Including vendor dictionary in config
Oleg Olejek
oleg.olejek at gmail.com
Mon Aug 31 21:31:45 CEST 2020
I found my mistake, Sorry for disturbing You. All dict includes should be
set up in dictionary file in raddb directory. But documentation says that
it can also be pointed in radiusd.conf file. I managed to fix an issue. Thx
again.
On Mon, Aug 31, 2020 at 10:06 PM Oleg Olejek <oleg.olejek at gmail.com> wrote:
> cat /usr/local/share/freeradius/dictionary
> # -*- text -*-
> # Copyright (C) 2019 The FreeRADIUS Server project and contributors
> # This work is licensed under CC-BY version 4.0
> https://creativecommons.org/licenses/by/4.0
> #
> # Version $Id: a6a2e16c0265bb3d0fcaa5521a89511aab695111 $
> #
> # DO NOT EDIT THE FILES IN THIS DIRECTORY
> #
> # The files in this directory are maintained and updated by
> # the FreeRADIUS project. Newer releases of software may update
> # or change these files.
> #
> # Use the main dictionary file (usually /etc/raddb/dictionary)
> # for local system attributes and $INCLUDEs.
> #
> #
> #
> # This file contains dictionary translations for parsing
> # requests and generating responses. All transactions are
> # composed of Attribute/Value Pairs. The value of each attribute
> # is specified as one of a few data types. Valid data types are:
> #
> # string - printable text, generally UTF-8 encoded. (The RFCs
> call this "text")
> # ipaddr - 4 octets in network byte order
> # ipv4prefix - 1 octet reserved, one octet prefix, 4 octets ipaddr
> # integer - 32 bit value in big endian order
> # integer64 - 64 bit value in big endian order
> # date - 32 bit value in big endian order - seconds since
> # 00:00:00 GMT, Jan. 1, 1970
> # ifid - 8 octets in network byte order
> # ipv6addr - 16 octets in network byte order
> # ipv6prefix - 1 octet reserved, one octet prefix, 16 octets ipv6addr
> # tlv - type-length-value
> #
> # FreeRADIUS includes data types which are not defined
> # in the RFC's. These data types are:
> #
> # abinary - Ascend's binary filter format.
> # byte - 8 bit unsigned integer
> # ether - 6 octets of hh:hh:hh:hh:hh:hh
> # where 'h' is hex digits, upper or lowercase.
> # short - 16-bit unsigned integer in network byte order
> # signed - 32-bit signed integer in network byte order
> # octets - raw octets, printed and input as hex strings.
> # e.g.: 0x123456789abcdef The RFCs call this "string".
> #
> # FreeRADIUS uses a number of data types which are defined in
> # RFC 6929. These data types should NEVER be used in any other
> # dictionary. We won't even list them here.
> #
> #
> # Enumerated values are stored in the user file with dictionary
> # VALUE translations for easy administration.
> #
> # Example:
> #
> # ATTRIBUTE VALUE
> # --------------- -----
> # Framed-Protocol = PPP
> # 7 = 1 (integer encoding)
> #
>
> #
> # Include compatibility dictionary for older users file. Move
> # this directive to the end of this file if you want to see the
> # old names in the logfiles, instead of the new names.
> #
> $INCLUDE dictionary.compat
>
> #
> # These dictionaries define attributes in the IETF managed space.
> # (i.e. 1..255). This is wrong. We include them here to allow them.
> # The IETF allocated ones are listed below, which gives them
> priority.
> #
> # i.e. don't do this. Don't use these attributes
> #
> $INCLUDE dictionary.usr.illegal
> $INCLUDE dictionary.ascend.illegal
>
> #
> # IETF allocated attributes and values. Split out into
> # the RFC which defined them.
> #
> # For a complete list of the standard attributes and values,
> # see:
> # http://www.iana.org/assignments/radius-types
> #
> $INCLUDE dictionary.rfc2865
> $INCLUDE dictionary.rfc2866
> $INCLUDE dictionary.rfc2867
> $INCLUDE dictionary.rfc2868
> $INCLUDE dictionary.rfc2869
> $INCLUDE dictionary.rfc3162
> $INCLUDE dictionary.rfc3576
> $INCLUDE dictionary.rfc3580
> $INCLUDE dictionary.rfc4072
> $INCLUDE dictionary.rfc4372
> $INCLUDE dictionary.rfc4603
> $INCLUDE dictionary.rfc4675
> $INCLUDE dictionary.rfc4679
> $INCLUDE dictionary.rfc4818
> $INCLUDE dictionary.rfc4849
> $INCLUDE dictionary.rfc5176
> $INCLUDE dictionary.rfc5447
> $INCLUDE dictionary.rfc5580
> $INCLUDE dictionary.rfc5607
> $INCLUDE dictionary.rfc5904
> $INCLUDE dictionary.rfc6519
> $INCLUDE dictionary.rfc6572
> $INCLUDE dictionary.rfc6677
> $INCLUDE dictionary.rfc6911
> $INCLUDE dictionary.rfc6929
> $INCLUDE dictionary.rfc6930
> $INCLUDE dictionary.rfc7055
> $INCLUDE dictionary.rfc7155
> $INCLUDE dictionary.rfc7268
> $INCLUDE dictionary.rfc7499
> $INCLUDE dictionary.rfc7930
> $INCLUDE dictionary.rfc8045
> $INCLUDE dictionary.rfc8559
>
> #
> # Mostly values which have been allocated by IANA under
> # "expert review", but which don't have an RFC associated with them.
> #
> $INCLUDE dictionary.iana
>
> #
> # Commented out because of attribute conflicts.
> #
> #$INCLUDE dictionary.alvarion.wimax.v2_2
> #$INCLUDE dictionary.nokia.conflict
> #$INCLUDE dictionary.openser
> #$INCLUDE dictionary.starent.vsa1
> #$INCLUDE dictionary.wimax.wichorus
>
> #
> # Vendor dictionaries are listed after the standard ones.
> #
> $INCLUDE dictionary.3com
> $INCLUDE dictionary.3gpp
> $INCLUDE dictionary.3gpp2
> $INCLUDE dictionary.acc
> $INCLUDE dictionary.acme
> $INCLUDE dictionary.actelis
> $INCLUDE dictionary.adtran
> $INCLUDE dictionary.aerohive
> $INCLUDE dictionary.airespace
> $INCLUDE dictionary.alcatel
> $INCLUDE dictionary.alcatel-lucent.aaa
> $INCLUDE dictionary.alcatel.esam
> $INCLUDE dictionary.alcatel.sr
> $INCLUDE dictionary.alteon
> $INCLUDE dictionary.altiga
> $INCLUDE dictionary.alvarion
> $INCLUDE dictionary.apc
> $INCLUDE dictionary.aptilo
> $INCLUDE dictionary.aptis
> $INCLUDE dictionary.arbor
> $INCLUDE dictionary.arista
> $INCLUDE dictionary.aruba
> $INCLUDE dictionary.ascend
> $INCLUDE dictionary.asn
> $INCLUDE dictionary.audiocodes
> $INCLUDE dictionary.avaya
> $INCLUDE dictionary.azaire
> $INCLUDE dictionary.bay
> $INCLUDE dictionary.bigswitch
> $INCLUDE dictionary.bintec
> $INCLUDE dictionary.bluecoat
> $INCLUDE dictionary.boingo
> $INCLUDE dictionary.bristol
> $INCLUDE dictionary.broadsoft
> $INCLUDE dictionary.brocade
> $INCLUDE dictionary.bskyb
> $INCLUDE dictionary.bt
> $INCLUDE dictionary.cablelabs
> $INCLUDE dictionary.cabletron
> $INCLUDE dictionary.camiant
> $INCLUDE dictionary.checkpoint
> $INCLUDE dictionary.chillispot
> $INCLUDE dictionary.cisco
> $INCLUDE dictionary.cisco.asa
> #
> # The Cisco VPN300 dictionary uses the same Vendor ID as the ASA
> one.
> # You shouldn't use both at the same time.
> #
> # Note : the altiga dictionary, not listed here, also uses the same
> Vendor ID
> #
> #$INCLUDE dictionary.cisco.vpn3000
> $INCLUDE dictionary.cisco.bbsm
> $INCLUDE dictionary.cisco.vpn5000
> $INCLUDE dictionary.citrix
> $INCLUDE dictionary.clavister
> $INCLUDE dictionary.cnergee
> $INCLUDE dictionary.colubris
> $INCLUDE dictionary.columbia_university
> $INCLUDE dictionary.compatible
> $INCLUDE dictionary.cosine
> $INCLUDE dictionary.dante
> $INCLUDE dictionary.dellemc
> $INCLUDE dictionary.digium
> $INCLUDE dictionary.dlink
> $INCLUDE dictionary.dragonwave
> $INCLUDE dictionary.efficientip
> $INCLUDE dictionary.eltex
> $INCLUDE dictionary.epygi
> $INCLUDE dictionary.equallogic
> $INCLUDE dictionary.ericsson
> $INCLUDE dictionary.ericsson.ab
> $INCLUDE dictionary.ericsson.packet.core.networks
> $INCLUDE dictionary.erx
> $INCLUDE dictionary.extreme
> $INCLUDE dictionary.f5
> $INCLUDE dictionary.fdxtended
> $INCLUDE dictionary.force10
> $INCLUDE dictionary.fortinet
> $INCLUDE dictionary.foundry
> $INCLUDE dictionary.freeradius
> $INCLUDE dictionary.freeswitch
> $INCLUDE dictionary.gandalf
> $INCLUDE dictionary.garderos
> $INCLUDE dictionary.gemtek
> $INCLUDE dictionary.h3c
> $INCLUDE dictionary.hillstone
> $INCLUDE dictionary.hp
> $INCLUDE dictionary.huawei
> $INCLUDE dictionary.iea
> $INCLUDE dictionary.infinera
> $INCLUDE dictionary.infoblox
> $INCLUDE dictionary.infonet
> $INCLUDE dictionary.ipunplugged
> $INCLUDE dictionary.issanni
> $INCLUDE dictionary.itk
> $INCLUDE dictionary.juniper
> $INCLUDE dictionary.karlnet
> $INCLUDE dictionary.kineto
> $INCLUDE dictionary.lancom
> $INCLUDE dictionary.lantronix
> $INCLUDE dictionary.livingston
> $INCLUDE dictionary.localweb
> $INCLUDE dictionary.lucent
> $INCLUDE dictionary.manzara
> $INCLUDE dictionary.meinberg
> $INCLUDE dictionary.meraki
> $INCLUDE dictionary.merit
> $INCLUDE dictionary.meru
> $INCLUDE dictionary.microsemi
> $INCLUDE dictionary.microsoft
> $INCLUDE dictionary.mikrotik
> $INCLUDE dictionary.mimosa
> $INCLUDE dictionary.motorola
> $INCLUDE dictionary.motorola.wimax
> $INCLUDE dictionary.navini
> $INCLUDE dictionary.net
> $INCLUDE dictionary.netscreen
> $INCLUDE dictionary.networkphysics
> $INCLUDE dictionary.nexans
> $INCLUDE dictionary.nokia
> $INCLUDE dictionary.nomadix
> $INCLUDE dictionary.nortel
> $INCLUDE dictionary.ntua
> $INCLUDE dictionary.packeteer
> $INCLUDE dictionary.paloalto
> $INCLUDE dictionary.patton
> $INCLUDE dictionary.perle
> $INCLUDE dictionary.pfsense
> $INCLUDE dictionary.pica8
> $INCLUDE dictionary.propel
> $INCLUDE dictionary.prosoft
> $INCLUDE dictionary.proxim
> $INCLUDE dictionary.purewave
> $INCLUDE dictionary.quiconnect
> $INCLUDE dictionary.quintum
> $INCLUDE dictionary.rcntec
> $INCLUDE dictionary.redcreek
> $INCLUDE dictionary.riverbed
> $INCLUDE dictionary.riverstone
> $INCLUDE dictionary.roaringpenguin
> $INCLUDE dictionary.ruckus
> $INCLUDE dictionary.ruggedcom
> $INCLUDE dictionary.sangoma
> $INCLUDE dictionary.sg
> $INCLUDE dictionary.shasta
> $INCLUDE dictionary.shiva
> $INCLUDE dictionary.siemens
> $INCLUDE dictionary.slipstream
> $INCLUDE dictionary.sofaware
> $INCLUDE dictionary.softbank
> $INCLUDE dictionary.sonicwall
> $INCLUDE dictionary.springtide
> $INCLUDE dictionary.starent
> $INCLUDE dictionary.surfnet
> $INCLUDE dictionary.symbol
> $INCLUDE dictionary.t_systems_nova
> $INCLUDE dictionary.telebit
> $INCLUDE dictionary.telkom
> $INCLUDE dictionary.terena
> $INCLUDE dictionary.trapeze
> $INCLUDE dictionary.travelping
> $INCLUDE dictionary.tripplite
> $INCLUDE dictionary.tropos
> $INCLUDE dictionary.ukerna
> $INCLUDE dictionary.unix
> $INCLUDE dictionary.usr
> $INCLUDE dictionary.utstarcom
> $INCLUDE dictionary.valemount
> $INCLUDE dictionary.vasexperts
> $INCLUDE dictionary.verizon
> $INCLUDE dictionary.versanet
> $INCLUDE dictionary.walabi
> $INCLUDE dictionary.waverider
> $INCLUDE dictionary.wichorus
> $INCLUDE dictionary.wifialliance
> $INCLUDE dictionary.wimax
> $INCLUDE dictionary.wispr
> $INCLUDE dictionary.xedia
> $INCLUDE dictionary.xylan
> $INCLUDE dictionary.yubico
> $INCLUDE dictionary.zeus
> $INCLUDE dictionary.zte
> $INCLUDE dictionary.zyxel
>
> #
> # And finally the server internal attributes.
> # These are attributes which NEVER go into a RADIUS packet.
> #
> $INCLUDE dictionary.freeradius.internal
>
> cat /usr/local/share/freeradius/dictionary.compat
> # -*- text -*-
> # Copyright (C) 2019 The FreeRADIUS Server project and contributors
> # This work is licensed under CC-BY version 4.0
> https://creativecommons.org/licenses/by/4.0
> #
> # Obsolete names for backwards compatibility with older users files.
> # Move the $INCLUDE in the main dictionary file to the end if you
> want
> # these names to be used in the "details" logfile.
> #
>
> # This has been removed. Too many people get it wrong.
> #ATTRIBUTE Password 2 string
> encrypt=1
> ATTRIBUTE Client-Id 4 ipaddr
> ATTRIBUTE Client-Port-Id 5 integer
> ATTRIBUTE User-Service-Type 6 integer
> ATTRIBUTE Framed-Address 8 ipaddr
> ATTRIBUTE Framed-Netmask 9 ipaddr
> ATTRIBUTE Framed-Filter-Id 11 string
> ATTRIBUTE Login-Host 14 ipaddr
> ATTRIBUTE Login-Port 16 integer
> ATTRIBUTE Old-Password 17 string
> ATTRIBUTE Port-Message 18 string
> ATTRIBUTE Dialback-No 19 string
> ATTRIBUTE Dialback-Name 20 string
> ATTRIBUTE Challenge-State 24 string
> VALUE Framed-Compression Van-Jacobsen-TCP-IP 1
> VALUE Framed-Compression VJ-TCP-IP 1
> VALUE Service-Type Shell-User 6
> VALUE Auth-Type Unix 1
> VALUE Service-Type Dialback-Login-User 3
> VALUE Service-Type Dialback-Framed-User 4
> VALUE Service-Type Dialout-Framed-User 5
>
> #
> # For compatibility with MERIT users files.
> #
> ATTRIBUTE Login-Callback-Number 19 string
> ATTRIBUTE Framed-Callback-Id 20 string
> ATTRIBUTE Client-Port-DNIS 30 string
> ATTRIBUTE Caller-ID 31 string
> VALUE Service-Type Login 1
> VALUE Service-Type Framed 2
> VALUE Service-Type Callback-Login 3
> VALUE Service-Type Callback-Framed 4
> VALUE Service-Type Exec-User 7
>
>
> All dictionaries have default content. All these dictionaries I got after
> installing from source. Nothing was changed.
>
> On Mon, Aug 31, 2020 at 9:58 PM Jorge Pereira <jpereira at freeradius.org>
> wrote:
>
>>
>> > On 31 Aug 2020, at 15:50, Oleg Olejek <oleg.olejek at gmail.com> wrote:
>> >
>> > Sure)
>> > The Main goal is to deal with Fortigate using vendor specific attribute.
>> > I added line at the end of radiusd.conf: $INCLUDE
>> > /usr/local/share/freeradius/dictionary
>>
>> Share the content added into the file. Indeed, looks wrong. It will be
>> hard to help if you don’t share the content. Therefore, keep in mind that
>> the dictionaries files
>> expect *only* the dictionary syntax. You can’t add “if(…) {}” or anything
>> else.
>>
>>
>> > radiusd -X gives this error:
>> > including configuration file /usr/local/etc/raddb/mods-enabled/unpack
>> > including configuration file /usr/local/etc/raddb/mods-enabled/utf8
>> > including files in directory /usr/local/etc/raddb/policy.d/
>> > including configuration file /usr/local/etc/raddb/policy.d/abfab-tr
>> > including configuration file /usr/local/etc/raddb/policy.d/accounting
>> > including configuration file
>> /usr/local/etc/raddb/policy.d/canonicalization
>> > including configuration file /usr/local/etc/raddb/policy.d/control
>> > including configuration file /usr/local/etc/raddb/policy.d/cui
>> > including configuration file /usr/local/etc/raddb/policy.d/debug
>> > including configuration file /usr/local/etc/raddb/policy.d/dhcp
>> > including configuration file /usr/local/etc/raddb/policy.d/eap
>> > including configuration file /usr/local/etc/raddb/policy.d/filter
>> > including configuration file
>> > /usr/local/etc/raddb/policy.d/moonshot-targeted-ids
>> > including configuration file /usr/local/etc/raddb/policy.d/operator-name
>> > including configuration file /usr/local/etc/raddb/policy.d/rfc7542
>> > including files in directory /usr/local/etc/raddb/sites-enabled/
>> > including configuration file /usr/local/etc/raddb/sites-enabled/default
>> > including configuration file
>> /usr/local/etc/raddb/sites-enabled/inner-tunnel
>> > including configuration file /usr/local/share/freeradius/dictionary
>> > including configuration file
>> /usr/local/share/freeradius/dictionary.compat
>> > /usr/local/share/freeradius/dictionary.compat[12]: Expecting section
>> start
>> > brace '{' after "ATTRIBUTE Client-Id"
>> > Errors reading or parsing /usr/local/etc/raddb/radiusd.conf
>> >
>> > On Mon, Aug 31, 2020 at 9:43 PM Jorge Pereira <jpereira at freeradius.org>
>> > wrote:
>> >
>> >> Oleg,
>> >>
>> >> I didn’t understand that error. Can you share the debug output as
>> >> described in https://wiki.freeradius.org/guide/radiusd-X <
>> >> https://wiki.freeradius.org/guide/radiusd-X>
>> >>
>> >> --
>> >> Jorge Pereira
>> >> jpereira at freeradius.org
>> >>
>> >>
>> >>
>> >>
>> >>> On 31 Aug 2020, at 12:27, Oleg Olejek <oleg.olejek at gmail.com> wrote:
>> >>>
>> >>> dictionary.fortinet
>> >>
>> >> -
>> >> List info/subscribe/unsubscribe? See
>> >> http://www.freeradius.org/list/users.html
>> >
>> >
>> >
>> > --
>> > С уважением, Олежек Олег.
>> > Тел.:+380933964967
>> > Skype: dizaar
>> >
>> > Best Regards, Oleg Olezhek.
>> > Phone: +380933964967
>> > Skype: dizaar
>> > -
>> > List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
>
>
> --
> С уважением, Олежек Олег.
> Тел.:+380933964967
> Skype: dizaar
>
> Best Regards, Oleg Olezhek.
> Phone: +380933964967
> Skype: dizaar
>
--
С уважением, Олежек Олег.
Тел.:+380933964967
Skype: dizaar
Best Regards, Oleg Olezhek.
Phone: +380933964967
Skype: dizaar
More information about the Freeradius-Users
mailing list