Including vendor dictionary in config
Oleg Olejek
oleg.olejek at gmail.com
Mon Aug 31 21:06:11 CEST 2020
cat /usr/local/share/freeradius/dictionary
# -*- text -*-
# Copyright (C) 2019 The FreeRADIUS Server project and contributors
# This work is licensed under CC-BY version 4.0
https://creativecommons.org/licenses/by/4.0
#
# Version $Id: a6a2e16c0265bb3d0fcaa5521a89511aab695111 $
#
# DO NOT EDIT THE FILES IN THIS DIRECTORY
#
# The files in this directory are maintained and updated by
# the FreeRADIUS project. Newer releases of software may update
# or change these files.
#
# Use the main dictionary file (usually /etc/raddb/dictionary)
# for local system attributes and $INCLUDEs.
#
#
#
# This file contains dictionary translations for parsing
# requests and generating responses. All transactions are
# composed of Attribute/Value Pairs. The value of each attribute
# is specified as one of a few data types. Valid data types are:
#
# string - printable text, generally UTF-8 encoded. (The RFCs
call this "text")
# ipaddr - 4 octets in network byte order
# ipv4prefix - 1 octet reserved, one octet prefix, 4 octets ipaddr
# integer - 32 bit value in big endian order
# integer64 - 64 bit value in big endian order
# date - 32 bit value in big endian order - seconds since
# 00:00:00 GMT, Jan. 1, 1970
# ifid - 8 octets in network byte order
# ipv6addr - 16 octets in network byte order
# ipv6prefix - 1 octet reserved, one octet prefix, 16 octets ipv6addr
# tlv - type-length-value
#
# FreeRADIUS includes data types which are not defined
# in the RFC's. These data types are:
#
# abinary - Ascend's binary filter format.
# byte - 8 bit unsigned integer
# ether - 6 octets of hh:hh:hh:hh:hh:hh
# where 'h' is hex digits, upper or lowercase.
# short - 16-bit unsigned integer in network byte order
# signed - 32-bit signed integer in network byte order
# octets - raw octets, printed and input as hex strings.
# e.g.: 0x123456789abcdef The RFCs call this "string".
#
# FreeRADIUS uses a number of data types which are defined in
# RFC 6929. These data types should NEVER be used in any other
# dictionary. We won't even list them here.
#
#
# Enumerated values are stored in the user file with dictionary
# VALUE translations for easy administration.
#
# Example:
#
# ATTRIBUTE VALUE
# --------------- -----
# Framed-Protocol = PPP
# 7 = 1 (integer encoding)
#
#
# Include compatibility dictionary for older users file. Move
# this directive to the end of this file if you want to see the
# old names in the logfiles, instead of the new names.
#
$INCLUDE dictionary.compat
#
# These dictionaries define attributes in the IETF managed space.
# (i.e. 1..255). This is wrong. We include them here to allow them.
# The IETF allocated ones are listed below, which gives them priority.
#
# i.e. don't do this. Don't use these attributes
#
$INCLUDE dictionary.usr.illegal
$INCLUDE dictionary.ascend.illegal
#
# IETF allocated attributes and values. Split out into
# the RFC which defined them.
#
# For a complete list of the standard attributes and values,
# see:
# http://www.iana.org/assignments/radius-types
#
$INCLUDE dictionary.rfc2865
$INCLUDE dictionary.rfc2866
$INCLUDE dictionary.rfc2867
$INCLUDE dictionary.rfc2868
$INCLUDE dictionary.rfc2869
$INCLUDE dictionary.rfc3162
$INCLUDE dictionary.rfc3576
$INCLUDE dictionary.rfc3580
$INCLUDE dictionary.rfc4072
$INCLUDE dictionary.rfc4372
$INCLUDE dictionary.rfc4603
$INCLUDE dictionary.rfc4675
$INCLUDE dictionary.rfc4679
$INCLUDE dictionary.rfc4818
$INCLUDE dictionary.rfc4849
$INCLUDE dictionary.rfc5176
$INCLUDE dictionary.rfc5447
$INCLUDE dictionary.rfc5580
$INCLUDE dictionary.rfc5607
$INCLUDE dictionary.rfc5904
$INCLUDE dictionary.rfc6519
$INCLUDE dictionary.rfc6572
$INCLUDE dictionary.rfc6677
$INCLUDE dictionary.rfc6911
$INCLUDE dictionary.rfc6929
$INCLUDE dictionary.rfc6930
$INCLUDE dictionary.rfc7055
$INCLUDE dictionary.rfc7155
$INCLUDE dictionary.rfc7268
$INCLUDE dictionary.rfc7499
$INCLUDE dictionary.rfc7930
$INCLUDE dictionary.rfc8045
$INCLUDE dictionary.rfc8559
#
# Mostly values which have been allocated by IANA under
# "expert review", but which don't have an RFC associated with them.
#
$INCLUDE dictionary.iana
#
# Commented out because of attribute conflicts.
#
#$INCLUDE dictionary.alvarion.wimax.v2_2
#$INCLUDE dictionary.nokia.conflict
#$INCLUDE dictionary.openser
#$INCLUDE dictionary.starent.vsa1
#$INCLUDE dictionary.wimax.wichorus
#
# Vendor dictionaries are listed after the standard ones.
#
$INCLUDE dictionary.3com
$INCLUDE dictionary.3gpp
$INCLUDE dictionary.3gpp2
$INCLUDE dictionary.acc
$INCLUDE dictionary.acme
$INCLUDE dictionary.actelis
$INCLUDE dictionary.adtran
$INCLUDE dictionary.aerohive
$INCLUDE dictionary.airespace
$INCLUDE dictionary.alcatel
$INCLUDE dictionary.alcatel-lucent.aaa
$INCLUDE dictionary.alcatel.esam
$INCLUDE dictionary.alcatel.sr
$INCLUDE dictionary.alteon
$INCLUDE dictionary.altiga
$INCLUDE dictionary.alvarion
$INCLUDE dictionary.apc
$INCLUDE dictionary.aptilo
$INCLUDE dictionary.aptis
$INCLUDE dictionary.arbor
$INCLUDE dictionary.arista
$INCLUDE dictionary.aruba
$INCLUDE dictionary.ascend
$INCLUDE dictionary.asn
$INCLUDE dictionary.audiocodes
$INCLUDE dictionary.avaya
$INCLUDE dictionary.azaire
$INCLUDE dictionary.bay
$INCLUDE dictionary.bigswitch
$INCLUDE dictionary.bintec
$INCLUDE dictionary.bluecoat
$INCLUDE dictionary.boingo
$INCLUDE dictionary.bristol
$INCLUDE dictionary.broadsoft
$INCLUDE dictionary.brocade
$INCLUDE dictionary.bskyb
$INCLUDE dictionary.bt
$INCLUDE dictionary.cablelabs
$INCLUDE dictionary.cabletron
$INCLUDE dictionary.camiant
$INCLUDE dictionary.checkpoint
$INCLUDE dictionary.chillispot
$INCLUDE dictionary.cisco
$INCLUDE dictionary.cisco.asa
#
# The Cisco VPN300 dictionary uses the same Vendor ID as the ASA one.
# You shouldn't use both at the same time.
#
# Note : the altiga dictionary, not listed here, also uses the same
Vendor ID
#
#$INCLUDE dictionary.cisco.vpn3000
$INCLUDE dictionary.cisco.bbsm
$INCLUDE dictionary.cisco.vpn5000
$INCLUDE dictionary.citrix
$INCLUDE dictionary.clavister
$INCLUDE dictionary.cnergee
$INCLUDE dictionary.colubris
$INCLUDE dictionary.columbia_university
$INCLUDE dictionary.compatible
$INCLUDE dictionary.cosine
$INCLUDE dictionary.dante
$INCLUDE dictionary.dellemc
$INCLUDE dictionary.digium
$INCLUDE dictionary.dlink
$INCLUDE dictionary.dragonwave
$INCLUDE dictionary.efficientip
$INCLUDE dictionary.eltex
$INCLUDE dictionary.epygi
$INCLUDE dictionary.equallogic
$INCLUDE dictionary.ericsson
$INCLUDE dictionary.ericsson.ab
$INCLUDE dictionary.ericsson.packet.core.networks
$INCLUDE dictionary.erx
$INCLUDE dictionary.extreme
$INCLUDE dictionary.f5
$INCLUDE dictionary.fdxtended
$INCLUDE dictionary.force10
$INCLUDE dictionary.fortinet
$INCLUDE dictionary.foundry
$INCLUDE dictionary.freeradius
$INCLUDE dictionary.freeswitch
$INCLUDE dictionary.gandalf
$INCLUDE dictionary.garderos
$INCLUDE dictionary.gemtek
$INCLUDE dictionary.h3c
$INCLUDE dictionary.hillstone
$INCLUDE dictionary.hp
$INCLUDE dictionary.huawei
$INCLUDE dictionary.iea
$INCLUDE dictionary.infinera
$INCLUDE dictionary.infoblox
$INCLUDE dictionary.infonet
$INCLUDE dictionary.ipunplugged
$INCLUDE dictionary.issanni
$INCLUDE dictionary.itk
$INCLUDE dictionary.juniper
$INCLUDE dictionary.karlnet
$INCLUDE dictionary.kineto
$INCLUDE dictionary.lancom
$INCLUDE dictionary.lantronix
$INCLUDE dictionary.livingston
$INCLUDE dictionary.localweb
$INCLUDE dictionary.lucent
$INCLUDE dictionary.manzara
$INCLUDE dictionary.meinberg
$INCLUDE dictionary.meraki
$INCLUDE dictionary.merit
$INCLUDE dictionary.meru
$INCLUDE dictionary.microsemi
$INCLUDE dictionary.microsoft
$INCLUDE dictionary.mikrotik
$INCLUDE dictionary.mimosa
$INCLUDE dictionary.motorola
$INCLUDE dictionary.motorola.wimax
$INCLUDE dictionary.navini
$INCLUDE dictionary.net
$INCLUDE dictionary.netscreen
$INCLUDE dictionary.networkphysics
$INCLUDE dictionary.nexans
$INCLUDE dictionary.nokia
$INCLUDE dictionary.nomadix
$INCLUDE dictionary.nortel
$INCLUDE dictionary.ntua
$INCLUDE dictionary.packeteer
$INCLUDE dictionary.paloalto
$INCLUDE dictionary.patton
$INCLUDE dictionary.perle
$INCLUDE dictionary.pfsense
$INCLUDE dictionary.pica8
$INCLUDE dictionary.propel
$INCLUDE dictionary.prosoft
$INCLUDE dictionary.proxim
$INCLUDE dictionary.purewave
$INCLUDE dictionary.quiconnect
$INCLUDE dictionary.quintum
$INCLUDE dictionary.rcntec
$INCLUDE dictionary.redcreek
$INCLUDE dictionary.riverbed
$INCLUDE dictionary.riverstone
$INCLUDE dictionary.roaringpenguin
$INCLUDE dictionary.ruckus
$INCLUDE dictionary.ruggedcom
$INCLUDE dictionary.sangoma
$INCLUDE dictionary.sg
$INCLUDE dictionary.shasta
$INCLUDE dictionary.shiva
$INCLUDE dictionary.siemens
$INCLUDE dictionary.slipstream
$INCLUDE dictionary.sofaware
$INCLUDE dictionary.softbank
$INCLUDE dictionary.sonicwall
$INCLUDE dictionary.springtide
$INCLUDE dictionary.starent
$INCLUDE dictionary.surfnet
$INCLUDE dictionary.symbol
$INCLUDE dictionary.t_systems_nova
$INCLUDE dictionary.telebit
$INCLUDE dictionary.telkom
$INCLUDE dictionary.terena
$INCLUDE dictionary.trapeze
$INCLUDE dictionary.travelping
$INCLUDE dictionary.tripplite
$INCLUDE dictionary.tropos
$INCLUDE dictionary.ukerna
$INCLUDE dictionary.unix
$INCLUDE dictionary.usr
$INCLUDE dictionary.utstarcom
$INCLUDE dictionary.valemount
$INCLUDE dictionary.vasexperts
$INCLUDE dictionary.verizon
$INCLUDE dictionary.versanet
$INCLUDE dictionary.walabi
$INCLUDE dictionary.waverider
$INCLUDE dictionary.wichorus
$INCLUDE dictionary.wifialliance
$INCLUDE dictionary.wimax
$INCLUDE dictionary.wispr
$INCLUDE dictionary.xedia
$INCLUDE dictionary.xylan
$INCLUDE dictionary.yubico
$INCLUDE dictionary.zeus
$INCLUDE dictionary.zte
$INCLUDE dictionary.zyxel
#
# And finally the server internal attributes.
# These are attributes which NEVER go into a RADIUS packet.
#
$INCLUDE dictionary.freeradius.internal
cat /usr/local/share/freeradius/dictionary.compat
# -*- text -*-
# Copyright (C) 2019 The FreeRADIUS Server project and contributors
# This work is licensed under CC-BY version 4.0
https://creativecommons.org/licenses/by/4.0
#
# Obsolete names for backwards compatibility with older users files.
# Move the $INCLUDE in the main dictionary file to the end if you want
# these names to be used in the "details" logfile.
#
# This has been removed. Too many people get it wrong.
#ATTRIBUTE Password 2 string
encrypt=1
ATTRIBUTE Client-Id 4 ipaddr
ATTRIBUTE Client-Port-Id 5 integer
ATTRIBUTE User-Service-Type 6 integer
ATTRIBUTE Framed-Address 8 ipaddr
ATTRIBUTE Framed-Netmask 9 ipaddr
ATTRIBUTE Framed-Filter-Id 11 string
ATTRIBUTE Login-Host 14 ipaddr
ATTRIBUTE Login-Port 16 integer
ATTRIBUTE Old-Password 17 string
ATTRIBUTE Port-Message 18 string
ATTRIBUTE Dialback-No 19 string
ATTRIBUTE Dialback-Name 20 string
ATTRIBUTE Challenge-State 24 string
VALUE Framed-Compression Van-Jacobsen-TCP-IP 1
VALUE Framed-Compression VJ-TCP-IP 1
VALUE Service-Type Shell-User 6
VALUE Auth-Type Unix 1
VALUE Service-Type Dialback-Login-User 3
VALUE Service-Type Dialback-Framed-User 4
VALUE Service-Type Dialout-Framed-User 5
#
# For compatibility with MERIT users files.
#
ATTRIBUTE Login-Callback-Number 19 string
ATTRIBUTE Framed-Callback-Id 20 string
ATTRIBUTE Client-Port-DNIS 30 string
ATTRIBUTE Caller-ID 31 string
VALUE Service-Type Login 1
VALUE Service-Type Framed 2
VALUE Service-Type Callback-Login 3
VALUE Service-Type Callback-Framed 4
VALUE Service-Type Exec-User 7
All dictionaries have default content. All these dictionaries I got after
installing from source. Nothing was changed.
On Mon, Aug 31, 2020 at 9:58 PM Jorge Pereira <jpereira at freeradius.org>
wrote:
>
> > On 31 Aug 2020, at 15:50, Oleg Olejek <oleg.olejek at gmail.com> wrote:
> >
> > Sure)
> > The Main goal is to deal with Fortigate using vendor specific attribute.
> > I added line at the end of radiusd.conf: $INCLUDE
> > /usr/local/share/freeradius/dictionary
>
> Share the content added into the file. Indeed, looks wrong. It will be
> hard to help if you don’t share the content. Therefore, keep in mind that
> the dictionaries files
> expect *only* the dictionary syntax. You can’t add “if(…) {}” or anything
> else.
>
>
> > radiusd -X gives this error:
> > including configuration file /usr/local/etc/raddb/mods-enabled/unpack
> > including configuration file /usr/local/etc/raddb/mods-enabled/utf8
> > including files in directory /usr/local/etc/raddb/policy.d/
> > including configuration file /usr/local/etc/raddb/policy.d/abfab-tr
> > including configuration file /usr/local/etc/raddb/policy.d/accounting
> > including configuration file
> /usr/local/etc/raddb/policy.d/canonicalization
> > including configuration file /usr/local/etc/raddb/policy.d/control
> > including configuration file /usr/local/etc/raddb/policy.d/cui
> > including configuration file /usr/local/etc/raddb/policy.d/debug
> > including configuration file /usr/local/etc/raddb/policy.d/dhcp
> > including configuration file /usr/local/etc/raddb/policy.d/eap
> > including configuration file /usr/local/etc/raddb/policy.d/filter
> > including configuration file
> > /usr/local/etc/raddb/policy.d/moonshot-targeted-ids
> > including configuration file /usr/local/etc/raddb/policy.d/operator-name
> > including configuration file /usr/local/etc/raddb/policy.d/rfc7542
> > including files in directory /usr/local/etc/raddb/sites-enabled/
> > including configuration file /usr/local/etc/raddb/sites-enabled/default
> > including configuration file
> /usr/local/etc/raddb/sites-enabled/inner-tunnel
> > including configuration file /usr/local/share/freeradius/dictionary
> > including configuration file
> /usr/local/share/freeradius/dictionary.compat
> > /usr/local/share/freeradius/dictionary.compat[12]: Expecting section
> start
> > brace '{' after "ATTRIBUTE Client-Id"
> > Errors reading or parsing /usr/local/etc/raddb/radiusd.conf
> >
> > On Mon, Aug 31, 2020 at 9:43 PM Jorge Pereira <jpereira at freeradius.org>
> > wrote:
> >
> >> Oleg,
> >>
> >> I didn’t understand that error. Can you share the debug output as
> >> described in https://wiki.freeradius.org/guide/radiusd-X <
> >> https://wiki.freeradius.org/guide/radiusd-X>
> >>
> >> --
> >> Jorge Pereira
> >> jpereira at freeradius.org
> >>
> >>
> >>
> >>
> >>> On 31 Aug 2020, at 12:27, Oleg Olejek <oleg.olejek at gmail.com> wrote:
> >>>
> >>> dictionary.fortinet
> >>
> >> -
> >> List info/subscribe/unsubscribe? See
> >> http://www.freeradius.org/list/users.html
> >
> >
> >
> > --
> > С уважением, Олежек Олег.
> > Тел.:+380933964967
> > Skype: dizaar
> >
> > Best Regards, Oleg Olezhek.
> > Phone: +380933964967
> > Skype: dizaar
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
--
С уважением, Олежек Олег.
Тел.:+380933964967
Skype: dizaar
Best Regards, Oleg Olezhek.
Phone: +380933964967
Skype: dizaar
More information about the Freeradius-Users
mailing list