I need to use radius as the backend of pptp vpn for auth/login/accounting etc. and I try to figure it out with the help of this doc: http://www.sajithpn.com/2016/08/centos-7-installing-pptp-freeradius.html freeradius: # rpm -qa | grep radius freeradius-3.0.4-7.el7_3.x86_64 radiusclient-ng-0.5.6-9.el7.x86_64 freeradius-utils-3.0.4-7.el7_3.x86_64 freeradius-mysql-3.0.4-7.el7_3.x86_64 with daloradius-0.9.9 as the web interface, both running on localhost, the system is centos 7.2. I use daloradius to add a new user wyx1(cleartext-password), and it passed "test user connectivity" test, below is the daloradius/radtest and radiusd -X output: daloradius output: *Executed:* echo "User-Name='wyx1',User-Password='wyx1'" | radclient -c '1' -n '3' -r '3' -t '3' -x '127.0.0.1:1812' 'auth' 'testing123' 2>&1 *Results:* Sending Access-Request Id 12 from 0.0.0.0:33948 to 127.0.0.1:1812 User-Name = 'wyx1' User-Password = 'wyx1' Received Access-Accept Id 12 from 127.0.0.1:1812 to 127.0.0.1:33948 length 20 radtest output: # radtest wyx1 wyx1 127.0.0.1 0 testing123 Sending Access-Request Id 127 from 0.0.0.0:38206 to 127.0.0.1:1812 User-Name = 'wyx1' User-Password = 'wyx1' NAS-IP-Address = 10.44.55.2 NAS-Port = 0 Message-Authenticator = 0x00 Received Access-Accept Id 127 from 127.0.0.1:1812 to 127.0.0.1:38206 length 20 radius -X output: Received Access-Request Id 32 from 127.0.0.1:46310 to 127.0.0.1:1812 length 44 User-Name = 'wyx1' User-Password = 'wyx1' (6) Received Access-Request packet from host 127.0.0.1 port 46310, id=32, length=44 (6) User-Name = 'wyx1' (6) User-Password = 'wyx1' (6) # Executing section authorize from file /etc/raddb/sites-enabled/default (6) authorize { (6) filter_username filter_username { (6) if (!&User-Name) (6) if (!&User-Name) -> FALSE (6) if (&User-Name =~ / /) (6) if (&User-Name =~ / /) -> FALSE (6) if (&User-Name =~ /@.*@/ ) (6) if (&User-Name =~ /@.*@/ ) -> FALSE (6) if (&User-Name =~ /\\.\\./ ) (6) if (&User-Name =~ /\\.\\./ ) -> FALSE (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (6) if (&User-Name =~ /\\.$/) (6) if (&User-Name =~ /\\.$/) -> FALSE (6) if (&User-Name =~ /@\\./) (6) if (&User-Name =~ /@\\./) -> FALSE (6) } # filter_username filter_username = notfound (6) [preprocess] = ok (6) auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d (6) auth_log : --> /var/log/radius/radacct/ 127.0.0.1/auth-detail-20170327 (6) auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/127.0.0.1/auth-detail-20170327 (6) auth_log : EXPAND %t (6) auth_log : --> Mon Mar 27 00:53:15 2017 (6) [auth_log] = ok (6) [chap] = noop (6) [mschap] = noop (6) [digest] = noop (6) suffix : Checking for suffix after "@" (6) suffix : No '@' in User-Name = "wyx1", looking up realm NULL (6) suffix : No such realm "NULL" (6) [suffix] = noop (6) eap : No EAP-Message, not doing EAP (6) [eap] = noop (6) sql : EXPAND %{User-Name} (6) sql : --> wyx1 (6) sql : SQL-User-Name set to 'wyx1' rlm_sql (sql): Reserved connection (7) (6) sql : EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id (6) sql : --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'wyx1' ORDER BY id rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'wyx1' ORDER BY id' (6) sql : User found in radcheck table (6) sql : Check items matched (6) sql : EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id (6) sql : --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'wyx1' ORDER BY id rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op FROM radreply WHERE username = 'wyx1' ORDER BY id' (6) sql : EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority (6) sql : --> SELECT groupname FROM radusergroup WHERE username = 'wyx1' ORDER BY priority rlm_sql (sql): Executing query: 'SELECT groupname FROM radusergroup WHERE username = 'wyx1' ORDER BY priority' (6) sql : User not found in any groups rlm_sql (sql): Released connection (7) rlm_sql (sql): 0 of 3 connections in use. Need more spares rlm_sql (sql): Opening additional connection (8) rlm_sql_mysql: Starting connect to MySQL server rlm_sql (sql): Closing connection (6): Hit idle_timeout, was idle for 933 seconds rlm_sql (sql): You probably need to lower "min" rlm_sql_mysql: Socket destructor called, closing socket rlm_sql (sql): Closing connection (5): Hit idle_timeout, was idle for 967 seconds rlm_sql (sql): You probably need to lower "min" rlm_sql_mysql: Socket destructor called, closing socket (6) [sql] = ok (6) [expiration] = noop (6) [logintime] = noop (6) [pap] = updated (6) } # authorize = updated (6) Found Auth-Type = PAP (6) # Executing group from file /etc/raddb/sites-enabled/default (6) Auth-Type PAP { (6) pap : Login attempt with password (6) pap : User authenticated successfully (6) [pap] = ok (6) } # Auth-Type PAP = ok (6) # Executing section post-auth from file /etc/raddb/sites-enabled/default (6) post-auth { (6) reply_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d (6) reply_log : --> /var/log/radius/radacct/ 127.0.0.1/reply-detail-20170327 (6) reply_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d expands to /var/log/radius/radacct/127.0.0.1/reply-detail-20170327 (6) reply_log : EXPAND %t (6) reply_log : --> Mon Mar 27 00:53:15 2017 (6) [reply_log] = ok (6) sql : EXPAND .query (6) sql : --> .query (6) sql : Using query template 'query' rlm_sql (sql): Reserved connection (8) (6) sql : EXPAND %{User-Name} (6) sql : --> wyx1 (6) sql : SQL-User-Name set to 'wyx1' (6) sql : EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') (6) sql : --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'wyx1', 'wyx1', 'Access-Accept', '2017-03-27 00:53:15') rlm_sql (sql): Executing query: 'INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'wyx1', 'wyx1', 'Access-Accept', '2017-03-27 00:53:15')' rlm_sql (sql): Released connection (8) (6) [sql] = ok (6) [exec] = noop (6) remove_reply_message_if_eap remove_reply_message_if_eap { (6) if (&reply:EAP-Message && &reply:Reply-Message) (6) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (6) else else { (6) [noop] = noop (6) } # else else = noop (6) } # remove_reply_message_if_eap remove_reply_message_if_eap = noop (6) } # post-auth = ok (6) Sending Access-Accept packet to host 127.0.0.1 port 46310, id=32, length=0 Sending Access-Accept Id 32 from 127.0.0.1:1812 to 127.0.0.1:46310 (6) Finished request Waking up in 0.3 seconds. Waking up in 4.6 seconds. (6) Cleaning up request packet ID 32 with timestamp +1053 Ready to process requests Now, everything seems fine. But when I use the same account to connect the pptp server, it says Authentication failed: Received Access-Request Id 232 from 127.0.0.1:39104 to 127.0.0.1:1812 length 65 Service-Type = Framed-User Framed-Protocol = PPP User-Name = 'wyx1' Calling-Station-Id = '117.73.147.49' NAS-IP-Address = 10.44.55.2 NAS-Port = 0 (7) Received Access-Request packet from host 127.0.0.1 port 39104, id=232, length=65 (7) Service-Type = Framed-User (7) Framed-Protocol = PPP (7) User-Name = 'wyx1' (7) Calling-Station-Id = '117.73.147.49' (7) NAS-IP-Address = 10.44.55.2 (7) NAS-Port = 0 (7) # Executing section authorize from file /etc/raddb/sites-enabled/default (7) authorize { (7) filter_username filter_username { (7) if (!&User-Name) (7) if (!&User-Name) -> FALSE (7) if (&User-Name =~ / /) (7) if (&User-Name =~ / /) -> FALSE (7) if (&User-Name =~ /@.*@/ ) (7) if (&User-Name =~ /@.*@/ ) -> FALSE (7) if (&User-Name =~ /\\.\\./ ) (7) if (&User-Name =~ /\\.\\./ ) -> FALSE (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (7) if (&User-Name =~ /\\.$/) (7) if (&User-Name =~ /\\.$/) -> FALSE (7) if (&User-Name =~ /@\\./) (7) if (&User-Name =~ /@\\./) -> FALSE (7) } # filter_username filter_username = notfound (7) [preprocess] = ok (7) auth_log : EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d (7) auth_log : --> /var/log/radius/radacct/ 127.0.0.1/auth-detail-20170327 (7) auth_log : /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/127.0.0.1/auth-detail-20170327 (7) auth_log : EXPAND %t (7) auth_log : --> Mon Mar 27 00:56:06 2017 (7) [auth_log] = ok (7) [chap] = noop (7) [mschap] = noop (7) [digest] = noop (7) suffix : Checking for suffix after "@" (7) suffix : No '@' in User-Name = "wyx1", looking up realm NULL (7) suffix : No such realm "NULL" (7) [suffix] = noop (7) eap : No EAP-Message, not doing EAP (7) [eap] = noop (7) sql : EXPAND %{User-Name} (7) sql : --> wyx1 (7) sql : SQL-User-Name set to 'wyx1' rlm_sql (sql): Reserved connection (8) (7) sql : EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id (7) sql : --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'wyx1' ORDER BY id rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'wyx1' ORDER BY id' (7) sql : User found in radcheck table (7) sql : Check items matched (7) sql : EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id (7) sql : --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'wyx1' ORDER BY id rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op FROM radreply WHERE username = 'wyx1' ORDER BY id' (7) sql : EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority (7) sql : --> SELECT groupname FROM radusergroup WHERE username = 'wyx1' ORDER BY priority rlm_sql (sql): Executing query: 'SELECT groupname FROM radusergroup WHERE username = 'wyx1' ORDER BY priority' (7) sql : User not found in any groups rlm_sql (sql): Released connection (8) rlm_sql (sql): 0 of 2 connections in use. Need more spares rlm_sql (sql): Opening additional connection (9) rlm_sql_mysql: Starting connect to MySQL server rlm_sql (sql): Closing connection (7): Hit idle_timeout, was idle for 171 seconds rlm_sql (sql): You probably need to lower "min" rlm_sql_mysql: Socket destructor called, closing socket (7) [sql] = ok (7) [expiration] = noop (7) [logintime] = noop (7) pap : No cleartext password in the request. Not performing PAP (7) [pap] = noop (7) } # authorize = ok (7) WARNING: Please update your configuration, and remove 'Auth-Type = Local' (7) WARNING: Use the PAP or CHAP modules instead (7) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject (7) Failed to authenticate the user (7) Using Post-Auth-Type Reject (7) # Executing group from file /etc/raddb/sites-enabled/default (7) Post-Auth-Type REJECT { (7) sql : EXPAND .query (7) sql : --> .query (7) sql : Using query template 'query' rlm_sql (sql): Reserved connection (9) (7) sql : EXPAND %{User-Name} (7) sql : --> wyx1 (7) sql : SQL-User-Name set to 'wyx1' (7) sql : EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') (7) sql : --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'wyx1', '', 'Access-Reject', '2017-03-27 00:56:06') rlm_sql (sql): Executing query: 'INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'wyx1', '', 'Access-Reject', '2017-03-27 00:56:06')' rlm_sql (sql): Released connection (9) (7) [sql] = ok (7) attr_filter.access_reject : EXPAND %{User-Name} (7) attr_filter.access_reject : --> wyx1 (7) attr_filter.access_reject : Matched entry DEFAULT at line 11 (7) [attr_filter.access_reject] = updated (7) eap : Request didn't contain an EAP-Message, not inserting EAP-Failure (7) [eap] = noop (7) remove_reply_message_if_eap remove_reply_message_if_eap { (7) if (&reply:EAP-Message && &reply:Reply-Message) (7) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (7) else else { (7) [noop] = noop (7) } # else else = noop (7) } # remove_reply_message_if_eap remove_reply_message_if_eap = noop (7) } # Post-Auth-Type REJECT = updated (7) Delaying response for 1 seconds Waking up in 0.3 seconds. Waking up in 0.6 seconds. (7) Sending delayed response (7) Sending Access-Reject packet to host 127.0.0.1 port 39104, id=232, length=0 Sending Access-Reject Id 232 from 127.0.0.1:1812 to 127.0.0.1:39104 Waking up in 3.9 seconds. (7) Cleaning up request packet ID 232 with timestamp +1224 Ready to process requests And the responding pptp log: Mar 27 00:56:06 iZ2597ft3dqZ pptpd[23202]: CTRL: Client control connection started Mar 27 00:56:06 iZ2597ft3dqZ pptpd[23202]: CTRL: Starting call (launching pppd, opening GRE) Mar 27 00:56:06 iZ2597ft3dqZ pppd[23203]: Plugin radius.so loaded. Mar 27 00:56:06 iZ2597ft3dqZ pppd[23203]: RADIUS plugin initialized. Mar 27 00:56:06 iZ2597ft3dqZ pppd[23203]: Plugin radattr.so loaded. Mar 27 00:56:06 iZ2597ft3dqZ pppd[23203]: RADATTR plugin initialized. Mar 27 00:56:06 iZ2597ft3dqZ pppd[23203]: Plugin /usr/lib64/pptpd/pptpd-logwtmp.so loaded. Mar 27 00:56:06 iZ2597ft3dqZ pppd[23203]: pptpd-logwtmp: $Version$ Mar 27 00:56:06 iZ2597ft3dqZ pppd[23203]: pppd 2.4.5 started by root, uid 0 Mar 27 00:56:06 iZ2597ft3dqZ pppd[23203]: Using interface ppp0 Mar 27 00:56:06 iZ2597ft3dqZ pppd[23203]: Connect: ppp0 <--> /dev/pts/0 Mar 27 00:56:06 iZ2597ft3dqZ pppd[23203]: rc_avpair_new: unknown attribute 11 Mar 27 00:56:06 iZ2597ft3dqZ pppd[23203]: rc_avpair_new: unknown attribute 25 Mar 27 00:56:07 iZ2597ft3dqZ pppd[23203]: Peer wyx1 failed CHAP authentication Mar 27 00:56:07 iZ2597ft3dqZ pptpd[23202]: CTRL: EOF or bad error reading ctrl packet length. Mar 27 00:56:07 iZ2597ft3dqZ pptpd[23202]: CTRL: couldn't read packet header (exit) Mar 27 00:56:07 iZ2597ft3dqZ pptpd[23202]: CTRL: CTRL read failed Mar 27 00:56:07 iZ2597ft3dqZ pppd[23203]: Modem hangup Mar 27 00:56:07 iZ2597ft3dqZ pppd[23203]: Connection terminated. Mar 27 00:56:07 iZ2597ft3dqZ pppd[23203]: Exit. Mar 27 00:56:07 iZ2597ft3dqZ pptpd[23202]: CTRL: Client control connection finished config file: # cat /etc/raddb/clients.conf: client localhost { ipaddr = 127.0.0.1 proto = * secret = testing123 require_message_authenticator = no limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client localhost_ipv6 { ipv6addr = ::1 secret = testing123 } # cat /etc/raddb/radiusd.conf prefix = /usr exec_prefix = /usr sysconfdir = /etc localstatedir = /var sbindir = /usr/sbin logdir = ${localstatedir}/log/radius raddbdir = ${sysconfdir}/raddb radacctdir = ${logdir}/radacct name = radiusd confdir = ${raddbdir} modconfdir = ${confdir}/mods-config certdir = ${confdir}/certs cadir = ${confdir}/certs run_dir = ${localstatedir}/run/${name} db_dir = ${localstatedir}/lib/radiusd libdir = /usr/lib64/freeradius pidfile = ${run_dir}/${name}.pid max_request_time = 30 cleanup_delay = 5 max_requests = 1024 hostname_lookups = no log { destination = files colourise = yes file = ${logdir}/radius.log syslog_facility = daemon stripped_names = no auth = no auth_badpass = no auth_goodpass = no msg_denied = "You are already logged in - access denied" } checkrad = ${sbindir}/checkrad security { user = radiusd group = radiusd allow_core_dumps = no max_attributes = 200 reject_delay = 1 status_server = yes } proxy_requests = yes $INCLUDE proxy.conf $INCLUDE clients.conf thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 auto_limit_acct = no } modules { $INCLUDE mods-enabled/ } instantiate { } policy { $INCLUDE policy.d/ } $INCLUDE sites-enabled/ cat /etc/raddb/users bob Cleartext-Password := "hello" DEFAULT Framed-Protocol == PPP Framed-Protocol = PPP, Framed-Compression = Van-Jacobson-TCP-IP DEFAULT Hint == "CSLIP" Framed-Protocol = SLIP, Framed-Compression = Van-Jacobson-TCP-IP DEFAULT Hint == "SLIP" Framed-Protocol = SLIP cat /etc/raddb/site-enabled/default server default { listen { type = auth ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { ipaddr = * port = 0 type = acct limit { } } listen { type = auth port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { ipv6addr = :: port = 0 type = acct limit { } } authorize { filter_username preprocess auth_log chap mschap digest suffix eap { ok = return } sql expiration logintime pap } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } digest eap } preacct { preprocess acct_unique suffix } accounting { detail unix sql exec attr_filter.accounting_response } session { radutmp sql } post-auth { reply_log sql exec remove_reply_message_if_eap Post-Auth-Type REJECT { -sql attr_filter.access_reject eap remove_reply_message_if_eap } } pre-proxy { } post-proxy { eap } } # cat /etc/ppp/options.pptpd name pptpd refuse-pap refuse-chap refuse-mschap require-mschap-v2 require-mppe-128 ms-dns 8.8.8.8 ms-dns 8.8.4.4 proxyarp debug lock nobsdcomp novj novjccomp nologfd plugin radius.so plugin radattr.so radius-config-file /etc/radiusclient-ng/radiusclient.conf # cat /usr/share/radiusclient-ng/dictionary # grep -v "#" dictionary | grep -v ^$ ATTRIBUTE User-Name 1 string ATTRIBUTE Password 2 string ATTRIBUTE CHAP-Password 3 string ATTRIBUTE NAS-IP-Address 4 ipaddr ATTRIBUTE NAS-Port-Id 5 integer ATTRIBUTE Service-Type 6 integer ATTRIBUTE Framed-Protocol 7 integer ATTRIBUTE Framed-IP-Address 8 ipaddr ATTRIBUTE Framed-IP-Netmask 9 ipaddr ATTRIBUTE Framed-Routing 10 integer ATTRIBUTE Filter-Id 11 string ATTRIBUTE Framed-MTU 12 integer ATTRIBUTE Framed-Compression 13 integer ATTRIBUTE Login-IP-Host 14 ipaddr ATTRIBUTE Login-Service 15 integer ATTRIBUTE Login-TCP-Port 16 integer ATTRIBUTE Reply-Message 18 string ATTRIBUTE Callback-Number 19 string ATTRIBUTE Callback-Id 20 string ATTRIBUTE Framed-Route 22 string ATTRIBUTE Framed-IPX-Network 23 ipaddr ATTRIBUTE State 24 string ATTRIBUTE Class 25 string ATTRIBUTE Vendor-Specific 26 string ATTRIBUTE Session-Timeout 27 integer ATTRIBUTE Idle-Timeout 28 integer ATTRIBUTE Termination-Action 29 integer ATTRIBUTE Called-Station-Id 30 string ATTRIBUTE Calling-Station-Id 31 string ATTRIBUTE NAS-Identifier 32 string ATTRIBUTE Proxy-State 33 string ATTRIBUTE Login-LAT-Service 34 string ATTRIBUTE Login-LAT-Node 35 string ATTRIBUTE Login-LAT-Group 36 string ATTRIBUTE Framed-AppleTalk-Link 37 integer ATTRIBUTE Framed-AppleTalk-Network 38 integer ATTRIBUTE Framed-AppleTalk-Zone 39 string ATTRIBUTE Acct-Status-Type 40 integer ATTRIBUTE Acct-Delay-Time 41 integer ATTRIBUTE Acct-Input-Octets 42 integer ATTRIBUTE Acct-Output-Octets 43 integer ATTRIBUTE Acct-Session-Id 44 string ATTRIBUTE Acct-Authentic 45 integer ATTRIBUTE Acct-Session-Time 46 integer ATTRIBUTE Acct-Input-Packets 47 integer ATTRIBUTE Acct-Output-Packets 48 integer ATTRIBUTE Acct-Terminate-Cause 49 integer ATTRIBUTE Acct-Multi-Session-Id 50 string ATTRIBUTE Acct-Link-Count 51 integer ATTRIBUTE Event-Timestamp 55 integer ATTRIBUTE CHAP-Challenge 60 string ATTRIBUTE NAS-Port-Type 61 integer ATTRIBUTE Port-Limit 62 integer ATTRIBUTE Login-LAT-Port 63 integer ATTRIBUTE Connect-Info 77 string ATTRIBUTE NAS-IPv6-Address 95 string ATTRIBUTE Framed-Interface-Id 96 string ATTRIBUTE Framed-IPv6-Prefix 97 string ATTRIBUTE Login-IPv6-Host 98 string ATTRIBUTE Framed-IPv6-Route 99 string ATTRIBUTE Framed-IPv6-Pool 100 string ATTRIBUTE Huntgroup-Name 221 string ATTRIBUTE User-Category 1029 string ATTRIBUTE Group-Name 1030 string ATTRIBUTE Simultaneous-Use 1034 integer ATTRIBUTE Strip-User-Name 1035 integer ATTRIBUTE Fall-Through 1036 integer ATTRIBUTE Add-Port-To-IP-Address 1037 integer ATTRIBUTE Exec-Program 1038 string ATTRIBUTE Exec-Program-Wait 1039 string ATTRIBUTE Hint 1040 string ATTRIBUTE Expiration 21 date ATTRIBUTE Auth-Type 1000 integer ATTRIBUTE Menu 1001 string ATTRIBUTE Termination-Menu 1002 string ATTRIBUTE Prefix 1003 string ATTRIBUTE Suffix 1004 string ATTRIBUTE Group 1005 string ATTRIBUTE Crypt-Password 1006 string ATTRIBUTE Connect-Rate 1007 integer VALUE Service-Type Login-User 1 VALUE Service-Type Framed-User 2 VALUE Service-Type Callback-Login-User 3 VALUE Service-Type Callback-Framed-User 4 VALUE Service-Type Outbound-User 5 VALUE Service-Type Administrative-User 6 VALUE Service-Type NAS-Prompt-User 7 VALUE Framed-Protocol PPP 1 VALUE Framed-Protocol SLIP 2 VALUE Framed-Routing None 0 VALUE Framed-Routing Broadcast 1 VALUE Framed-Routing Listen 2 VALUE Framed-Routing Broadcast-Listen 3 VALUE Framed-Compression None 0 VALUE Framed-Compression Van-Jacobson-TCP-IP 1 VALUE Login-Service Telnet 0 VALUE Login-Service Rlogin 1 VALUE Login-Service TCP-Clear 2 VALUE Login-Service PortMaster 3 VALUE Acct-Status-Type Start 1 VALUE Acct-Status-Type Stop 2 VALUE Acct-Status-Type Alive 3 VALUE Acct-Status-Type Accounting-On 7 VALUE Acct-Status-Type Accounting-Off 8 VALUE Acct-Authentic RADIUS 1 VALUE Acct-Authentic Local 2 VALUE Acct-Authentic PowerLink128 100 VALUE Termination-Action Default 0 VALUE Termination-Action RADIUS-Request 1 VALUE NAS-Port-Type Async 0 VALUE NAS-Port-Type Sync 1 VALUE NAS-Port-Type ISDN 2 VALUE NAS-Port-Type ISDN-V120 3 VALUE NAS-Port-Type ISDN-V110 4 VALUE Acct-Terminate-Cause User-Request 1 VALUE Acct-Terminate-Cause Lost-Carrier 2 VALUE Acct-Terminate-Cause Lost-Service 3 VALUE Acct-Terminate-Cause Idle-Timeout 4 VALUE Acct-Terminate-Cause Session-Timeout 5 VALUE Acct-Terminate-Cause Admin-Reset 6 VALUE Acct-Terminate-Cause Admin-Reboot 7 VALUE Acct-Terminate-Cause Port-Error 8 VALUE Acct-Terminate-Cause NAS-Error 9 VALUE Acct-Terminate-Cause NAS-Request 10 VALUE Acct-Terminate-Cause NAS-Reboot 11 VALUE Acct-Terminate-Cause Port-Unneeded 12 VALUE Acct-Terminate-Cause Port-Preempted 13 VALUE Acct-Terminate-Cause Port-Suspended 14 VALUE Acct-Terminate-Cause Service-Unavailable 15 VALUE Acct-Terminate-Cause Callback 16 VALUE Acct-Terminate-Cause User-Error 17 VALUE Acct-Terminate-Cause Host-Request 18 VALUE Auth-Type Local 0 VALUE Auth-Type System 1 VALUE Auth-Type SecurID 2 VALUE Auth-Type Crypt-Local 3 VALUE Auth-Type Reject 4 VALUE Auth-Type Pam 253 VALUE Auth-Type Accept 254 VALUE Fall-Through No 0 VALUE Fall-Through Yes 1 VALUE Add-Port-To-IP-Address No 0 VALUE Add-Port-To-IP-Address Yes 1 INCLUDE /usr/share/radiusclient-ng/dictionary.merit INCLUDE /usr/share/radiusclient-ng/dictionary.microsoft INCLUDE /usr/share/radiusclient-ng/dictionary.ascend INCLUDE /usr/share/radiusclient-ng/dictionary.compat I have googled a lot, but no big progress, any help is appreciated.