table of contents
other versions
- wheezy 2.1.12+dfsg-1.2
- wheezy-backports 2.2.5+dfsg-0.1~bpo70+1
- jessie 2.2.5+dfsg-0.2
- testing 3.0.12+dfsg-5
- unstable 3.0.12+dfsg-5
dictionary(5) | File Formats Manual | dictionary(5) |
NAME¶
dictionary - RADIUS dictionary fileDESCRIPTION¶
The master RADIUS dictionary file resides in /etc/raddb/dictionary. It references other dictionary files located in /usr/local/share/freeradius/. Each dictionary file contains a list of RADIUS attributes and values, which the server uses to map between descriptive names and on-the-wire data. The names have no meaning outside of the RADIUS server itself, and are never exchanged between server and clients. That is, editing the dictionaries will have NO EFFECT on anything other than the server that is reading those files. Adding new attributes to the dictionaries will have NO EFFECT on RADIUS clients, and will not make RADIUS clients magically understand those attributes. The dictionaries are solely for local administrator convenience, and are specific to each version of FreeRADIUS. The dictionaries in /usr/local/share SHOULD NOT be edited unless you know exactly what you are doing. Changing them will most likely break your RADIUS deployment. If you need to add new attributes, please edit the /etc/raddb/dictionary file. It's sole purpose is to contain site-local defintions that are added by the local administrator.FORMAT¶
Every line starting with a hash sign ('#') is treated as comment and ignored. Each line of the file can contain one of the following strings- ATTRIBUTE name number type [vendor|options]
- Define a RADIUS attribute name to number mapping. The
name field can be any non-space text, but is usually taken from
RFC2865, and other related documents. The number field is
also taken from the relevant documents, for that name. The type
field can be one of string, octets, ipaddr,
integer, date, ifid, ipv6addr,
ipv6prefix, or ether abinary. See the RFC's, or the
main dictionary file for a description of the various types.
encrypt=[1-3]
Mark the attribute as being encrypted with one
of three methods. "1" means that the attribute is encrypted with the
method as defined in RFC2865 for the User-Password attribute.
"2" means that the password is encrypted with the method as defined
in RFC2868 for the Tunnel-Password attribute. "3" means that
the attribute is encrypted as per Ascend's definitions for the
Ascend-Send-Secret attribute.
has_tag
Mark the attribute as being permitted to have
a tag, as defined in RFC2868. The purpose of the tag is to allow
grouping of attributes for tunnelled users. See RFC2868 for more
details.
- VALUE attribute-name value-name number
- Define an attribute value name to number mapping, for an
attribute of type integer. The attribute-name field MUST be
previously defined by an ATTRIBUTE entry. The value-name
field can be any non-space text, but is usually taken from RFC2865,
or other documents.. The number field is also taken from the
relevant documents, for that name.
- VENDOR vendor-name number [format=t,l]
- Define a Vendor Specific Attribute encapsulation for vendor-name to number. For a list of vendor names and numbers, see http://www.iana.org/enterprise-numbers.txt.
- $INCLUDE filename
- Include dictionary entries from the file filename. The filename is taken as relative to the location of the file which is asking for the inclusion.
FILES¶
/etc/raddb/dictionary, /usr/share/freeradius/dictionary.*SEE ALSO¶
radiusd(8), naslist(5), RFC2865, RFC2866, RFC286831 Oct 2005 |