(5) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject
jaseywang
jaseywang at gmail.com
Sun Mar 26 19:08:09 CEST 2017
I need to use radius as the backend of pptp vpn for auth/login/accounting
etc. and I try to figure it out with the help of this doc:
http://www.sajithpn.com/2016/08/centos-7-installing-pptp-freeradius.html
freeradius:
# rpm -qa | grep radius
freeradius-3.0.4-7.el7_3.x86_64
radiusclient-ng-0.5.6-9.el7.x86_64
freeradius-utils-3.0.4-7.el7_3.x86_64
freeradius-mysql-3.0.4-7.el7_3.x86_64
with daloradius-0.9.9 as the web interface, both running on localhost, the
system is centos 7.2.
I use daloradius to add a new user wyx1(cleartext-password), and it passed
"test user connectivity" test, below is the daloradius/radtest and radiusd
-X output:
daloradius output:
*Executed:*
echo "User-Name='wyx1',User-Password='wyx1'" | radclient -c '1' -n '3' -r
'3' -t '3' -x '127.0.0.1:1812' 'auth' 'testing123' 2>&1
*Results:*
Sending Access-Request Id 12 from 0.0.0.0:33948 to 127.0.0.1:1812
User-Name = 'wyx1'
User-Password = 'wyx1'
Received Access-Accept Id 12 from 127.0.0.1:1812 to 127.0.0.1:33948 length
20
radtest output:
# radtest wyx1 wyx1 127.0.0.1 0 testing123
Sending Access-Request Id 127 from 0.0.0.0:38206 to 127.0.0.1:1812
User-Name = 'wyx1'
User-Password = 'wyx1'
NAS-IP-Address = 10.44.55.2
NAS-Port = 0
Message-Authenticator = 0x00
Received Access-Accept Id 127 from 127.0.0.1:1812 to 127.0.0.1:38206 length
20
radius -X output:
Received Access-Request Id 32 from 127.0.0.1:46310 to 127.0.0.1:1812 length
44
User-Name = 'wyx1'
User-Password = 'wyx1'
(6) Received Access-Request packet from host 127.0.0.1 port 46310, id=32,
length=44
(6) User-Name = 'wyx1'
(6) User-Password = 'wyx1'
(6) # Executing section authorize from file /etc/raddb/sites-enabled/default
(6) authorize {
(6) filter_username filter_username {
(6) if (!&User-Name)
(6) if (!&User-Name) -> FALSE
(6) if (&User-Name =~ / /)
(6) if (&User-Name =~ / /) -> FALSE
(6) if (&User-Name =~ /@.*@/ )
(6) if (&User-Name =~ /@.*@/ ) -> FALSE
(6) if (&User-Name =~ /\\.\\./ )
(6) if (&User-Name =~ /\\.\\./ ) -> FALSE
(6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))
(6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) ->
FALSE
(6) if (&User-Name =~ /\\.$/)
(6) if (&User-Name =~ /\\.$/) -> FALSE
(6) if (&User-Name =~ /@\\./)
(6) if (&User-Name =~ /@\\./) -> FALSE
(6) } # filter_username filter_username = notfound
(6) [preprocess] = ok
(6) auth_log : EXPAND
/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(6) auth_log : --> /var/log/radius/radacct/
127.0.0.1/auth-detail-20170327
(6) auth_log :
/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/127.0.0.1/auth-detail-20170327
(6) auth_log : EXPAND %t
(6) auth_log : --> Mon Mar 27 00:53:15 2017
(6) [auth_log] = ok
(6) [chap] = noop
(6) [mschap] = noop
(6) [digest] = noop
(6) suffix : Checking for suffix after "@"
(6) suffix : No '@' in User-Name = "wyx1", looking up realm NULL
(6) suffix : No such realm "NULL"
(6) [suffix] = noop
(6) eap : No EAP-Message, not doing EAP
(6) [eap] = noop
(6) sql : EXPAND %{User-Name}
(6) sql : --> wyx1
(6) sql : SQL-User-Name set to 'wyx1'
rlm_sql (sql): Reserved connection (7)
(6) sql : EXPAND SELECT id, username, attribute, value, op FROM radcheck
WHERE username = '%{SQL-User-Name}' ORDER BY id
(6) sql : --> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'wyx1' ORDER BY id
rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'wyx1' ORDER BY id'
(6) sql : User found in radcheck table
(6) sql : Check items matched
(6) sql : EXPAND SELECT id, username, attribute, value, op FROM radreply
WHERE username = '%{SQL-User-Name}' ORDER BY id
(6) sql : --> SELECT id, username, attribute, value, op FROM radreply
WHERE username = 'wyx1' ORDER BY id
rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'wyx1' ORDER BY id'
(6) sql : EXPAND SELECT groupname FROM radusergroup WHERE username =
'%{SQL-User-Name}' ORDER BY priority
(6) sql : --> SELECT groupname FROM radusergroup WHERE username =
'wyx1' ORDER BY priority
rlm_sql (sql): Executing query: 'SELECT groupname FROM radusergroup WHERE
username = 'wyx1' ORDER BY priority'
(6) sql : User not found in any groups
rlm_sql (sql): Released connection (7)
rlm_sql (sql): 0 of 3 connections in use. Need more spares
rlm_sql (sql): Opening additional connection (8)
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql (sql): Closing connection (6): Hit idle_timeout, was idle for 933
seconds
rlm_sql (sql): You probably need to lower "min"
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (5): Hit idle_timeout, was idle for 967
seconds
rlm_sql (sql): You probably need to lower "min"
rlm_sql_mysql: Socket destructor called, closing socket
(6) [sql] = ok
(6) [expiration] = noop
(6) [logintime] = noop
(6) [pap] = updated
(6) } # authorize = updated
(6) Found Auth-Type = PAP
(6) # Executing group from file /etc/raddb/sites-enabled/default
(6) Auth-Type PAP {
(6) pap : Login attempt with password
(6) pap : User authenticated successfully
(6) [pap] = ok
(6) } # Auth-Type PAP = ok
(6) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(6) post-auth {
(6) reply_log : EXPAND
/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d
(6) reply_log : --> /var/log/radius/radacct/
127.0.0.1/reply-detail-20170327
(6) reply_log :
/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d
expands to /var/log/radius/radacct/127.0.0.1/reply-detail-20170327
(6) reply_log : EXPAND %t
(6) reply_log : --> Mon Mar 27 00:53:15 2017
(6) [reply_log] = ok
(6) sql : EXPAND .query
(6) sql : --> .query
(6) sql : Using query template 'query'
rlm_sql (sql): Reserved connection (8)
(6) sql : EXPAND %{User-Name}
(6) sql : --> wyx1
(6) sql : SQL-User-Name set to 'wyx1'
(6) sql : EXPAND INSERT INTO radpostauth (username, pass, reply, authdate)
VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S')
(6) sql : --> INSERT INTO radpostauth (username, pass, reply, authdate)
VALUES ( 'wyx1', 'wyx1', 'Access-Accept', '2017-03-27 00:53:15')
rlm_sql (sql): Executing query: 'INSERT INTO radpostauth (username, pass,
reply, authdate) VALUES ( 'wyx1', 'wyx1', 'Access-Accept', '2017-03-27
00:53:15')'
rlm_sql (sql): Released connection (8)
(6) [sql] = ok
(6) [exec] = noop
(6) remove_reply_message_if_eap remove_reply_message_if_eap {
(6) if (&reply:EAP-Message && &reply:Reply-Message)
(6) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(6) else else {
(6) [noop] = noop
(6) } # else else = noop
(6) } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(6) } # post-auth = ok
(6) Sending Access-Accept packet to host 127.0.0.1 port 46310, id=32,
length=0
Sending Access-Accept Id 32 from 127.0.0.1:1812 to 127.0.0.1:46310
(6) Finished request
Waking up in 0.3 seconds.
Waking up in 4.6 seconds.
(6) Cleaning up request packet ID 32 with timestamp +1053
Ready to process requests
Now, everything seems fine.
But when I use the same account to connect the pptp server, it
says Authentication failed:
Received Access-Request Id 232 from 127.0.0.1:39104 to 127.0.0.1:1812
length 65
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = 'wyx1'
Calling-Station-Id = '117.73.147.49'
NAS-IP-Address = 10.44.55.2
NAS-Port = 0
(7) Received Access-Request packet from host 127.0.0.1 port 39104, id=232,
length=65
(7) Service-Type = Framed-User
(7) Framed-Protocol = PPP
(7) User-Name = 'wyx1'
(7) Calling-Station-Id = '117.73.147.49'
(7) NAS-IP-Address = 10.44.55.2
(7) NAS-Port = 0
(7) # Executing section authorize from file /etc/raddb/sites-enabled/default
(7) authorize {
(7) filter_username filter_username {
(7) if (!&User-Name)
(7) if (!&User-Name) -> FALSE
(7) if (&User-Name =~ / /)
(7) if (&User-Name =~ / /) -> FALSE
(7) if (&User-Name =~ /@.*@/ )
(7) if (&User-Name =~ /@.*@/ ) -> FALSE
(7) if (&User-Name =~ /\\.\\./ )
(7) if (&User-Name =~ /\\.\\./ ) -> FALSE
(7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))
(7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) ->
FALSE
(7) if (&User-Name =~ /\\.$/)
(7) if (&User-Name =~ /\\.$/) -> FALSE
(7) if (&User-Name =~ /@\\./)
(7) if (&User-Name =~ /@\\./) -> FALSE
(7) } # filter_username filter_username = notfound
(7) [preprocess] = ok
(7) auth_log : EXPAND
/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(7) auth_log : --> /var/log/radius/radacct/
127.0.0.1/auth-detail-20170327
(7) auth_log :
/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/127.0.0.1/auth-detail-20170327
(7) auth_log : EXPAND %t
(7) auth_log : --> Mon Mar 27 00:56:06 2017
(7) [auth_log] = ok
(7) [chap] = noop
(7) [mschap] = noop
(7) [digest] = noop
(7) suffix : Checking for suffix after "@"
(7) suffix : No '@' in User-Name = "wyx1", looking up realm NULL
(7) suffix : No such realm "NULL"
(7) [suffix] = noop
(7) eap : No EAP-Message, not doing EAP
(7) [eap] = noop
(7) sql : EXPAND %{User-Name}
(7) sql : --> wyx1
(7) sql : SQL-User-Name set to 'wyx1'
rlm_sql (sql): Reserved connection (8)
(7) sql : EXPAND SELECT id, username, attribute, value, op FROM radcheck
WHERE username = '%{SQL-User-Name}' ORDER BY id
(7) sql : --> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'wyx1' ORDER BY id
rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'wyx1' ORDER BY id'
(7) sql : User found in radcheck table
(7) sql : Check items matched
(7) sql : EXPAND SELECT id, username, attribute, value, op FROM radreply
WHERE username = '%{SQL-User-Name}' ORDER BY id
(7) sql : --> SELECT id, username, attribute, value, op FROM radreply
WHERE username = 'wyx1' ORDER BY id
rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'wyx1' ORDER BY id'
(7) sql : EXPAND SELECT groupname FROM radusergroup WHERE username =
'%{SQL-User-Name}' ORDER BY priority
(7) sql : --> SELECT groupname FROM radusergroup WHERE username =
'wyx1' ORDER BY priority
rlm_sql (sql): Executing query: 'SELECT groupname FROM radusergroup WHERE
username = 'wyx1' ORDER BY priority'
(7) sql : User not found in any groups
rlm_sql (sql): Released connection (8)
rlm_sql (sql): 0 of 2 connections in use. Need more spares
rlm_sql (sql): Opening additional connection (9)
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql (sql): Closing connection (7): Hit idle_timeout, was idle for 171
seconds
rlm_sql (sql): You probably need to lower "min"
rlm_sql_mysql: Socket destructor called, closing socket
(7) [sql] = ok
(7) [expiration] = noop
(7) [logintime] = noop
(7) pap : No cleartext password in the request. Not performing PAP
(7) [pap] = noop
(7) } # authorize = ok
(7) WARNING: Please update your configuration, and remove 'Auth-Type =
Local'
(7) WARNING: Use the PAP or CHAP modules instead
(7) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type =
Reject
(7) Failed to authenticate the user
(7) Using Post-Auth-Type Reject
(7) # Executing group from file /etc/raddb/sites-enabled/default
(7) Post-Auth-Type REJECT {
(7) sql : EXPAND .query
(7) sql : --> .query
(7) sql : Using query template 'query'
rlm_sql (sql): Reserved connection (9)
(7) sql : EXPAND %{User-Name}
(7) sql : --> wyx1
(7) sql : SQL-User-Name set to 'wyx1'
(7) sql : EXPAND INSERT INTO radpostauth (username, pass, reply, authdate)
VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S')
(7) sql : --> INSERT INTO radpostauth (username, pass, reply, authdate)
VALUES ( 'wyx1', '', 'Access-Reject', '2017-03-27 00:56:06')
rlm_sql (sql): Executing query: 'INSERT INTO radpostauth (username, pass,
reply, authdate) VALUES ( 'wyx1', '', 'Access-Reject', '2017-03-27
00:56:06')'
rlm_sql (sql): Released connection (9)
(7) [sql] = ok
(7) attr_filter.access_reject : EXPAND %{User-Name}
(7) attr_filter.access_reject : --> wyx1
(7) attr_filter.access_reject : Matched entry DEFAULT at line 11
(7) [attr_filter.access_reject] = updated
(7) eap : Request didn't contain an EAP-Message, not inserting EAP-Failure
(7) [eap] = noop
(7) remove_reply_message_if_eap remove_reply_message_if_eap {
(7) if (&reply:EAP-Message && &reply:Reply-Message)
(7) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(7) else else {
(7) [noop] = noop
(7) } # else else = noop
(7) } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(7) } # Post-Auth-Type REJECT = updated
(7) Delaying response for 1 seconds
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
(7) Sending delayed response
(7) Sending Access-Reject packet to host 127.0.0.1 port 39104, id=232,
length=0
Sending Access-Reject Id 232 from 127.0.0.1:1812 to 127.0.0.1:39104
Waking up in 3.9 seconds.
(7) Cleaning up request packet ID 232 with timestamp +1224
Ready to process requests
And the responding pptp log:
Mar 27 00:56:06 iZ2597ft3dqZ pptpd[23202]: CTRL: Client control connection
started
Mar 27 00:56:06 iZ2597ft3dqZ pptpd[23202]: CTRL: Starting call (launching
pppd, opening GRE)
Mar 27 00:56:06 iZ2597ft3dqZ pppd[23203]: Plugin radius.so loaded.
Mar 27 00:56:06 iZ2597ft3dqZ pppd[23203]: RADIUS plugin initialized.
Mar 27 00:56:06 iZ2597ft3dqZ pppd[23203]: Plugin radattr.so loaded.
Mar 27 00:56:06 iZ2597ft3dqZ pppd[23203]: RADATTR plugin initialized.
Mar 27 00:56:06 iZ2597ft3dqZ pppd[23203]: Plugin
/usr/lib64/pptpd/pptpd-logwtmp.so loaded.
Mar 27 00:56:06 iZ2597ft3dqZ pppd[23203]: pptpd-logwtmp: $Version$
Mar 27 00:56:06 iZ2597ft3dqZ pppd[23203]: pppd 2.4.5 started by root, uid 0
Mar 27 00:56:06 iZ2597ft3dqZ pppd[23203]: Using interface ppp0
Mar 27 00:56:06 iZ2597ft3dqZ pppd[23203]: Connect: ppp0 <--> /dev/pts/0
Mar 27 00:56:06 iZ2597ft3dqZ pppd[23203]: rc_avpair_new: unknown attribute
11
Mar 27 00:56:06 iZ2597ft3dqZ pppd[23203]: rc_avpair_new: unknown attribute
25
Mar 27 00:56:07 iZ2597ft3dqZ pppd[23203]: Peer wyx1 failed CHAP
authentication
Mar 27 00:56:07 iZ2597ft3dqZ pptpd[23202]: CTRL: EOF or bad error reading
ctrl packet length.
Mar 27 00:56:07 iZ2597ft3dqZ pptpd[23202]: CTRL: couldn't read packet
header (exit)
Mar 27 00:56:07 iZ2597ft3dqZ pptpd[23202]: CTRL: CTRL read failed
Mar 27 00:56:07 iZ2597ft3dqZ pppd[23203]: Modem hangup
Mar 27 00:56:07 iZ2597ft3dqZ pppd[23203]: Connection terminated.
Mar 27 00:56:07 iZ2597ft3dqZ pppd[23203]: Exit.
Mar 27 00:56:07 iZ2597ft3dqZ pptpd[23202]: CTRL: Client control connection
finished
config file:
# cat /etc/raddb/clients.conf:
client localhost {
ipaddr = 127.0.0.1
proto = *
secret = testing123
require_message_authenticator = no
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client localhost_ipv6 {
ipv6addr = ::1
secret = testing123
}
# cat /etc/raddb/radiusd.conf
prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = /var
sbindir = /usr/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
name = radiusd
confdir = ${raddbdir}
modconfdir = ${confdir}/mods-config
certdir = ${confdir}/certs
cadir = ${confdir}/certs
run_dir = ${localstatedir}/run/${name}
db_dir = ${localstatedir}/lib/radiusd
libdir = /usr/lib64/freeradius
pidfile = ${run_dir}/${name}.pid
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
hostname_lookups = no
log {
destination = files
colourise = yes
file = ${logdir}/radius.log
syslog_facility = daemon
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
msg_denied = "You are already logged in - access denied"
}
checkrad = ${sbindir}/checkrad
security {
user = radiusd
group = radiusd
allow_core_dumps = no
max_attributes = 200
reject_delay = 1
status_server = yes
}
proxy_requests = yes
$INCLUDE proxy.conf
$INCLUDE clients.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
auto_limit_acct = no
}
modules {
$INCLUDE mods-enabled/
}
instantiate {
}
policy {
$INCLUDE policy.d/
}
$INCLUDE sites-enabled/
cat /etc/raddb/users
bob Cleartext-Password := "hello"
DEFAULT Framed-Protocol == PPP
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "CSLIP"
Framed-Protocol = SLIP,
Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "SLIP"
Framed-Protocol = SLIP
cat /etc/raddb/site-enabled/default
server default {
listen {
type = auth
ipaddr = *
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
ipaddr = *
port = 0
type = acct
limit {
}
}
listen {
type = auth
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
ipv6addr = ::
port = 0
type = acct
limit {
}
}
authorize {
filter_username
preprocess
auth_log
chap
mschap
digest
suffix
eap {
ok = return
}
sql
expiration
logintime
pap
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
digest
eap
}
preacct {
preprocess
acct_unique
suffix
}
accounting {
detail
unix
sql
exec
attr_filter.accounting_response
}
session {
radutmp
sql
}
post-auth {
reply_log
sql
exec
remove_reply_message_if_eap
Post-Auth-Type REJECT {
-sql
attr_filter.access_reject
eap
remove_reply_message_if_eap
}
}
pre-proxy {
}
post-proxy {
eap
}
}
# cat /etc/ppp/options.pptpd
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns 8.8.8.8
ms-dns 8.8.4.4
proxyarp
debug
lock
nobsdcomp
novj
novjccomp
nologfd
plugin radius.so
plugin radattr.so
radius-config-file /etc/radiusclient-ng/radiusclient.conf
# cat /usr/share/radiusclient-ng/dictionary
# grep -v "#" dictionary | grep -v ^$
ATTRIBUTE User-Name 1 string
ATTRIBUTE Password 2 string
ATTRIBUTE CHAP-Password 3 string
ATTRIBUTE NAS-IP-Address 4 ipaddr
ATTRIBUTE NAS-Port-Id 5 integer
ATTRIBUTE Service-Type 6 integer
ATTRIBUTE Framed-Protocol 7 integer
ATTRIBUTE Framed-IP-Address 8 ipaddr
ATTRIBUTE Framed-IP-Netmask 9 ipaddr
ATTRIBUTE Framed-Routing 10 integer
ATTRIBUTE Filter-Id 11 string
ATTRIBUTE Framed-MTU 12 integer
ATTRIBUTE Framed-Compression 13 integer
ATTRIBUTE Login-IP-Host 14 ipaddr
ATTRIBUTE Login-Service 15 integer
ATTRIBUTE Login-TCP-Port 16 integer
ATTRIBUTE Reply-Message 18 string
ATTRIBUTE Callback-Number 19 string
ATTRIBUTE Callback-Id 20 string
ATTRIBUTE Framed-Route 22 string
ATTRIBUTE Framed-IPX-Network 23 ipaddr
ATTRIBUTE State 24 string
ATTRIBUTE Class 25 string
ATTRIBUTE Vendor-Specific 26 string
ATTRIBUTE Session-Timeout 27 integer
ATTRIBUTE Idle-Timeout 28 integer
ATTRIBUTE Termination-Action 29 integer
ATTRIBUTE Called-Station-Id 30 string
ATTRIBUTE Calling-Station-Id 31 string
ATTRIBUTE NAS-Identifier 32 string
ATTRIBUTE Proxy-State 33 string
ATTRIBUTE Login-LAT-Service 34 string
ATTRIBUTE Login-LAT-Node 35 string
ATTRIBUTE Login-LAT-Group 36 string
ATTRIBUTE Framed-AppleTalk-Link 37 integer
ATTRIBUTE Framed-AppleTalk-Network 38 integer
ATTRIBUTE Framed-AppleTalk-Zone 39 string
ATTRIBUTE Acct-Status-Type 40 integer
ATTRIBUTE Acct-Delay-Time 41 integer
ATTRIBUTE Acct-Input-Octets 42 integer
ATTRIBUTE Acct-Output-Octets 43 integer
ATTRIBUTE Acct-Session-Id 44 string
ATTRIBUTE Acct-Authentic 45 integer
ATTRIBUTE Acct-Session-Time 46 integer
ATTRIBUTE Acct-Input-Packets 47 integer
ATTRIBUTE Acct-Output-Packets 48 integer
ATTRIBUTE Acct-Terminate-Cause 49 integer
ATTRIBUTE Acct-Multi-Session-Id 50 string
ATTRIBUTE Acct-Link-Count 51 integer
ATTRIBUTE Event-Timestamp 55 integer
ATTRIBUTE CHAP-Challenge 60 string
ATTRIBUTE NAS-Port-Type 61 integer
ATTRIBUTE Port-Limit 62 integer
ATTRIBUTE Login-LAT-Port 63 integer
ATTRIBUTE Connect-Info 77 string
ATTRIBUTE NAS-IPv6-Address 95 string
ATTRIBUTE Framed-Interface-Id 96 string
ATTRIBUTE Framed-IPv6-Prefix 97 string
ATTRIBUTE Login-IPv6-Host 98 string
ATTRIBUTE Framed-IPv6-Route 99 string
ATTRIBUTE Framed-IPv6-Pool 100 string
ATTRIBUTE Huntgroup-Name 221 string
ATTRIBUTE User-Category 1029 string
ATTRIBUTE Group-Name 1030 string
ATTRIBUTE Simultaneous-Use 1034 integer
ATTRIBUTE Strip-User-Name 1035 integer
ATTRIBUTE Fall-Through 1036 integer
ATTRIBUTE Add-Port-To-IP-Address 1037 integer
ATTRIBUTE Exec-Program 1038 string
ATTRIBUTE Exec-Program-Wait 1039 string
ATTRIBUTE Hint 1040 string
ATTRIBUTE Expiration 21 date
ATTRIBUTE Auth-Type 1000 integer
ATTRIBUTE Menu 1001 string
ATTRIBUTE Termination-Menu 1002 string
ATTRIBUTE Prefix 1003 string
ATTRIBUTE Suffix 1004 string
ATTRIBUTE Group 1005 string
ATTRIBUTE Crypt-Password 1006 string
ATTRIBUTE Connect-Rate 1007 integer
VALUE Service-Type Login-User 1
VALUE Service-Type Framed-User 2
VALUE Service-Type Callback-Login-User 3
VALUE Service-Type Callback-Framed-User 4
VALUE Service-Type Outbound-User 5
VALUE Service-Type Administrative-User 6
VALUE Service-Type NAS-Prompt-User 7
VALUE Framed-Protocol PPP 1
VALUE Framed-Protocol SLIP 2
VALUE Framed-Routing None 0
VALUE Framed-Routing Broadcast 1
VALUE Framed-Routing Listen 2
VALUE Framed-Routing Broadcast-Listen 3
VALUE Framed-Compression None 0
VALUE Framed-Compression Van-Jacobson-TCP-IP 1
VALUE Login-Service Telnet 0
VALUE Login-Service Rlogin 1
VALUE Login-Service TCP-Clear 2
VALUE Login-Service PortMaster 3
VALUE Acct-Status-Type Start 1
VALUE Acct-Status-Type Stop 2
VALUE Acct-Status-Type Alive 3
VALUE Acct-Status-Type Accounting-On 7
VALUE Acct-Status-Type Accounting-Off 8
VALUE Acct-Authentic RADIUS 1
VALUE Acct-Authentic Local 2
VALUE Acct-Authentic PowerLink128 100
VALUE Termination-Action Default 0
VALUE Termination-Action RADIUS-Request 1
VALUE NAS-Port-Type Async 0
VALUE NAS-Port-Type Sync 1
VALUE NAS-Port-Type ISDN 2
VALUE NAS-Port-Type ISDN-V120 3
VALUE NAS-Port-Type ISDN-V110 4
VALUE Acct-Terminate-Cause User-Request 1
VALUE Acct-Terminate-Cause Lost-Carrier 2
VALUE Acct-Terminate-Cause Lost-Service 3
VALUE Acct-Terminate-Cause Idle-Timeout 4
VALUE Acct-Terminate-Cause Session-Timeout 5
VALUE Acct-Terminate-Cause Admin-Reset 6
VALUE Acct-Terminate-Cause Admin-Reboot 7
VALUE Acct-Terminate-Cause Port-Error 8
VALUE Acct-Terminate-Cause NAS-Error 9
VALUE Acct-Terminate-Cause NAS-Request 10
VALUE Acct-Terminate-Cause NAS-Reboot 11
VALUE Acct-Terminate-Cause Port-Unneeded 12
VALUE Acct-Terminate-Cause Port-Preempted 13
VALUE Acct-Terminate-Cause Port-Suspended 14
VALUE Acct-Terminate-Cause Service-Unavailable 15
VALUE Acct-Terminate-Cause Callback 16
VALUE Acct-Terminate-Cause User-Error 17
VALUE Acct-Terminate-Cause Host-Request 18
VALUE Auth-Type Local 0
VALUE Auth-Type System 1
VALUE Auth-Type SecurID 2
VALUE Auth-Type Crypt-Local 3
VALUE Auth-Type Reject 4
VALUE Auth-Type Pam 253
VALUE Auth-Type Accept 254
VALUE Fall-Through No 0
VALUE Fall-Through Yes 1
VALUE Add-Port-To-IP-Address No 0
VALUE Add-Port-To-IP-Address Yes 1
INCLUDE /usr/share/radiusclient-ng/dictionary.merit
INCLUDE /usr/share/radiusclient-ng/dictionary.microsoft
INCLUDE /usr/share/radiusclient-ng/dictionary.ascend
INCLUDE /usr/share/radiusclient-ng/dictionary.compat
I have googled a lot, but no big progress, any help is appreciated.
More information about the Freeradius-Users
mailing list