dictionary man page on YellowDog

Man page or keyword search:  
man Server   18644 pages
apropos Keyword Search (all sections)
Output format
YellowDog logo
[printable version]

dictionary(5)							 dictionary(5)

NAME
       dictionary - RADIUS dictionary file

DESCRIPTION
       The master RADIUS dictionary file resides in /etc/raddb/dictionary.  It
       references other dictionary files located  in  /usr/local/share/freera‐
       dius/.	Each  dictionary file contains a list of RADIUS attributes and
       values, which the server uses to map between descriptive names and  on-
       the-wire	 data.	The names have no meaning outside of the RADIUS server
       itself, and are never exchanged between server and clients.

       That is, editing the dictionaries will have NO EFFECT on anything other
       than  the server that is reading those files.  Adding new attributes to
       the dictionaries will have NO EFFECT on RADIUS clients,	and  will  not
       make RADIUS clients magically understand those attributes.  The dictio‐
       naries are solely for local administrator convenience, and are specific
       to each version of FreeRADIUS.

       The  dictionaries  in  /usr/local/share SHOULD NOT be edited unless you
       know exactly what you are doing.	 Changing them will most likely	 break
       your RADIUS deployment.

       If  you	need to add new attributes, please edit the /etc/raddb/dictio‐
       nary file.  It's sole purpose is to contain site-local defintions  that
       are added by the local administrator.

FORMAT
       Every  line  starting  with a hash sign ('#') is treated as comment and
       ignored.

       Each line of the file can contain one of the following strings

       ATTRIBUTE name number type [vendor|options]
	    Define a RADIUS attribute name to number mapping.  The name	 field
	    can	 be any non-space text, but is usually taken from RFC2865, and
	    other related documents.  The number field is also taken from  the
	    relevant  documents,  for that name.  The type field can be one of
	    string, octets, ipaddr, integer, date, ifid, ipv6addr, ipv6prefix,
	    or	abinary.   See	the  RFC's,  or the main dictionary file for a
	    description of the various types.

	    The last (optional) field of  an  attribute	 definition  can  have
	    either  a vendor name, or options for that attribute.  When a ven‐
	    dor name is given, the attribute is defined to be  a  vendor  spe‐
	    cific attribute.  Alternately, the options may be the a comma-sep‐
	    arated list of the following options:

	    encrypt=[1-3]
	    Mark the attribute as being encrypted with one of  three  methods.
	    "1"	 means	that  the  attribute  is  encrypted with the method as
	    defined in RFC2865 for the	User-Password  attribute.   "2"	 means
	    that  the  password	 is  encrypted	with  the method as defined in
	    RFC2868 for the Tunnel-Password attribute.	 "3"  means  that  the
	    attribute is encrypted as per Ascend's definitions for the Ascend-
	    Send-Secret attribute.

	    has_tag
	    Mark the attribute as being permitted to have a tag, as defined in
	    RFC2868.   The  purpose  of	 the  tag  is  to  allow  grouping  of
	    attributes for tunnelled users.  See RFC2868 for more details.

       When the server receives an encoded attribute in a  RADIUS  packet,  it
       looks  up that attribute by number in the dictionary, and uses the name
       found there for printing diagnostic and log messages.

       VALUE attribute-name value-name number
	    Define an attribute value name to number mapping, for an attribute
	    of	type  integer.	 The  attribute-name  field MUST be previously
	    defined by an ATTRIBUTE entry.  The value-name field  can  be  any
	    non-space  text, but is usually taken from RFC2865, or other docu‐
	    ments..  The number field is also taken from  the  relevant	 docu‐
	    ments, for that name.

	    When  the  server receives an encoded value in a RADIUS packet, it
	    looks up the value of that attribute by number in the  dictionary,
	    and uses the name found there for printing diagnostic and log mes‐
	    sages.

       VENDOR vendor-name number [format=t,l]
	    Define a Vendor Specific Attribute encapsulation  for  vendor-name
	    to	 number.   For	a  list	 of  vendor  names  and	 numbers,  see
	    http://www.iana.org/enterprise-numbers.txt.

       The "format=t,l" statement tells the server how many octets to  use  to
       encode/decode  the vendor "type" and "length" fields in the attributes.
       The default is "format=1,1", which does not have to be specified.   For
       USR  VSA's,  the	 format	 is  "format=4,0", for Lucent VSA's it's "for‐
       mat=2,1", and for Starent VSA's it's "format=2,2".

       The supported values for the number of  type  octets  (i.e.  the	 first
       digit)  are  1,	2, and 4.  The support values for the number of length
       octets (i.e. the second digit) are 0, 1, and  2.	  Any  combination  of
       those values will work.

       $INCLUDE filename
	    Include  dictionary	 entries from the file filename.  The filename
	    is taken as relative to the location of the file which  is	asking
	    for the inclusion.

FILES
       /etc/raddb/dictionary, /usr/share/freeradius/dictionary.*

SEE ALSO
       radiusd(8), naslist(5), RFC2865, RFC2866, RFC2868

				  31 Oct 2005			 dictionary(5)
[top]

List of man pages available for YellowDog

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net