --- a/radius/dictionary +++ b/radius/dictionary @@ -143,6 +143,7 @@ $INCLUDE dictionary.alcatel-lucent.aaa $INCLUDE dictionary.alteon $INCLUDE dictionary.alvarion $INCLUDE dictionary.apc +$INCLUDE dictionary.arbor $INCLUDE dictionary.aruba $INCLUDE dictionary.azaire $INCLUDE dictionary.ascend @@ -210,6 +211,7 @@ $INCLUDE dictionary.livingston $INCLUDE dictionary.localweb $INCLUDE dictionary.lucent $INCLUDE dictionary.manzara +$INCLUDE dictionary.meinberg $INCLUDE dictionary.merit $INCLUDE dictionary.meru $INCLUDE dictionary.microsoft diff --git a/radius/dictionary.arbor b/radius/dictionary.arbor new file mode 100644 index 0000000000..91dce9f662 --- /dev/null +++ b/radius/dictionary.arbor @@ -0,0 +1,19 @@ +# -*- text -*- +# Copyright (C) 2014 The FreeRADIUS Server project and contributors +############################################################################## +# +# Arbor networks. +# +# $Id: 97ed3c7cb058ef82af27ca701fc52fad0b452086 $ +# +############################################################################## + +VENDOR Arbor 9694 + +BEGIN-VENDOR Arbor + +# Arbor-Privilege-Level = "sytem_admin or system_analyst or system_user" + +ATTRIBUTE Arbor-Privilege-Level 1 string + +END-VENDOR Arbor diff --git a/radius/dictionary.freeradius.internal b/radius/dictionary.freeradius.internal index 933bfeede3..d75e9d6974 100644 --- a/radius/dictionary.freeradius.internal +++ b/radius/dictionary.freeradius.internal @@ -1,8 +1,9 @@ # -*- text -*- +# Copyright (C) 2011 The FreeRADIUS Server project and contributors # # Non Protocol Attributes used by FreeRADIUS # -# $Id$ +# $Id: b830d56623fc3aad78122fa6af04ce66416123b6 $ # # The attributes number ranges are allocates as follows: @@ -12,6 +13,7 @@ # These attributes CAN go in the reply item list. ATTRIBUTE Fall-Through 500 integer +ATTRIBUTE Relax-Filter 501 integer ATTRIBUTE Exec-Program 502 string ATTRIBUTE Exec-Program-Wait 503 string @@ -56,10 +58,9 @@ ATTRIBUTE EAP-Type 1018 integer ATTRIBUTE EAP-TLS-Require-Client-Cert 1019 integer ATTRIBUTE EAP-Id 1020 integer ATTRIBUTE EAP-Code 1021 integer -# Attribute 1022 unused, was EAP-MD5-Password, which was -# used only be radeapclient. It's been replaced by Cleartext-Password +ATTRIBUTE EAP-MD5-Password 1022 string ATTRIBUTE PEAP-Version 1023 integer -ATTRIBUTE Client-Shortname 1024 string +ATTRIBUTE Client-Shortname 1024 string virtual ATTRIBUTE Load-Balance-Key 1025 string ATTRIBUTE Raw-Attribute 1026 octets ATTRIBUTE TNC-VLAN-Access 1027 string @@ -76,12 +77,12 @@ ATTRIBUTE Stripped-User-Name 1043 string ATTRIBUTE Current-Time 1044 string ATTRIBUTE Realm 1045 string ATTRIBUTE No-Such-Attribute 1046 string -ATTRIBUTE Packet-Type 1047 integer +ATTRIBUTE Packet-Type 1047 integer virtual ATTRIBUTE Proxy-To-Realm 1048 string ATTRIBUTE Replicate-To-Realm 1049 string ATTRIBUTE Acct-Session-Start-Time 1050 date ATTRIBUTE Acct-Unique-Session-Id 1051 string -ATTRIBUTE Client-IP-Address 1052 ipaddr +ATTRIBUTE Client-IP-Address 1052 ipaddr virtual ATTRIBUTE Ldap-UserDn 1053 string ATTRIBUTE NS-MTA-MD5-Password 1054 string ATTRIBUTE SQL-User-Name 1055 string @@ -107,33 +108,31 @@ ATTRIBUTE Module-Failure-Message 1076 string # X99-Fast 1077 integer ATTRIBUTE Rewrite-Rule 1078 string ATTRIBUTE Sql-Group 1079 string -ATTRIBUTE Response-Packet-Type 1080 integer +ATTRIBUTE Response-Packet-Type 1080 integer virtual ATTRIBUTE Digest-HA1 1081 string ATTRIBUTE MS-CHAP-Use-NTLM-Auth 1082 integer ATTRIBUTE NTLM-User-Name 1083 string ATTRIBUTE MS-CHAP-User-Name 1083 string -ATTRIBUTE Packet-Src-IP-Address 1084 ipaddr -ATTRIBUTE Packet-Dst-IP-Address 1085 ipaddr -ATTRIBUTE Packet-Src-Port 1086 integer -ATTRIBUTE Packet-Dst-Port 1087 integer -ATTRIBUTE Packet-Authentication-Vector 1088 octets +ATTRIBUTE Packet-Src-IP-Address 1084 ipaddr virtual +ATTRIBUTE Packet-Dst-IP-Address 1085 ipaddr virtual +ATTRIBUTE Packet-Src-Port 1086 integer virtual +ATTRIBUTE Packet-Dst-Port 1087 integer virtual +ATTRIBUTE Packet-Authentication-Vector 1088 octets virtual ATTRIBUTE Time-Of-Day 1089 string -ATTRIBUTE Request-Processing-Stage 1090 string -ATTRIBUTE Cache-No-Caching 1091 string -ATTRIBUTE Cache-Delete-Cache 1092 string +ATTRIBUTE Request-Processing-Stage 1090 string virtual +ATTRIBUTE SHA2-Password 1092 octets ATTRIBUTE SHA-Password 1093 octets ATTRIBUTE SSHA-Password 1094 octets ATTRIBUTE SHA1-Password 1093 octets ATTRIBUTE SSHA1-Password 1094 octets ATTRIBUTE MD5-Password 1095 octets ATTRIBUTE SMD5-Password 1096 octets -ATTRIBUTE Packet-Src-IPv6-Address 1097 ipv6addr -ATTRIBUTE Packet-Dst-IPv6-Address 1098 ipv6addr -ATTRIBUTE Virtual-Server 1099 string +ATTRIBUTE Packet-Src-IPv6-Address 1097 ipv6addr virtual +ATTRIBUTE Packet-Dst-IPv6-Address 1098 ipv6addr virtual +ATTRIBUTE Virtual-Server 1099 string virtual ATTRIBUTE Cleartext-Password 1100 string ATTRIBUTE Password-With-Header 1101 string ATTRIBUTE Inner-Tunnel-User-Name 1102 string - # # EAP-IKEv2 is experimental. # @@ -162,7 +161,7 @@ ATTRIBUTE Send-CoA-Request 1107 integer VALUE Send-CoA-Request No 0 VALUE Send-CoA-Request Yes 1 -ATTRIBUTE Module-Return-Code 1108 integer +ATTRIBUTE Module-Return-Code 1108 integer virtual VALUE Module-Return-Code reject 0 VALUE Module-Return-Code fail 1 @@ -180,6 +179,8 @@ ATTRIBUTE Home-Server-Pool 1111 string ATTRIBUTE FreeRADIUS-Client-IP-Address 1120 ipaddr ATTRIBUTE FreeRADIUS-Client-IPv6-Address 1121 ipv6addr +# The rest of the FreeRADIUS-Client-* attributes are at 1150... + ATTRIBUTE FreeRADIUS-Client-Require-MA 1122 integer VALUE FreeRADIUS-Client-Require-MA no 0 @@ -216,6 +217,69 @@ ATTRIBUTE Send-CoA-Type 1132 integer ATTRIBUTE MS-CHAP-Password 1133 string ATTRIBUTE Packet-Transmit-Counter 1134 integer ATTRIBUTE Cached-Session-Policy 1135 string +ATTRIBUTE MS-CHAP-New-Cleartext-Password 1136 string +ATTRIBUTE MS-CHAP-New-NT-Password 1137 octets + +# For default policies + +ATTRIBUTE Stripped-User-Domain 1138 string +ATTRIBUTE Called-Station-SSID 1139 string + +VALUE Cache-Status-Only no 0 +VALUE Cache-Status-Only yes 1 + +VALUE Cache-Merge no 0 +VALUE Cache-Merge yes 1 + +VALUE Cache-Read-Only no 0 +VALUE Cache-Read-Only yes 1 + +ATTRIBUTE OTP-Challenge 1145 string +ATTRIBUTE EAP-Session-Id 1146 octets +ATTRIBUTE Chbind-Response-Code 1147 integer + +ATTRIBUTE Chbind-Response-Code 1147 integer + +VALUE Chbind-Response-Code success 2 +VALUE Chbind-Response-Code failure 3 + +# +# Server-side "listen type = foo" +# +ATTRIBUTE Listen-Socket-Type 1147 integer + +VALUE Listen-Socket-Type none 0 +VALUE Listen-Socket-Type status 0 +VALUE Listen-Socket-Type proxy 1 +VALUE Listen-Socket-Type auth 2 +VALUE Listen-Socket-Type auth+acct 2 +VALUE Listen-Socket-Type acct 3 +VALUE Listen-Socket-Type detail 4 +VALUE Listen-Socket-Type vmps 5 +VALUE Listen-Socket-Type dhcp 6 +VALUE Listen-Socket-Type control 7 +VALUE Listen-Socket-Type coa 8 + +ATTRIBUTE Acct-Input-Octets64 1148 integer64 +ATTRIBUTE Acct-Output-Octets64 1149 integer64 + +ATTRIBUTE FreeRADIUS-Client-IP-Prefix 1150 ipv4prefix +ATTRIBUTE FreeRADIUS-Client-IPv6-Prefix 1151 ipv6prefix +ATTRIBUTE FreeRADIUS-Response-Delay 1152 integer +ATTRIBUTE FreeRADIUS-Client-Src-IP-Address 1153 ipaddr +ATTRIBUTE FreeRADIUS-Client-Src-IPv6-Address 1154 ipv6addr +ATTRIBUTE FreeRADIUS-Response-Delay-USec 1155 integer + +ATTRIBUTE REST-HTTP-Header 1160 string +ATTRIBUTE REST-HTTP-Body 1161 string + +ATTRIBUTE Cache-Expires 1170 date +ATTRIBUTE Cache-Created 1171 date +ATTRIBUTE Cache-TTL 1172 signed +ATTRIBUTE Cache-Status-Only 1173 integer +ATTRIBUTE Cache-Merge 1174 integer +ATTRIBUTE Cache-Entry-Hits 1175 integer +ATTRIBUTE Cache-Read-Only 1176 integer # # Range: 1200-1279 @@ -246,28 +310,80 @@ ATTRIBUTE EAP-Sim-HMAC 1209 string ATTRIBUTE EAP-Sim-KEY 1210 octets ATTRIBUTE EAP-Sim-EXTRA 1211 octets -ATTRIBUTE EAP-Sim-KC1 1212 octets -ATTRIBUTE EAP-Sim-KC2 1213 octets -ATTRIBUTE EAP-Sim-KC3 1214 octets +ATTRIBUTE EAP-Sim-Kc1 1212 octets +ATTRIBUTE EAP-Sim-Kc2 1213 octets +ATTRIBUTE EAP-Sim-Kc3 1214 octets + +ATTRIBUTE EAP-Sim-Ki 1215 octets +ATTRIBUTE EAP-Sim-Algo-Version 1216 integer # # Range: 1280 - 1535 # EAP-type specific attributes # - -# these are PW_EAP_X + 1280 -ATTRIBUTE EAP-Type-Identity 1281 string -ATTRIBUTE EAP-Type-Notification 1282 string -ATTRIBUTE EAP-Type-NAK 1283 string -ATTRIBUTE EAP-Type-MD5 1284 octets -ATTRIBUTE EAP-Type-OTP 1285 string -ATTRIBUTE EAP-Type-GTC 1286 string -ATTRIBUTE EAP-Type-TLS 1297 octets +# These are used mostly for radeapclient, and aren't +# that useful for anyone else. +# +# egrep VALUE dictionary.freeradius.internal | grep EAP-Type | awk '{print "ATTRIBUTE EAP-Type-" $3 " " 1280+$4 " octets"}' > foo;./format.pl foo +# +ATTRIBUTE EAP-Type-Base 1280 octets +ATTRIBUTE EAP-Type-VALUE 1280 octets +ATTRIBUTE EAP-Type-None 1280 octets +ATTRIBUTE EAP-Type-Identity 1281 octets +ATTRIBUTE EAP-Type-Notification 1282 octets +ATTRIBUTE EAP-Type-NAK 1283 octets +ATTRIBUTE EAP-Type-MD5-Challenge 1284 octets +ATTRIBUTE EAP-Type-One-Time-Password 1285 octets +ATTRIBUTE EAP-Type-Generic-Token-Card 1286 octets +ATTRIBUTE EAP-Type-RSA-Public-Key 1289 octets +ATTRIBUTE EAP-Type-DSS-Unilateral 1290 octets +ATTRIBUTE EAP-Type-KEA 1291 octets +ATTRIBUTE EAP-Type-KEA-Validate 1292 octets +ATTRIBUTE EAP-Type-EAP-TLS 1293 octets +ATTRIBUTE EAP-Type-Defender-Token 1294 octets +ATTRIBUTE EAP-Type-RSA-SecurID-EAP 1295 octets +ATTRIBUTE EAP-Type-Arcot-Systems-EAP 1296 octets +ATTRIBUTE EAP-Type-Cisco-LEAP 1297 octets +ATTRIBUTE EAP-Type-Nokia-IP-Smart-Card 1298 octets ATTRIBUTE EAP-Type-SIM 1298 octets -ATTRIBUTE EAP-Type-LEAP 1301 octets -ATTRIBUTE EAP-Type-SIM2 1302 octets -ATTRIBUTE EAP-Type-TTLS 1305 octets -ATTRIBUTE EAP-Type-PEAP 1309 octets +ATTRIBUTE EAP-Type-SRP-SHA1 1299 octets +ATTRIBUTE EAP-Type-EAP-TTLS 1301 octets +ATTRIBUTE EAP-Type-Remote-Access-Service 1302 octets +ATTRIBUTE EAP-Type-AKA 1303 octets +ATTRIBUTE EAP-Type-EAP-3Com-Wireless 1304 octets +ATTRIBUTE EAP-Type-PEAP 1305 octets +ATTRIBUTE EAP-Type-MS-EAP-Authentication 1306 octets +ATTRIBUTE EAP-Type-MAKE 1307 octets +ATTRIBUTE EAP-Type-CRYPTOCard 1308 octets +ATTRIBUTE EAP-Type-EAP-MSCHAP-V2 1309 octets +ATTRIBUTE EAP-Type-DynamID 1310 octets +ATTRIBUTE EAP-Type-Rob-EAP 1311 octets +ATTRIBUTE EAP-Type-SecurID-EAP 1312 octets +ATTRIBUTE EAP-Type-MS-Authentication-TLV 1313 octets +ATTRIBUTE EAP-Type-SentriNET 1314 octets +ATTRIBUTE EAP-Type-EAP-Actiontec-Wireless 1315 octets +ATTRIBUTE EAP-Type-Cogent-Biomentric-EAP 1316 octets +ATTRIBUTE EAP-Type-AirFortress-EAP 1317 octets +ATTRIBUTE EAP-Type-EAP-HTTP-Digest 1318 octets +ATTRIBUTE EAP-Type-SecuriSuite-EAP 1319 octets +ATTRIBUTE EAP-Type-DeviceConnect-EAP 1320 octets +ATTRIBUTE EAP-Type-EAP-SPEKE 1321 octets +ATTRIBUTE EAP-Type-EAP-MOBAC 1322 octets +ATTRIBUTE EAP-Type-EAP-FAST 1323 octets +ATTRIBUTE EAP-Type-Zonelabs 1324 octets +ATTRIBUTE EAP-Type-EAP-Link 1325 octets +ATTRIBUTE EAP-Type-EAP-PAX 1326 octets +ATTRIBUTE EAP-Type-EAP-PSK 1327 octets +ATTRIBUTE EAP-Type-EAP-SAKE 1328 octets +ATTRIBUTE EAP-Type-EAP-IKEv2 1329 octets +ATTRIBUTE EAP-Type-EAP-AKA2 1330 octets +ATTRIBUTE EAP-Type-EAP-GPSK 1331 octets +ATTRIBUTE EAP-Type-EAP-PWD 1332 octets +ATTRIBUTE EAP-Type-EAP-EVEv1 1333 octets + +ATTRIBUTE EAP-Type-Microsoft-MS-CHAPv2 1306 octets +ATTRIBUTE EAP-Type-Cisco-MS-CHAPv2 1309 octets +ATTRIBUTE EAP-Type-MS-CHAP-V2 1306 octets # # Range: 1536 - 1791 @@ -275,6 +391,7 @@ ATTRIBUTE EAP-Type-PEAP 1309 octets # # these are PW_EAP_SIM_X + 1536 +ATTRIBUTE EAP_Sim-Base 1536 octets ATTRIBUTE EAP-Sim-RAND 1537 octets ATTRIBUTE EAP-Sim-PADDING 1542 octets ATTRIBUTE EAP-Sim-NONCE_MT 1543 octets @@ -332,6 +449,63 @@ ATTRIBUTE Tmp-IP-Address-7 1827 ipaddr ATTRIBUTE Tmp-IP-Address-8 1828 ipaddr ATTRIBUTE Tmp-IP-Address-9 1829 ipaddr +ATTRIBUTE Tmp-Octets-0 1830 octets +ATTRIBUTE Tmp-Octets-1 1831 octets +ATTRIBUTE Tmp-Octets-2 1832 octets +ATTRIBUTE Tmp-Octets-3 1833 octets +ATTRIBUTE Tmp-Octets-4 1834 octets +ATTRIBUTE Tmp-Octets-5 1835 octets +ATTRIBUTE Tmp-Octets-6 1836 octets +ATTRIBUTE Tmp-Octets-7 1837 octets +ATTRIBUTE Tmp-Octets-8 1838 octets +ATTRIBUTE Tmp-Octets-9 1839 octets + +ATTRIBUTE Tmp-Date-0 1840 date +ATTRIBUTE Tmp-Date-1 1841 date +ATTRIBUTE Tmp-Date-2 1842 date +ATTRIBUTE Tmp-Date-3 1843 date +ATTRIBUTE Tmp-Date-4 1844 date +ATTRIBUTE Tmp-Date-5 1845 date +ATTRIBUTE Tmp-Date-6 1846 date +ATTRIBUTE Tmp-Date-7 1847 date +ATTRIBUTE Tmp-Date-8 1848 date +ATTRIBUTE Tmp-Date-9 1849 date + +ATTRIBUTE Tmp-Integer64-0 1871 integer64 +ATTRIBUTE Tmp-Integer64-1 1872 integer64 +ATTRIBUTE Tmp-Integer64-2 1873 integer64 +ATTRIBUTE Tmp-Integer64-3 1874 integer64 +ATTRIBUTE Tmp-Integer64-4 1875 integer64 +ATTRIBUTE Tmp-Integer64-5 1876 integer64 +ATTRIBUTE Tmp-Integer64-6 1877 integer64 +ATTRIBUTE Tmp-Integer64-7 1878 integer64 +ATTRIBUTE Tmp-Integer64-8 1879 integer64 +ATTRIBUTE Tmp-Integer64-9 1880 integer64 +# +# These attributes shouldn't be used anywhere. They are defined here +# only for casting of values in conditional expressions. +# +# The order and number need to be consistent with the typedefs used +# in the server source. +# +ATTRIBUTE Tmp-Cast-String 1851 string +ATTRIBUTE Tmp-Cast-Integer 1852 integer +ATTRIBUTE Tmp-Cast-Ipaddr 1853 ipaddr +ATTRIBUTE Tmp-Cast-Date 1854 date +ATTRIBUTE Tmp-Cast-Abinary 1855 abinary +ATTRIBUTE Tmp-Cast-Octets 1856 octets +ATTRIBUTE Tmp-Cast-Ifid 1857 ifid +ATTRIBUTE Tmp-Cast-IPv6Addr 1858 ipv6addr +ATTRIBUTE Tmp-Cast-IPv6Prefix 1859 ipv6prefix +ATTRIBUTE Tmp-Cast-Byte 1860 byte +ATTRIBUTE Tmp-Cast-Short 1861 short +ATTRIBUTE Tmp-Cast-Ethernet 1862 ether +ATTRIBUTE Tmp-Cast-Signed 1863 signed +# don't use or define these +ATTRIBUTE Tmp-Cast-Integer64 1869 integer64 +ATTRIBUTE Tmp-Cast-IPv4Prefix 1870 ipv4prefix +# don't use or define VSA or MAX + # Range: 1900-1909 # WiMAX server-side attributes. # @@ -341,24 +515,78 @@ ATTRIBUTE Tmp-IP-Address-9 1829 ipaddr # these attributes. # ATTRIBUTE WiMAX-MN-NAI 1900 string -ATTRIBUTE WiMAX-FA-IP-Address 1901 ipaddr -ATTRIBUTE WiMAX-MN-FA 1902 octets ATTRIBUTE TLS-Cert-Serial 1910 string ATTRIBUTE TLS-Cert-Expiration 1911 string ATTRIBUTE TLS-Cert-Issuer 1912 string ATTRIBUTE TLS-Cert-Subject 1913 string ATTRIBUTE TLS-Cert-Common-Name 1914 string -# 1915 - 1919: reserved for future cert attributes +ATTRIBUTE TLS-Cert-Subject-Alt-Name-Email 1915 string +ATTRIBUTE TLS-Cert-Subject-Alt-Name-Dns 1916 string +ATTRIBUTE TLS-Cert-Subject-Alt-Name-Upn 1917 string +# 1918 - 1919: reserved for future cert attributes ATTRIBUTE TLS-Client-Cert-Serial 1920 string ATTRIBUTE TLS-Client-Cert-Expiration 1921 string ATTRIBUTE TLS-Client-Cert-Issuer 1922 string ATTRIBUTE TLS-Client-Cert-Subject 1923 string ATTRIBUTE TLS-Client-Cert-Common-Name 1924 string ATTRIBUTE TLS-Client-Cert-Filename 1925 string +ATTRIBUTE TLS-Client-Cert-Subject-Alt-Name-Email 1926 string +ATTRIBUTE TLS-Client-Cert-X509v3-Extended-Key-Usage 1927 string +ATTRIBUTE TLS-Client-Cert-X509v3-Subject-Key-Identifier 1928 string +ATTRIBUTE TLS-Client-Cert-X509v3-Authority-Key-Identifier 1929 string +ATTRIBUTE TLS-Client-Cert-X509v3-Basic-Constraints 1930 string +ATTRIBUTE TLS-Client-Cert-Subject-Alt-Name-Dns 1931 string +ATTRIBUTE TLS-Client-Cert-Subject-Alt-Name-Upn 1932 string +ATTRIBUTE TLS-PSK-Identity 1933 string + +# 1934 - 1939: reserved for future cert attributes # -# Range: 1910-2999 +# Range: 1940-2099 +# Free +# +# Range: 2100-2199 +# SoH attributes; FIXME: these should really be protocol attributes +# so that the SoH radius request can be proxied, but from which +# vendor? Sigh... +# +ATTRIBUTE SoH-MS-Machine-OS-vendor 2100 integer +VALUE SoH-MS-Machine-OS-vendor Microsoft 311 + +ATTRIBUTE SoH-MS-Machine-OS-version 2101 integer +ATTRIBUTE SoH-MS-Machine-OS-release 2102 integer +ATTRIBUTE SoH-MS-Machine-OS-build 2103 integer +ATTRIBUTE SoH-MS-Machine-SP-version 2104 integer +ATTRIBUTE SoH-MS-Machine-SP-release 2105 integer + +ATTRIBUTE SoH-MS-Machine-Processor 2106 integer +VALUE SoH-MS-Machine-Processor x86 0 +VALUE SoH-MS-Machine-Processor i64 6 +VALUE SoH-MS-Machine-Processor x86_64 9 + +ATTRIBUTE SoH-MS-Machine-Name 2107 string +ATTRIBUTE SoH-MS-Correlation-Id 2108 octets +ATTRIBUTE SoH-MS-Machine-Role 2109 integer +VALUE SoH-MS-Machine-Role client 1 +VALUE SoH-MS-Machine-Role dc 2 +VALUE SoH-MS-Machine-Role server 3 + +ATTRIBUTE SoH-Supported 2119 integer +VALUE SoH-Supported no 0 +VALUE SoH-Supported yes 1 + +ATTRIBUTE SoH-MS-Windows-Health-Status 2120 string +ATTRIBUTE SoH-MS-Health-Other 2129 string + +# +# Range: 2200-2219 +# Utilities bundled with the server +# +ATTRIBUTE Radclient-Test-Name 2200 string + +# +# Range: 2220-2999 # Free # # Range: 3000-3999 @@ -402,6 +630,7 @@ VALUE Auth-Type CRAM 1030 VALUE Auth-Type NS-MTA-MD5 1031 # 1032 is unused (was a duplicate of CRAM) VALUE Auth-Type SMB 1033 +VALUE Auth-Type MS-CHAP-V2 1034 # # Authorization type, too. @@ -421,6 +650,7 @@ VALUE Session-Type Local 0 # # And Post-Auth VALUE Post-Auth-Type Local 0 +VALUE Post-Auth-Type Reject 1 # # Experimental Non-Protocol Integer Translations for FreeRADIUS @@ -428,6 +658,9 @@ VALUE Post-Auth-Type Local 0 VALUE Fall-Through No 0 VALUE Fall-Through Yes 1 +VALUE Relax-Filter No 0 +VALUE Relax-Filter Yes 1 + VALUE Strip-User-Name No 0 VALUE Strip-User-Name Yes 1 @@ -516,55 +749,64 @@ VALUE EAP-Type Identity 1 VALUE EAP-Type Notification 2 VALUE EAP-Type NAK 3 VALUE EAP-Type MD5-Challenge 4 +VALUE EAP-Type MD5 4 VALUE EAP-Type One-Time-Password 5 +VALUE EAP-Type OTP 5 VALUE EAP-Type Generic-Token-Card 6 +VALUE EAP-Type GTC 6 VALUE EAP-Type RSA-Public-Key 9 VALUE EAP-Type DSS-Unilateral 10 VALUE EAP-Type KEA 11 VALUE EAP-Type KEA-Validate 12 -VALUE EAP-Type EAP-TLS 13 +VALUE EAP-Type TLS 13 VALUE EAP-Type Defender-Token 14 VALUE EAP-Type RSA-SecurID-EAP 15 VALUE EAP-Type Arcot-Systems-EAP 16 VALUE EAP-Type Cisco-LEAP 17 +VALUE EAP-Type LEAP 17 VALUE EAP-Type Nokia-IP-Smart-Card 18 VALUE EAP-Type SIM 18 -VALUE EAP-Type SRP-SHA1-Part-1 19 -VALUE EAP-Type SRP-SHA1-Part-2 20 -VALUE EAP-Type EAP-TTLS 21 +VALUE EAP-Type SRP-SHA1 19 +# 20 is unassigned +VALUE EAP-Type TTLS 21 VALUE EAP-Type Remote-Access-Service 22 -VALUE EAP-Type UMTS 23 -VALUE EAP-Type EAP-3Com-Wireless 24 +VALUE EAP-Type AKA 23 +VALUE EAP-Type 3Com-Wireless 24 VALUE EAP-Type PEAP 25 -VALUE EAP-Type MS-EAP-Authentication 26 +VALUE EAP-Type Microsoft-MS-CHAPv2 26 VALUE EAP-Type MAKE 27 VALUE EAP-Type CRYPTOCard 28 -VALUE EAP-Type EAP-MSCHAP-V2 29 +VALUE EAP-Type Cisco-MS-CHAPv2 29 VALUE EAP-Type DynamID 30 VALUE EAP-Type Rob-EAP 31 VALUE EAP-Type SecurID-EAP 32 VALUE EAP-Type MS-Authentication-TLV 33 VALUE EAP-Type SentriNET 34 -VALUE EAP-Type EAP-Actiontec-Wireless 35 +VALUE EAP-Type Actiontec-Wireless 35 VALUE EAP-Type Cogent-Biomentric-EAP 36 VALUE EAP-Type AirFortress-EAP 37 -VALUE EAP-Type EAP-HTTP-Digest 38 +VALUE EAP-Type HTTP-Digest 38 +VALUE EAP-Type TNC 38 VALUE EAP-Type SecuriSuite-EAP 39 VALUE EAP-Type DeviceConnect-EAP 40 -VALUE EAP-Type EAP-SPEKE 41 -VALUE EAP-Type EAP-MOBAC 42 - -# -# These are duplicate values, to get around the problem of -# having two MS-CHAPv2 EAP types. -# -VALUE EAP-Type Microsoft-MS-CHAPv2 26 -VALUE EAP-Type Cisco-MS-CHAPv2 29 +VALUE EAP-Type SPEKE 41 +VALUE EAP-Type MOBAC 42 +VALUE EAP-Type FAST 43 +VALUE EAP-Type Zonelabs 44 +VALUE EAP-Type Link 45 +VALUE EAP-Type PAX 46 +VALUE EAP-Type PSK 47 +VALUE EAP-Type SAKE 48 +VALUE EAP-Type IKEv2 49 +VALUE EAP-Type AKA2 50 +VALUE EAP-Type GPSK 51 +VALUE EAP-Type PWD 52 +VALUE EAP-Type EVEv1 53 # # And this is what most people mean by MS-CHAPv2 # -VALUE EAP-Type MS-CHAP-V2 26 +VALUE EAP-Type MSCHAPv2 26 # # This says TLS, but it's only valid for TTLS & PEAP. diff --git a/radius/dictionary.meinberg b/radius/dictionary.meinberg new file mode 100644 index 0000000000..2052a9ce83 --- /dev/null +++ b/radius/dictionary.meinberg @@ -0,0 +1,17 @@ +# -*- text -*- +# Copyright (C) 2014 The FreeRADIUS Server project and contributors +############################################################################## +# +# Meinberg +# +# $Id: 29364648e694338150f71f124cd62d9730f2366a $ +# +############################################################################## + +VENDOR Meinberg 5597 + +BEGIN-VENDOR Meinberg + +ATTRIBUTE MBG-Management-Privilege-Level 1 integer + +END-VENDOR Meinberg |