RADIUS Attributes
Applies To: Windows Server 2008, Windows Server 2008 R2
RADIUS attributes are containers that include a type, a length, and a value that hold information that is sent in RADIUS messages between RADIUS clients and RADIUS servers. One RADIUS message can include multiple RADIUS attributes, each of which holds a specific type of information for which the attribute was designed. For example, the Calling-Station-ID attribute can include a value that is the telephone number from which a dial-up networking session was initiated. A dial-in server that is configured as a RADIUS client can send the Calling-Station-ID attribute, along with other attributes and information, in an Access-Request RADIUS message to a RADIUS server.
The following figure shows the structure of each RADIUS attribute. RADIUS attributes use the common Type-Length-Value format that is used by other protocols.
.gif)
Type field
The Type field is 1 byte long and indicates the specific type of RADIUS attribute.
Length field
The Length field is one byte long and indicates the length of the attribute, including the Type, Length, and Value fields.
Value field
The Value field is zero or more octets and contains information specific to the attribute. The format and length of the Value field is based on the type of RADIUS attribute. Note that value 26 is reserved for vendor-specific attributes (VSAs).
RADIUS standard attribute types
The RADIUS standard attributes are listed in the following table. For information about other RADIUS attributes and their use, see Internet Engineering Task Force (IETF) Request for Comments (RFCs) 2865 and 2866.
| Type Value | Attribute Name | Type Value | Attribute Name |
|---|---|---|---|
1 |
User-Name |
45 |
Acct-Authentic |
2 |
User-Password |
46 |
Acct-Session-Time |
3 |
CHAP-Password |
47 |
Acct-Input-Packets |
4 |
NAS-IP-Address |
48 |
Acct-Output-Messages |
5 |
NAS-Port |
49 |
Acct-Terminate-Cause |
6 |
Service-Type |
50 |
Acct-Multi-Session-Id |
7 |
Framed-Protocol |
51 |
Acct-Link-Count |
8 |
Framed-IP-Address |
52 |
Acct-Input-Gigawords |
9 |
Framed-IP-Netmask |
53 |
Acct-Output-Gigawords |
10 |
Framed-Routing |
55 |
Event-Timestamp |
11 |
Filter-ID |
60 |
CHAP-Challenge |
12 |
Framed-MTU |
61 |
NAS-Port-Type |
13 |
Framed-Compression |
62 |
Port-Limit |
14 |
Login-IP-Host |
63 |
Login-LAT-Port |
15 |
Login-Service |
64 |
Tunnel-Type |
16 |
Login-TCP-Port |
65 |
Tunnel-Medium-Type |
18 |
Reply-Message |
66 |
Tunnel-Client-Endpt |
19 |
Callback-Number |
67 |
Tunnel-Server-Endpt |
20 |
Callback-Id |
68 |
Acct-Tunnel-Connection |
22 |
Framed-Route |
69 |
Tunnel-Password |
23 |
Framed-IPX-Network |
70 |
ARAP-Password |
24 |
State |
71 |
ARAP-Features |
25 |
Class |
72 |
ARAP-Zone-Access |
26 |
Vendor-Specific |
73 |
ARAP-Security |
27 |
Session-Time-out |
74 |
ARAP-Security-Data |
28 |
Idle-Time-out |
75 |
Password-Retry |
29 |
Termination-Action |
76 |
PROMPT |
30 |
Called-Station-Id |
77 |
Connect-Info |
31 |
Calling-Station-Id |
78 |
Configuration-Token |
32 |
NAS-Identifier |
79 |
EAP-Message |
33 |
Proxy-State |
80 |
Message-Authenticator |
34 |
Login-LAT-Service |
81 |
Tunnel-Pvt-Group-ID |
35 |
Login-LAT-Node |
82 |
Tunnel-Assignment-ID |
36 |
Login-LAT-Group |
83 |
Tunnel-Preference |
37 |
Framed-AppleTalk-Link |
84 |
ARAP-Challenge-Response |
38 |
Framed-AppleTalk-Network |
85 |
Acct-Interim-Interval |
39 |
Framed-AppleTalk-Zone |
86 |
Acct-Tunnel-Packets-Lost |
40 |
Acct-Status-Type |
87 |
NAS-Port-Id |
41 |
Acct-Delay-Time |
88 |
Framed-Pool |
42 |
Acct-Input-Octets |
90 |
Tunnel-Client-Auth-ID |
43 |
Acct-Output-Octets |
91 |
Tunnel-Server-Auth-ID |
44 |
Acct-Session-Id |
|
|
Note
The RADIUS standard attributes are described in Request for Comments (RFC) 2865 and RFC 2866.