dictionary(5)

1dictionary(5)                 File Formats Manual                dictionary(5)
2
3
4

NAME

6       dictionary - RADIUS dictionary file
7

DESCRIPTION

9       The master RADIUS dictionary file resides in /etc/raddb/dictionary.  It
10       references other dictionary files located  in  /usr/local/share/freera‐
11       dius/.   Each  dictionary file contains a list of RADIUS attributes and
12       values, which the server uses to map between descriptive names and  on-
13       the-wire  data.  The names have no meaning outside of the RADIUS server
14       itself, and are never exchanged between server and clients.
15
16       That is, editing the dictionaries will have NO EFFECT on anything other
17       than  the server that is reading those files.  Adding new attributes to
18       the dictionaries will have NO EFFECT on RADIUS clients,  and  will  not
19       make RADIUS clients magically understand those attributes.  The dictio‐
20       naries are solely for local administrator convenience, and are specific
21       to each version of FreeRADIUS.
22
23       The  dictionaries  in  /usr/local/share SHOULD NOT be edited unless you
24       know exactly what you are doing.  Changing them will most likely  break
25       your RADIUS deployment.
26
27       If  you  need to add new attributes, please edit the /etc/raddb/dictio‐
28       nary file.  It's sole purpose is to contain site-local defintions  that
29       are added by the local administrator.
30
31

FORMAT

33       Every  line  starting  with a hash sign ('#') is treated as comment and
34       ignored.
35
36       Each line of the file can contain one of the following strings
37
38       ATTRIBUTE name number type [vendor|options]
39            Define a RADIUS attribute name to number mapping.  The name  field
40            can  be any non-space text, but is usually taken from RFC2865, and
41            other related documents.  The number field is also taken from  the
42            relevant  documents,  for that name.  The type field can be one of
43            string, octets, ipaddr, integer, date, ifid, ipv6addr, ipv6prefix,
44            or  ether abinary.  See the RFC's, or the main dictionary file for
45            a description of the various types.
46
47            The last (optional) field of  an  attribute  definition  can  have
48            either  a vendor name, or options for that attribute.  When a ven‐
49            dor name is given, the attribute is defined to be  a  vendor  spe‐
50            cific attribute.  Alternately, the options may be the a comma-sep‐
51            arated list of the following options:
52
53
54            encrypt=[1-3]
55            Mark the attribute as being encrypted with one of  three  methods.
56            "1"  means  that  the  attribute  is  encrypted with the method as
57            defined in RFC2865 for the  User-Password  attribute.   "2"  means
58            that  the  password  is  encrypted  with  the method as defined in
59            RFC2868 for the Tunnel-Password attribute.   "3"  means  that  the
60            attribute is encrypted as per Ascend's definitions for the Ascend-
61            Send-Secret attribute.
62
63            has_tag
64            Mark the attribute as being permitted to have a tag, as defined in
65            RFC2868.   The  purpose  of  the  tag  is  to  allow  grouping  of
66            attributes for tunnelled users.  See RFC2868 for more details.
67
68       When the server receives an encoded attribute in a  RADIUS  packet,  it
69       looks  up that attribute by number in the dictionary, and uses the name
70       found there for printing diagnostic and log messages.
71
72
73       VALUE attribute-name value-name number
74            Define an attribute value name to number mapping, for an attribute
75            of  type  integer.   The  attribute-name  field MUST be previously
76            defined by an ATTRIBUTE entry.  The value-name field  can  be  any
77            non-space  text, but is usually taken from RFC2865, or other docu‐
78            ments..  The number field is also taken from  the  relevant  docu‐
79            ments, for that name.
80
81            When  the  server receives an encoded value in a RADIUS packet, it
82            looks up the value of that attribute by number in the  dictionary,
83            and uses the name found there for printing diagnostic and log mes‐
84            sages.
85
86
87       VENDOR vendor-name number [format=t,l]
88            Define a Vendor Specific Attribute encapsulation  for  vendor-name
89            to   number.   For  a  list  of  vendor  names  and  numbers,  see
90            http://www.iana.org/enterprise-numbers.txt.
91
92       The "format=t,l" statement tells the server how many octets to  use  to
93       encode/decode  the vendor "type" and "length" fields in the attributes.
94       The default is "format=1,1", which does not have to be specified.   For
95       USR  VSA's,  the  format  is  "format=4,0", for Lucent VSA's it's "for‐
96       mat=2,1", and for Starent VSA's it's "format=2,2".
97
98       The supported values for the number of  type  octets  (i.e.  the  first
99       digit)  are  1,  2, and 4.  The support values for the number of length
100       octets (i.e. the second digit) are 0, 1, and  2.   Any  combination  of
101       those values will work.
102
103
104       $INCLUDE filename
105            Include  dictionary  entries from the file filename.  The filename
106            is taken as relative to the location of the file which  is  asking
107            for the inclusion.
108

FILES

110       /etc/raddb/dictionary, /usr/share/freeradius/dictionary.*
111

NAME

DESCRIPTION

FORMAT

FILES

SEE ALSO