This section describes the RADIUS attributes and possible values of an attributes in the base schema.
Attribute Name |
Description |
Values |
---|---|---|
radiusArapFeatures |
The password information that the NAS should send to the user in an ARAP feature flags packet. |
|
radiusArapSecurity |
An ARAP security module to be used in an access-challenge packet. |
|
radiusArapZoneAccess |
Usage of the ARAP zone list for the user. |
1=Only allow access to the default zone 2=Use the zone filter inclusively 4=Use the zone filter exclusively |
radiusCallbackId |
The name of a place to be called or interpreted by the NAS. |
|
radiusCallbackNumber |
The dialing string to be used for callback. |
|
radiusCalledStationId |
Allows the NAS to use the Access-Request packet to send the phone number that the user called, using Dialed Number Identification (DNIS) or similar technology. |
|
radiusCallingStationId |
Allows the NAS to use the access-request packet to send the phone number that the call came from, using Automatic Number Identification (ANI) or similar technology. |
|
radiusClass |
Multivalued attribute sent by the RADIUS server to the client to be forwarded to the RADIUS accounting server. |
|
radiusFilterId |
The name of the filter list for the user. |
|
radiusFramedAppleTalkLink |
The AppleTalk network number that should be used for the serial link to the user, which is another AppleTalk router. |
|
radiusFramedAppleTalkNetwork |
The AppleTalk Network number that the NAS should probe to allocate an AppleTalk node for the user. |
|
radiusFramedAppleTalkZone |
The AppleTalk Default Zone to be used for this user. |
|
radiusFramedCompression |
The compression protocol to be used for the link. |
0=None 1=VJ TCP/IP header compression [10] 2=IPX header compression 3=Stac-LZS compression |
radiusFramedIPAddress |
The address to be configured for the user. |
IP address |
radiusFramedIPNetmask |
The IP netmask to be configured for the user. |
IP address |
radiusFramedIPXNetwork |
The PX network number to be configured for the user. |
|
radiusFramedMTU |
The maximum transmission unit to be configured for the user. |
|
radiusFramedProtocol |
The framing to be used for framed access. |
1=PPP 2=SLIP 3=AppleTalk Remote Access Protocol (ARAP) 4=Gandalf proprietary SingleLink/MultiLink protocol 5=Xylogics proprietary IPX/SLIP 6=X.75 Synchronous |
radiusFramedRoute |
Multivalued attribute for routing information to be configured for the user on the NAS. |
|
radiusFramedRouting |
The routing method for the user, when the user is a router to a network. |
0=None 1=Send routing packets 2=Listen for routing packets 3=Send and Listen |
radiusIdleTimeout |
Sets the maximum number of consecutive seconds of idle connection allowed to the user before termination of the session or prompt. |
|
radiusLoginIPHost |
Indicates the system to use for connecting to the user. |
|
radiusLoginLATGroup |
Describes the LAT group codes that the user is authorized to use. |
|
radiusLoginLATNode |
The node to use for automatically connecting the user through LAT. |
|
radiusLoginLATPort |
The port to use for connecting the user through LAT. |
|
radiusLoginLATService |
The system to use to connect the user through LAT. |
|
radiusLoginService |
The service to use to connect the user to the login host. |
0=Telnet 1=Rlogin 2=TCP Clear 3=PortMaster (proprietary) 4=LAT 5= X25-PAD 6= X25-T3POS 8=TCP Clear Quiet (suppresses any NAS-generated connect string) |
radiusLoginTCPPort |
The TCP port with which the user is to be connected. |
An integer i (0 < i < 65536). |
radiusPasswordRetry |
The number of authentication attempts a user is allowed to attempt before being disconnected. |
Integer. |
radiusPortLimit |
The maximum number of ports to be provided to the user by the NAS. |
Integer. |
radiusPrompt |
Indicates whether the NAS should echo the user’s response (to a challenge) as it is entered. |
0=No Echo 1=Echo |
radiusServiceType |
The type of service the user has requested or the type of service to be provided. |
1=Login 2=Framed 3=Callback Login 4=Callback Framed 5=Outbound 6=Administrative 7=NAS Prompt 8=Authenticate Only 9=Callback NAS Prompt 10=Call Check 11=Callback Administrative |
radiusSessionTimeout |
The maximum number of seconds of service to be provided to the user before termination of the session or prompt. |
Integer. |
radiusTerminationAction |
Indicates the kind of action the NAS should take when the specified service is completed. |
0=Default 1=RADIUS-Request |
radiusTunnelAssignmentId |
Multivalued attribute that is used to indicate to the tunnel initiator the particular tunnel to which a session is to be assigned. |
|
radiusTunnelMediumType |
Multilevel attribute used to indicate which transport medium to use when creating a tunnel for protocols (such as L2TP) that can operate over multiple transports. |
1 IPv4 (IP version 4) 2 IPv6 (IP version 6) 3 NSAP 4 HDLC (8-bit multidrop) 5 BBN 1822 6 802 (includes all 802 media plus Ethernet canonical format) 7 E.163 (POTS) 8 E.164 (SMDS, Frame Relay, ATM) 9 F.69 (Telex) 10 X.121 (X.25, Frame Relay) 11 IPX 12 Platelike 13 Decant IV 14 Banyan Vines 15 E.164 with NSAP format subduers |
radius Tunnel Password |
The password to be used to authenticate to a remote server. |
|
radius Tunnel Preference |
Multilevel attribute that should be included in each set to indicate the relative preference assigned to each tunnel, when more than one set of tunneling attributes is returned by the RADIUS server to the tunnel initiator. |
|
radius Tunnel Private Group Id |
Multilevel attribute that indicates the group ID for a particular tunneled session. |
|
radius Tunnel Server Endpoint |
Multilevel attribute that indicates the address of the server end of the tunnel. |
|
radius Tunnel Type |
Multivalued attribute that indicates the tunneling protocols to be used for a tunnel initiator or the tunneling protocol in use for a tunnel terminator. |
1 Point-to-Point Tunneling Protocol (PPTP) [1] 2 Layer Two Forwarding (L2F) [2] 3 Layer Two Tunneling Protocol (L2TP) [3] 4 Ascend Tunnel Management Protocol (ATMP) [4] 5 Virtual Tunneling Protocol (VTP) 6 IP Authentication Header in the Tunnel-mode (AH) [5] 7 IP-in-IP Encapsulation (IP-IP) [6] 8 Minimal IP-in-IP Encapsulation (MIN-IP-IP) [7] 9 IP Encapsulating Security Payload in the Tunnel-mode (ESP) [8] 10 Generic Route Encapsulation (GRE) [9] 11 Bay Dial Virtual Services (DVS) 12 IP-in-IP Tunneling [10] |
radiusVSA |
Multivalued RADIUS vendor-specific attributes. |
|
radiusTunnelClientEndpoint |
Multivalued attribute that has the address of the initiator end of the tunnel. |
|
radiusAuthType |
Authentication types such as MS-CHAP or NS-MTA-MD5. |
|
radiusClientIPAddress |
The client through which the user requests must be sent. |
IP address |
radiusGroupName |
Multivalued attribute that lists the groups the user belongs to. |
|
radiusHint |
Provides a hint for the user. |
|
radiusHuntgroupName |
Multivalued attribute of Huntgroup for the user. |
|
radiusProfileDn |
The DN of radiusProfile object for this user. |
|
radiusProxyToRealm |
The FreeRADIUS (non-protocol) attribute used to forward RADIUS requests. |
|
radiusReplicateToRealm |
A deprecated FreeRADIUS attribute. |
|
radiusRealm |
A FreeRADIUS (non-protocol) attribute. |
|
radiusSimultaneousUse |
Limits the number of times one user account can log in. |
|
radiusLoginTime |
A FreeRADIUS (non-protocol) attribute used to define the time span during which a user can log in to the system. |
|
radiusUserCategory |
A FreeRADIUS (non-protocol) attribute. Refers to the definition of a group to which the user belongs. |
|
radiusStripUserName |
||
dialupAccess |
Used for access control. |
|
radiusExpiration |
The expiration date of the RADIUS account. |
|
radiusCheckItem |
Multivalued attribute which stores the generic radius check-items. |
|
radiusReplyItem |
Multivalued attribute that stores generic radius reply items. |