(5) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject

jaseywang jaseywang at gmail.com
Sun Mar 26 19:08:09 CEST 2017


I need to use radius as the backend of pptp vpn for auth/login/accounting
etc. and I try to figure it out with the help of this doc:
http://www.sajithpn.com/2016/08/centos-7-installing-pptp-freeradius.html

freeradius:
# rpm -qa | grep radius
freeradius-3.0.4-7.el7_3.x86_64
radiusclient-ng-0.5.6-9.el7.x86_64
freeradius-utils-3.0.4-7.el7_3.x86_64
freeradius-mysql-3.0.4-7.el7_3.x86_64

with daloradius-0.9.9 as the web interface, both running on localhost, the
system is centos 7.2.

I use daloradius to add a new user wyx1(cleartext-password), and it passed
"test user connectivity" test, below is the daloradius/radtest and radiusd
-X output:

daloradius output:
*Executed:*
echo "User-Name='wyx1',User-Password='wyx1'" | radclient -c '1' -n '3' -r
'3' -t '3' -x '127.0.0.1:1812' 'auth' 'testing123' 2>&1

*Results:*
Sending Access-Request Id 12 from 0.0.0.0:33948 to 127.0.0.1:1812
User-Name = 'wyx1'
User-Password = 'wyx1'
Received Access-Accept Id 12 from 127.0.0.1:1812 to 127.0.0.1:33948 length
20

radtest output:
# radtest   wyx1 wyx1 127.0.0.1 0 testing123
Sending Access-Request Id 127 from 0.0.0.0:38206 to 127.0.0.1:1812
User-Name = 'wyx1'
User-Password = 'wyx1'
NAS-IP-Address = 10.44.55.2
NAS-Port = 0
Message-Authenticator = 0x00
Received Access-Accept Id 127 from 127.0.0.1:1812 to 127.0.0.1:38206 length
20


radius -X output:
Received Access-Request Id 32 from 127.0.0.1:46310 to 127.0.0.1:1812 length
44
User-Name = 'wyx1'
User-Password = 'wyx1'
(6) Received Access-Request packet from host 127.0.0.1 port 46310, id=32,
length=44
(6) User-Name = 'wyx1'
(6) User-Password = 'wyx1'
(6) # Executing section authorize from file /etc/raddb/sites-enabled/default
(6)   authorize {
(6)   filter_username filter_username {
(6)     if (!&User-Name)
(6)     if (!&User-Name)  -> FALSE
(6)     if (&User-Name =~ / /)
(6)     if (&User-Name =~ / /)  -> FALSE
(6)     if (&User-Name =~ /@.*@/ )
(6)     if (&User-Name =~ /@.*@/ )  -> FALSE
(6)     if (&User-Name =~ /\\.\\./ )
(6)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(6)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))
(6)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   ->
FALSE
(6)     if (&User-Name =~ /\\.$/)
(6)     if (&User-Name =~ /\\.$/)   -> FALSE
(6)     if (&User-Name =~ /@\\./)
(6)     if (&User-Name =~ /@\\./)   -> FALSE
(6)   } # filter_username filter_username = notfound
(6)   [preprocess] = ok
(6)  auth_log : EXPAND
/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(6)  auth_log :    --> /var/log/radius/radacct/
127.0.0.1/auth-detail-20170327
(6)  auth_log :
/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/127.0.0.1/auth-detail-20170327
(6)  auth_log : EXPAND %t
(6)  auth_log :    --> Mon Mar 27 00:53:15 2017
(6)   [auth_log] = ok
(6)   [chap] = noop
(6)   [mschap] = noop
(6)   [digest] = noop
(6)  suffix : Checking for suffix after "@"
(6)  suffix : No '@' in User-Name = "wyx1", looking up realm NULL
(6)  suffix : No such realm "NULL"
(6)   [suffix] = noop
(6)  eap : No EAP-Message, not doing EAP
(6)   [eap] = noop
(6)  sql : EXPAND %{User-Name}
(6)  sql :    --> wyx1
(6)  sql : SQL-User-Name set to 'wyx1'
rlm_sql (sql): Reserved connection (7)
(6)  sql : EXPAND SELECT id, username, attribute, value, op FROM radcheck
WHERE username = '%{SQL-User-Name}' ORDER BY id
(6)  sql :    --> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'wyx1' ORDER BY id
rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'wyx1' ORDER BY id'
(6)  sql : User found in radcheck table
(6)  sql : Check items matched
(6)  sql : EXPAND SELECT id, username, attribute, value, op FROM radreply
WHERE username = '%{SQL-User-Name}' ORDER BY id
(6)  sql :    --> SELECT id, username, attribute, value, op FROM radreply
WHERE username = 'wyx1' ORDER BY id
rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'wyx1' ORDER BY id'
(6)  sql : EXPAND SELECT groupname FROM radusergroup WHERE username =
'%{SQL-User-Name}' ORDER BY priority
(6)  sql :    --> SELECT groupname FROM radusergroup WHERE username =
'wyx1' ORDER BY priority
rlm_sql (sql): Executing query: 'SELECT groupname FROM radusergroup WHERE
username = 'wyx1' ORDER BY priority'
(6)  sql : User not found in any groups
rlm_sql (sql): Released connection (7)
rlm_sql (sql): 0 of 3 connections in use.  Need more spares
rlm_sql (sql): Opening additional connection (8)
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql (sql): Closing connection (6): Hit idle_timeout, was idle for 933
seconds
rlm_sql (sql): You probably need to lower "min"
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (5): Hit idle_timeout, was idle for 967
seconds
rlm_sql (sql): You probably need to lower "min"
rlm_sql_mysql: Socket destructor called, closing socket
(6)   [sql] = ok
(6)   [expiration] = noop
(6)   [logintime] = noop
(6)   [pap] = updated
(6)  } #  authorize = updated
(6) Found Auth-Type = PAP
(6) # Executing group from file /etc/raddb/sites-enabled/default
(6)  Auth-Type PAP {
(6)  pap : Login attempt with password
(6)  pap : User authenticated successfully
(6)   [pap] = ok
(6)  } # Auth-Type PAP = ok
(6) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(6)   post-auth {
(6)  reply_log : EXPAND
/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d
(6)  reply_log :    --> /var/log/radius/radacct/
127.0.0.1/reply-detail-20170327
(6)  reply_log :
/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d
expands to /var/log/radius/radacct/127.0.0.1/reply-detail-20170327
(6)  reply_log : EXPAND %t
(6)  reply_log :    --> Mon Mar 27 00:53:15 2017
(6)   [reply_log] = ok
(6)  sql : EXPAND .query
(6)  sql :    --> .query
(6)  sql : Using query template 'query'
rlm_sql (sql): Reserved connection (8)
(6)  sql : EXPAND %{User-Name}
(6)  sql :    --> wyx1
(6)  sql : SQL-User-Name set to 'wyx1'
(6)  sql : EXPAND INSERT INTO radpostauth (username, pass, reply, authdate)
VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S')
(6)  sql :    --> INSERT INTO radpostauth (username, pass, reply, authdate)
VALUES ( 'wyx1', 'wyx1', 'Access-Accept', '2017-03-27 00:53:15')
rlm_sql (sql): Executing query: 'INSERT INTO radpostauth (username, pass,
reply, authdate) VALUES ( 'wyx1', 'wyx1', 'Access-Accept', '2017-03-27
00:53:15')'
rlm_sql (sql): Released connection (8)
(6)   [sql] = ok
(6)   [exec] = noop
(6)   remove_reply_message_if_eap remove_reply_message_if_eap {
(6)     if (&reply:EAP-Message && &reply:Reply-Message)
(6)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(6)    else else {
(6)     [noop] = noop
(6)    } # else else = noop
(6)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(6)  } #  post-auth = ok
(6) Sending Access-Accept packet to host 127.0.0.1 port 46310, id=32,
length=0
Sending Access-Accept Id 32 from 127.0.0.1:1812 to 127.0.0.1:46310
(6) Finished request
Waking up in 0.3 seconds.
Waking up in 4.6 seconds.
(6) Cleaning up request packet ID 32 with timestamp +1053
Ready to process requests

Now, everything  seems fine.

But when  I use the same account to connect the pptp server, it
says Authentication failed:
Received Access-Request Id 232 from 127.0.0.1:39104 to 127.0.0.1:1812
length 65
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = 'wyx1'
Calling-Station-Id = '117.73.147.49'
NAS-IP-Address = 10.44.55.2
NAS-Port = 0
(7) Received Access-Request packet from host 127.0.0.1 port 39104, id=232,
length=65
(7) Service-Type = Framed-User
(7) Framed-Protocol = PPP
(7) User-Name = 'wyx1'
(7) Calling-Station-Id = '117.73.147.49'
(7) NAS-IP-Address = 10.44.55.2
(7) NAS-Port = 0
(7) # Executing section authorize from file /etc/raddb/sites-enabled/default
(7)   authorize {
(7)   filter_username filter_username {
(7)     if (!&User-Name)
(7)     if (!&User-Name)  -> FALSE
(7)     if (&User-Name =~ / /)
(7)     if (&User-Name =~ / /)  -> FALSE
(7)     if (&User-Name =~ /@.*@/ )
(7)     if (&User-Name =~ /@.*@/ )  -> FALSE
(7)     if (&User-Name =~ /\\.\\./ )
(7)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(7)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))
(7)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   ->
FALSE
(7)     if (&User-Name =~ /\\.$/)
(7)     if (&User-Name =~ /\\.$/)   -> FALSE
(7)     if (&User-Name =~ /@\\./)
(7)     if (&User-Name =~ /@\\./)   -> FALSE
(7)   } # filter_username filter_username = notfound
(7)   [preprocess] = ok
(7)  auth_log : EXPAND
/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(7)  auth_log :    --> /var/log/radius/radacct/
127.0.0.1/auth-detail-20170327
(7)  auth_log :
/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/127.0.0.1/auth-detail-20170327
(7)  auth_log : EXPAND %t
(7)  auth_log :    --> Mon Mar 27 00:56:06 2017
(7)   [auth_log] = ok
(7)   [chap] = noop
(7)   [mschap] = noop
(7)   [digest] = noop
(7)  suffix : Checking for suffix after "@"
(7)  suffix : No '@' in User-Name = "wyx1", looking up realm NULL
(7)  suffix : No such realm "NULL"
(7)   [suffix] = noop
(7)  eap : No EAP-Message, not doing EAP
(7)   [eap] = noop
(7)  sql : EXPAND %{User-Name}
(7)  sql :    --> wyx1
(7)  sql : SQL-User-Name set to 'wyx1'
rlm_sql (sql): Reserved connection (8)
(7)  sql : EXPAND SELECT id, username, attribute, value, op FROM radcheck
WHERE username = '%{SQL-User-Name}' ORDER BY id
(7)  sql :    --> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'wyx1' ORDER BY id
rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'wyx1' ORDER BY id'
(7)  sql : User found in radcheck table
(7)  sql : Check items matched
(7)  sql : EXPAND SELECT id, username, attribute, value, op FROM radreply
WHERE username = '%{SQL-User-Name}' ORDER BY id
(7)  sql :    --> SELECT id, username, attribute, value, op FROM radreply
WHERE username = 'wyx1' ORDER BY id
rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'wyx1' ORDER BY id'
(7)  sql : EXPAND SELECT groupname FROM radusergroup WHERE username =
'%{SQL-User-Name}' ORDER BY priority
(7)  sql :    --> SELECT groupname FROM radusergroup WHERE username =
'wyx1' ORDER BY priority
rlm_sql (sql): Executing query: 'SELECT groupname FROM radusergroup WHERE
username = 'wyx1' ORDER BY priority'
(7)  sql : User not found in any groups
rlm_sql (sql): Released connection (8)
rlm_sql (sql): 0 of 2 connections in use.  Need more spares
rlm_sql (sql): Opening additional connection (9)
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql (sql): Closing connection (7): Hit idle_timeout, was idle for 171
seconds
rlm_sql (sql): You probably need to lower "min"
rlm_sql_mysql: Socket destructor called, closing socket
(7)   [sql] = ok
(7)   [expiration] = noop
(7)   [logintime] = noop
(7)  pap : No cleartext password in the request.  Not performing PAP
(7)   [pap] = noop
(7)  } #  authorize = ok
(7) WARNING: Please update your configuration, and remove 'Auth-Type =
Local'
(7) WARNING: Use the PAP or CHAP modules instead
(7) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type =
Reject
(7) Failed to authenticate the user
(7) Using Post-Auth-Type Reject
(7) # Executing group from file /etc/raddb/sites-enabled/default
(7)  Post-Auth-Type REJECT {
(7)  sql : EXPAND .query
(7)  sql :    --> .query
(7)  sql : Using query template 'query'
rlm_sql (sql): Reserved connection (9)
(7)  sql : EXPAND %{User-Name}
(7)  sql :    --> wyx1
(7)  sql : SQL-User-Name set to 'wyx1'
(7)  sql : EXPAND INSERT INTO radpostauth (username, pass, reply, authdate)
VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S')
(7)  sql :    --> INSERT INTO radpostauth (username, pass, reply, authdate)
VALUES ( 'wyx1', '', 'Access-Reject', '2017-03-27 00:56:06')
rlm_sql (sql): Executing query: 'INSERT INTO radpostauth (username, pass,
reply, authdate) VALUES ( 'wyx1', '', 'Access-Reject', '2017-03-27
00:56:06')'
rlm_sql (sql): Released connection (9)
(7)   [sql] = ok
(7)  attr_filter.access_reject : EXPAND %{User-Name}
(7)  attr_filter.access_reject :    --> wyx1
(7)  attr_filter.access_reject : Matched entry DEFAULT at line 11
(7)   [attr_filter.access_reject] = updated
(7)  eap : Request didn't contain an EAP-Message, not inserting EAP-Failure
(7)   [eap] = noop
(7)   remove_reply_message_if_eap remove_reply_message_if_eap {
(7)     if (&reply:EAP-Message && &reply:Reply-Message)
(7)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(7)    else else {
(7)     [noop] = noop
(7)    } # else else = noop
(7)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(7)  } # Post-Auth-Type REJECT = updated
(7) Delaying response for 1 seconds
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
(7) Sending delayed response
(7) Sending Access-Reject packet to host 127.0.0.1 port 39104, id=232,
length=0
Sending Access-Reject Id 232 from 127.0.0.1:1812 to 127.0.0.1:39104
Waking up in 3.9 seconds.
(7) Cleaning up request packet ID 232 with timestamp +1224
Ready to process requests

And the responding pptp log:
Mar 27 00:56:06 iZ2597ft3dqZ pptpd[23202]: CTRL: Client  control connection
started
Mar 27 00:56:06 iZ2597ft3dqZ pptpd[23202]: CTRL: Starting call (launching
pppd, opening GRE)
Mar 27 00:56:06 iZ2597ft3dqZ pppd[23203]: Plugin radius.so loaded.
Mar 27 00:56:06 iZ2597ft3dqZ pppd[23203]: RADIUS plugin initialized.
Mar 27 00:56:06 iZ2597ft3dqZ pppd[23203]: Plugin radattr.so loaded.
Mar 27 00:56:06 iZ2597ft3dqZ pppd[23203]: RADATTR plugin initialized.
Mar 27 00:56:06 iZ2597ft3dqZ pppd[23203]: Plugin
/usr/lib64/pptpd/pptpd-logwtmp.so loaded.
Mar 27 00:56:06 iZ2597ft3dqZ pppd[23203]: pptpd-logwtmp: $Version$
Mar 27 00:56:06 iZ2597ft3dqZ pppd[23203]: pppd 2.4.5 started by root, uid 0
Mar 27 00:56:06 iZ2597ft3dqZ pppd[23203]: Using interface ppp0
Mar 27 00:56:06 iZ2597ft3dqZ pppd[23203]: Connect: ppp0 <--> /dev/pts/0
Mar 27 00:56:06 iZ2597ft3dqZ pppd[23203]: rc_avpair_new: unknown attribute
11
Mar 27 00:56:06 iZ2597ft3dqZ pppd[23203]: rc_avpair_new: unknown attribute
25
Mar 27 00:56:07 iZ2597ft3dqZ pppd[23203]: Peer wyx1 failed CHAP
authentication
Mar 27 00:56:07 iZ2597ft3dqZ pptpd[23202]: CTRL: EOF or bad error reading
ctrl packet length.
Mar 27 00:56:07 iZ2597ft3dqZ pptpd[23202]: CTRL: couldn't read packet
header (exit)
Mar 27 00:56:07 iZ2597ft3dqZ pptpd[23202]: CTRL: CTRL read failed
Mar 27 00:56:07 iZ2597ft3dqZ pppd[23203]: Modem hangup
Mar 27 00:56:07 iZ2597ft3dqZ pppd[23203]: Connection terminated.
Mar 27 00:56:07 iZ2597ft3dqZ pppd[23203]: Exit.
Mar 27 00:56:07 iZ2597ft3dqZ pptpd[23202]: CTRL: Client control connection
finished


config file:

# cat /etc/raddb/clients.conf:
client localhost {
ipaddr = 127.0.0.1
proto = *
secret = testing123
require_message_authenticator = no
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client localhost_ipv6 {
ipv6addr = ::1
secret = testing123
}

# cat /etc/raddb/radiusd.conf
prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = /var
sbindir = /usr/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
name = radiusd
confdir = ${raddbdir}
modconfdir = ${confdir}/mods-config
certdir = ${confdir}/certs
cadir   = ${confdir}/certs
run_dir = ${localstatedir}/run/${name}
db_dir = ${localstatedir}/lib/radiusd
libdir = /usr/lib64/freeradius
pidfile = ${run_dir}/${name}.pid
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
hostname_lookups = no
log {
destination = files
colourise = yes
file = ${logdir}/radius.log
syslog_facility = daemon
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
msg_denied = "You are already logged in - access denied"
}
checkrad = ${sbindir}/checkrad
security {
user = radiusd
group = radiusd
allow_core_dumps = no
max_attributes = 200
reject_delay = 1
status_server = yes
}
proxy_requests  = yes
$INCLUDE proxy.conf
$INCLUDE clients.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
auto_limit_acct = no
}
modules {
$INCLUDE mods-enabled/
}
instantiate {
}
policy {
$INCLUDE policy.d/
}
$INCLUDE sites-enabled/

cat /etc/raddb/users
bob     Cleartext-Password := "hello"
DEFAULT Framed-Protocol == PPP
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "CSLIP"
Framed-Protocol = SLIP,
Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "SLIP"
Framed-Protocol = SLIP


cat /etc/raddb/site-enabled/default
server default {
listen {
type = auth
ipaddr = *
port = 0
limit {
     max_connections = 16
     lifetime = 0
     idle_timeout = 30
}
}
listen {
ipaddr = *
port = 0
type = acct
limit {
}
}
listen {
type = auth
port = 0
limit {
     max_connections = 16
     lifetime = 0
     idle_timeout = 30
}
}
listen {
ipv6addr = ::
port = 0
type = acct
limit {
}
}
authorize {
filter_username
preprocess
auth_log
chap
mschap
digest
suffix
eap {
ok = return
}
sql
expiration
logintime
pap
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
digest
eap
}
preacct {
preprocess
acct_unique
suffix
}
accounting {
detail
unix
sql
exec
attr_filter.accounting_response
}
session {
radutmp
sql
}
post-auth {
reply_log
sql
exec
remove_reply_message_if_eap
Post-Auth-Type REJECT {
-sql
attr_filter.access_reject
eap
remove_reply_message_if_eap
}
}
pre-proxy {
}
post-proxy {
eap
}
}


# cat /etc/ppp/options.pptpd
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns 8.8.8.8
ms-dns 8.8.4.4
proxyarp
debug
lock
nobsdcomp
novj
novjccomp
nologfd

plugin radius.so
plugin radattr.so
radius-config-file /etc/radiusclient-ng/radiusclient.conf

# cat /usr/share/radiusclient-ng/dictionary
# grep -v "#" dictionary  | grep -v ^$
ATTRIBUTE User-Name 1 string
ATTRIBUTE Password 2 string
ATTRIBUTE CHAP-Password 3 string
ATTRIBUTE NAS-IP-Address 4 ipaddr
ATTRIBUTE NAS-Port-Id 5 integer
ATTRIBUTE Service-Type 6 integer
ATTRIBUTE Framed-Protocol 7 integer
ATTRIBUTE Framed-IP-Address 8 ipaddr
ATTRIBUTE Framed-IP-Netmask 9 ipaddr
ATTRIBUTE Framed-Routing 10 integer
ATTRIBUTE Filter-Id 11 string
ATTRIBUTE Framed-MTU 12 integer
ATTRIBUTE Framed-Compression 13 integer
ATTRIBUTE Login-IP-Host 14 ipaddr
ATTRIBUTE Login-Service 15 integer
ATTRIBUTE Login-TCP-Port 16 integer
ATTRIBUTE Reply-Message 18 string
ATTRIBUTE Callback-Number 19 string
ATTRIBUTE Callback-Id 20 string
ATTRIBUTE Framed-Route 22 string
ATTRIBUTE Framed-IPX-Network 23 ipaddr
ATTRIBUTE State 24 string
ATTRIBUTE Class 25 string
ATTRIBUTE Vendor-Specific 26 string
ATTRIBUTE Session-Timeout 27 integer
ATTRIBUTE Idle-Timeout 28 integer
ATTRIBUTE Termination-Action 29 integer
ATTRIBUTE Called-Station-Id 30 string
ATTRIBUTE Calling-Station-Id 31 string
ATTRIBUTE NAS-Identifier 32 string
ATTRIBUTE Proxy-State 33 string
ATTRIBUTE Login-LAT-Service 34 string
ATTRIBUTE Login-LAT-Node 35 string
ATTRIBUTE Login-LAT-Group 36 string
ATTRIBUTE Framed-AppleTalk-Link 37 integer
ATTRIBUTE Framed-AppleTalk-Network 38 integer
ATTRIBUTE Framed-AppleTalk-Zone 39 string
ATTRIBUTE Acct-Status-Type 40 integer
ATTRIBUTE Acct-Delay-Time 41 integer
ATTRIBUTE Acct-Input-Octets 42 integer
ATTRIBUTE Acct-Output-Octets 43 integer
ATTRIBUTE Acct-Session-Id 44 string
ATTRIBUTE Acct-Authentic 45 integer
ATTRIBUTE Acct-Session-Time 46 integer
ATTRIBUTE Acct-Input-Packets 47 integer
ATTRIBUTE Acct-Output-Packets 48 integer
ATTRIBUTE Acct-Terminate-Cause 49 integer
ATTRIBUTE Acct-Multi-Session-Id 50 string
ATTRIBUTE Acct-Link-Count 51 integer
ATTRIBUTE Event-Timestamp 55 integer
ATTRIBUTE CHAP-Challenge 60 string
ATTRIBUTE NAS-Port-Type 61 integer
ATTRIBUTE Port-Limit 62 integer
ATTRIBUTE Login-LAT-Port 63 integer
ATTRIBUTE Connect-Info 77 string
ATTRIBUTE NAS-IPv6-Address 95 string
ATTRIBUTE Framed-Interface-Id 96 string
ATTRIBUTE Framed-IPv6-Prefix 97 string
ATTRIBUTE Login-IPv6-Host 98 string
ATTRIBUTE Framed-IPv6-Route 99 string
ATTRIBUTE Framed-IPv6-Pool 100 string
ATTRIBUTE Huntgroup-Name 221 string
ATTRIBUTE User-Category 1029 string
ATTRIBUTE Group-Name 1030 string
ATTRIBUTE Simultaneous-Use 1034 integer
ATTRIBUTE Strip-User-Name 1035 integer
ATTRIBUTE Fall-Through 1036 integer
ATTRIBUTE Add-Port-To-IP-Address 1037 integer
ATTRIBUTE Exec-Program 1038 string
ATTRIBUTE Exec-Program-Wait 1039 string
ATTRIBUTE Hint 1040 string
ATTRIBUTE Expiration  21 date
ATTRIBUTE Auth-Type 1000 integer
ATTRIBUTE Menu 1001 string
ATTRIBUTE Termination-Menu 1002 string
ATTRIBUTE Prefix 1003 string
ATTRIBUTE Suffix 1004 string
ATTRIBUTE Group 1005 string
ATTRIBUTE Crypt-Password 1006 string
ATTRIBUTE Connect-Rate 1007 integer
VALUE Service-Type Login-User 1
VALUE Service-Type Framed-User 2
VALUE Service-Type Callback-Login-User 3
VALUE Service-Type Callback-Framed-User 4
VALUE Service-Type Outbound-User 5
VALUE Service-Type Administrative-User 6
VALUE Service-Type NAS-Prompt-User 7
VALUE Framed-Protocol PPP 1
VALUE Framed-Protocol SLIP 2
VALUE Framed-Routing None 0
VALUE Framed-Routing Broadcast 1
VALUE Framed-Routing Listen 2
VALUE Framed-Routing Broadcast-Listen 3
VALUE Framed-Compression None 0
VALUE Framed-Compression Van-Jacobson-TCP-IP 1
VALUE Login-Service Telnet 0
VALUE Login-Service Rlogin 1
VALUE Login-Service TCP-Clear 2
VALUE Login-Service PortMaster 3
VALUE Acct-Status-Type Start 1
VALUE Acct-Status-Type Stop 2
VALUE Acct-Status-Type Alive 3
VALUE Acct-Status-Type Accounting-On 7
VALUE Acct-Status-Type Accounting-Off 8
VALUE Acct-Authentic RADIUS 1
VALUE Acct-Authentic Local 2
VALUE Acct-Authentic PowerLink128 100
VALUE Termination-Action Default 0
VALUE Termination-Action RADIUS-Request 1
VALUE NAS-Port-Type Async 0
VALUE NAS-Port-Type Sync 1
VALUE NAS-Port-Type ISDN 2
VALUE NAS-Port-Type ISDN-V120 3
VALUE NAS-Port-Type ISDN-V110 4
VALUE           Acct-Terminate-Cause    User-Request            1
VALUE           Acct-Terminate-Cause    Lost-Carrier            2
VALUE           Acct-Terminate-Cause    Lost-Service            3
VALUE           Acct-Terminate-Cause    Idle-Timeout            4
VALUE           Acct-Terminate-Cause    Session-Timeout         5
VALUE           Acct-Terminate-Cause    Admin-Reset             6
VALUE           Acct-Terminate-Cause    Admin-Reboot            7
VALUE           Acct-Terminate-Cause    Port-Error              8
VALUE           Acct-Terminate-Cause    NAS-Error               9
VALUE           Acct-Terminate-Cause    NAS-Request             10
VALUE           Acct-Terminate-Cause    NAS-Reboot              11
VALUE           Acct-Terminate-Cause    Port-Unneeded           12
VALUE           Acct-Terminate-Cause    Port-Preempted          13
VALUE           Acct-Terminate-Cause    Port-Suspended          14
VALUE           Acct-Terminate-Cause    Service-Unavailable     15
VALUE           Acct-Terminate-Cause    Callback                16
VALUE           Acct-Terminate-Cause    User-Error              17
VALUE           Acct-Terminate-Cause    Host-Request            18
VALUE Auth-Type Local 0
VALUE Auth-Type System 1
VALUE Auth-Type SecurID 2
VALUE Auth-Type Crypt-Local 3
VALUE Auth-Type Reject 4
VALUE Auth-Type Pam 253
VALUE Auth-Type Accept 254
VALUE Fall-Through No 0
VALUE Fall-Through Yes 1
VALUE Add-Port-To-IP-Address No 0
VALUE Add-Port-To-IP-Address Yes 1
INCLUDE /usr/share/radiusclient-ng/dictionary.merit
INCLUDE /usr/share/radiusclient-ng/dictionary.microsoft
INCLUDE /usr/share/radiusclient-ng/dictionary.ascend
INCLUDE /usr/share/radiusclient-ng/dictionary.compat

I have googled a lot, but no big progress, any help is appreciated.


More information about the Freeradius-Users mailing list