RADIUS Attribute Types
RADIUS Attribute Types
RADIUS Attribute Types
These constants define RADIUS attribute types that
can be used with radius_put_addr(), radius_put_attr(), radius_put_int() and radius_put_string().
-
RADIUS_USER_NAME
(integer) -
The User-Name attribute. The attribute value is
expected to be a string
containing the name of the user being authenticated, and can be set
using radius_put_attr(). -
RADIUS_USER_PASSWORD
(integer) -
The User-Password attribute. The attribute value is
expected to be a string
containing the user’s password, and can be set using radius_put_attr(). This value will be
obfuscated on transmission as described in » section 5.2 of RFC 2865. -
RADIUS_CHAP_PASSWORD
(integer) -
The Chap-Password attribute. The attribute value is
expected to be a string
with the first byte containing the CHAP identifier, and the
subsequent 16 bytes containing the MD5 hash of the CHAP identifier,
the plaintext password and the CHAP challenge value concatenated
together. Note that the CHAP challenge value should also be sent
separately in aRADIUS_CHAP_CHALLENGE
attribute.Example #1 Using CHAP passwords
<?php
// Firstly, we'll create an authentication handle and request.
$radh = radius_auth_open();
radius_add_server($radh, $server, $port, $secret, 3, 3);
radius_create_request($radh, RADIUS_ACCESS_REQUEST); // Assuming $password contains the plaintext password, we now:// Generate a challenge.
$challenge = mt_rand(); // Specify a CHAP identifier.
$ident = 1; // Add the Chap-Password attribute.
$cp = md5(pack('Ca*', $ident, $password.$challenge), true);
radius_put_attr($radh, RADIUS_CHAP_PASSWORD, pack('C', $ident).$cp); // Add the Chap-Challenge attribute.
radius_put_attr($radh, RADIUS_CHAP_CHALLENGE, $challenge); /* From here, you would add the remaining attributes and
* call radius_send_request(). */
?> -
RADIUS_NAS_IP_ADDRESS
(integer) -
The NAS-IP-Address attribute. The attribute value
is expected to the IP address of the RADIUS client encoded as an
integer, which can be set using
radius_put_addr(). -
RADIUS_NAS_PORT
(integer) -
The NAS-Port attribute. The attribute value is
expected to be the physical port of the user on the RADIUS client
encoded as an integer, which can be set using
radius_put_int(). -
RADIUS_SERVICE_TYPE
(integer) -
The Service-Type attribute. The attribute value
indicates the service type the user is requesting, and is expected
to be an integer, which can be set using
radius_put_int().A number of constants are provided to represent the
possible values of this attribute. They include:RADIUS_LOGIN
RADIUS_FRAMED
-
RADIUS_CALLBACK_LOGIN
-
RADIUS_CALLBACK_FRAMED
-
RADIUS_OUTBOUND
-
RADIUS_ADMINISTRATIVE
-
RADIUS_NAS_PROMPT
-
RADIUS_AUTHENTICATE_ONLY
-
RADIUS_CALLBACK_NAS_PROMPT
-
RADIUS_FRAMED_PROTOCOL
(integer) -
The Framed-Protocol attribute. The attribute value
is expected to be an integer indicating the framing to be used
for framed access, and can be set using radius_put_int(). The possible attribute
values include these constants:RADIUS_PPP
RADIUS_SLIP
RADIUS_ARAP
-
RADIUS_GANDALF
-
RADIUS_XYLOGICS
-
RADIUS_FRAMED_IP_ADDRESS
(integer) -
The Framed-IP-Address attribute. The attribute
value is expected to be the address of the user’s network encoded
as an integer, which can be set using
radius_put_addr() and retrieved using
radius_cvt_addr(). -
RADIUS_FRAMED_IP_NETMASK
(integer) -
The Framed-IP-Netmask attribute. The attribute
value is expected to be the netmask of the user’s network encoded
as an integer, which can be set using
radius_put_addr() and retrieved using
radius_cvt_addr(). -
RADIUS_FRAMED_ROUTING
(integer) -
The Framed-Routing attribute. The attribute value
is expected to be an integer indicating the routing method for
the user, which can be set using radius_put_int().Possible values include:
- 0: No routing
- 1: Send routing packets
- 2: Listen for routing packets
- 3: Send and listen
-
RADIUS_FILTER_ID
(integer) -
The Filter-ID attribute. The attribute value is
expected to be an implementation-specific, human-readable
string of filters, which can be set using
radius_put_attr(). -
RADIUS_FRAMED_MTU
(integer) -
The Framed-MTU attribute. The attribute value is
expected to be an integer indicating the MTU to be
configured for the user, and can be set using radius_put_int(). -
RADIUS_FRAMED_COMPRESSION
(integer) -
The Framed-Compression attribute. The attribute
value is expected to be an integer indicating the compression
protocol to be used, and can be set using radius_put_int(). Possible values include
these constants:-
RADIUS_COMP_NONE
:
No compression -
RADIUS_COMP_VJ
: VJ
TCP/IP header compression -
RADIUS_COMP_IPXHDR
: IPX header
compression -
RADIUS_COMP_STAC_LZS
: Stac-LZS
compression (added in PECL radius 1.3.0b2)
-
-
RADIUS_LOGIN_IP_HOST
(integer) -
The Login-IP-Host attribute. The attribute value is
expected to the IP address to connect the user to, encoded as an
integer, which can be set using
radius_put_addr(). -
RADIUS_LOGIN_SERVICE
(integer) -
The Login-Service attribute. The attribute value is
an integer indicating the service to connect
the user to on the login host. The value can be converted to a PHP
integer via radius_cvt_int(). -
RADIUS_LOGIN_TCP_PORT
(integer) -
The Login-TCP-Port attribute. The attribute value
is an integer indicating the port to
connect the user to on the login host. The value can be converted
to a PHP integer via radius_cvt_int(). -
RADIUS_REPLY_MESSAGE
(integer) -
The Reply-Message attribute. The attribute value is
a string containing text that may be
displayed to the user in response to an access request. -
RADIUS_CALLBACK_NUMBER
(integer) -
The Callback-Number attribute. The attribute value
is a string containing the dialing string to
use for callback. -
RADIUS_CALLBACK_ID
(integer) -
The Callback-Id attribute. The attribute value is a
string containing an
implementation-specific name of the place to be called. -
RADIUS_FRAMED_ROUTE
(integer) -
The Framed-Route attribute. The attribute value is
a string containing an
implementation-specific set of routes to be configured for the
user. -
RADIUS_FRAMED_IPX_NETWORK
(integer) -
The Framed-IPX-Network attribute. The attribute
value is an integer containing the IPX network to be
configured for the user, or 0xFFFFFFFE to indicate that
the RADIUS client should select the network, and can be accessed
via radius_cvt_int(). -
RADIUS_STATE
(integer) -
The State attribute. The attribute value is an
implementation-defined string
included in an Access-Challenge from a server that must be included
in the subsequent Access-Request, and can be set using radius_put_attr(). -
RADIUS_CLASS
(integer) -
The Class attribute. The attribute value is an
arbitrary string included in an Access-Accept
message that should then be sent to the accounting server in
Accounting-Request messages, and can be set using radius_put_attr(). -
RADIUS_VENDOR_SPECIFIC
(integer) -
The Vendor-Specific attribute. In general, vendor
attribute values should be set using radius_put_vendor_addr(), radius_put_vendor_attr(), radius_put_vendor_int() and radius_put_vendor_string(), rather than
directly.This constant is mostly useful when interpreting
vendor specific attributes in responses from a RADIUS server; when
a vendor specific attribute is received, the radius_get_vendor_attr() function should be
used to access the vendor ID, attribute type and attribute
value. -
RADIUS_SESSION_TIMEOUT
(integer) -
Session timeout
-
RADIUS_IDLE_TIMEOUT
(integer) -
Idle timeout
-
RADIUS_TERMINATION_ACTION
(integer) -
Termination action
-
RADIUS_CALLED_STATION_ID
(integer) -
Called Station Id
-
RADIUS_CALLING_STATION_ID
(integer) -
Calling Station Id
-
RADIUS_NAS_IDENTIFIER
(integer) -
NAS ID
-
RADIUS_PROXY_STATE
(integer) -
Proxy State
-
RADIUS_LOGIN_LAT_SERVICE
(integer) -
Login LAT Service
-
RADIUS_LOGIN_LAT_NODE
(integer) -
Login LAT Node
-
RADIUS_LOGIN_LAT_GROUP
(integer) -
Login LAT Group
-
RADIUS_FRAMED_APPLETALK_LINK
(integer) -
Framed Appletalk Link
-
RADIUS_FRAMED_APPLETALK_NETWORK
(integer) -
Framed Appletalk Network
-
RADIUS_FRAMED_APPLETALK_ZONE
(integer) -
Framed Appletalk Zone
-
RADIUS_CHAP_CHALLENGE
(integer) -
Challenge
-
RADIUS_NAS_PORT_TYPE
(integer) -
NAS port type, one of:
RADIUS_ASYNC
RADIUS_SYNC
-
RADIUS_ISDN_SYNC
-
RADIUS_ISDN_ASYNC_V120
-
RADIUS_ISDN_ASYNC_V110
-
RADIUS_VIRTUAL
RADIUS_PIAFS
-
RADIUS_HDLC_CLEAR_CHANNEL
RADIUS_X_25
RADIUS_X_75
-
RADIUS_G_3_FAX
RADIUS_SDSL
-
RADIUS_ADSL_CAP
-
RADIUS_ADSL_DMT
RADIUS_IDSL
-
RADIUS_ETHERNET
RADIUS_XDSL
RADIUS_CABLE
-
RADIUS_WIRELESS_OTHER
-
RADIUS_WIRELESS_IEEE_802_11
-
RADIUS_PORT_LIMIT
(integer) -
Port Limit
-
RADIUS_LOGIN_LAT_PORT
(integer) -
Login LAT Port
-
RADIUS_CONNECT_INFO
(integer) -
Connect info
-
RADIUS_ACCT_STATUS_TYPE
(integer) -
Accounting status type, one of:
RADIUS_START
RADIUS_STOP
-
RADIUS_ACCOUNTING_ON
-
RADIUS_ACCOUNTING_OFF
-
RADIUS_ACCT_DELAY_TIME
(integer) -
Accounting delay time
-
RADIUS_ACCT_INPUT_OCTETS
(integer) -
Accounting input bytes
-
RADIUS_ACCT_OUTPUT_OCTETS
(integer) -
Accounting output bytes
-
RADIUS_ACCT_SESSION_ID
(integer) -
Accounting session ID
-
RADIUS_ACCT_AUTHENTIC
(integer) -
Accounting authentic, one of:
-
RADIUS_AUTH_RADIUS
-
RADIUS_AUTH_LOCAL
-
RADIUS_AUTH_REMOTE
-
-
RADIUS_ACCT_SESSION_TIME
(integer) -
Accounting session time
-
RADIUS_ACCT_INPUT_PACKETS
(integer) -
Accounting input packets
-
RADIUS_ACCT_OUTPUT_PACKETS
(integer) -
Accounting output packets
-
RADIUS_ACCT_TERMINATE_CAUSE
(integer) -
Accounting terminate cause, one of:
-
RADIUS_TERM_USER_REQUEST
-
RADIUS_TERM_LOST_CARRIER
-
RADIUS_TERM_LOST_SERVICE
-
RADIUS_TERM_IDLE_TIMEOUT
-
RADIUS_TERM_SESSION_TIMEOUT
-
RADIUS_TERM_ADMIN_RESET
-
RADIUS_TERM_ADMIN_REBOOT
-
RADIUS_TERM_PORT_ERROR
-
RADIUS_TERM_NAS_ERROR
-
RADIUS_TERM_NAS_REQUEST
-
RADIUS_TERM_NAS_REBOOT
-
RADIUS_TERM_PORT_UNNEEDED
-
RADIUS_TERM_PORT_PREEMPTED
-
RADIUS_TERM_PORT_SUSPENDED
-
RADIUS_TERM_SERVICE_UNAVAILABLE
-
RADIUS_TERM_CALLBACK
-
RADIUS_TERM_USER_ERROR
-
RADIUS_TERM_HOST_REQUEST
-
-
RADIUS_ACCT_MULTI_SESSION_ID
(integer) -
Accounting multi session ID
-
RADIUS_ACCT_LINK_COUNT
(integer) -
Accounting link count