The following is an example entry (Access-Request) from an IAS-formatted log file.
The format of this record, which is the same for all records in your log file, includes a header, followed by the attribute-value pairs for all attributes that are contained in the packet.
Beyond the header, RADIUS attributes and values are listed in pairs in the following format:
For example, the two fields after the header contain a 6 and a 2, which can be interpreted as follows:
The value of this attribute is 2 (Framed).
This attribute-value pair is interpreted as Service-Type = Framed, which indicates to the IAS server to provide a framed protocol for the user–for example, Point-to-Point Protocol (PPP) or SLIP.
The following table describes the RADIUS attributes, listed in numerical order, which can be found in an IAS-formatted log file record. Unlike database-import log files, which use a fixed sequence of attributes, the sequence of the attributes in IAS-formatted log files depends upon the sequence used by the access server. For additional information about the sequence of these records, see the documentation for the access server.
|
Attribute
|
ID
|
Data type
|
Represents
|
|
User-Name
|
1
|
Text
|
The user identity, as specified by the user.
|
|
NAS-IP-Address
|
4
|
Text
|
The IP address of the NAS originating the request.
|
|
NAS-Port
|
5
|
Number
|
The physical port number of the NAS originating the request.
|
|
Service-Type
|
6
|
Number
|
The type of service that the user has requested.
|
|
Framed-Protocol
|
7
|
Number
|
The protocol to be used.
|
|
Framed-IP-Address
|
8
|
Text
|
The framed address to be configured for the user.
|
|
Framed-IP-Netmask
|
9
|
Text
|
The IP netmask to be configured for the user.
|
|
Framed-Routing
|
10
|
Number
|
The Routing method to be used by the user.
|
|
Filter-ID
|
11
|
Text
|
The name of the filter list for the user requesting authentication.
|
|
Framed-MTU
|
12
|
Number
|
The maximum transmission unit to be configured for the user.
|
|
Framed-Compression
|
13
|
Number
|
The compression protocol to be used.
|
|
Login-IP-Host
|
14
|
Number
|
The IP address of the host to which the user should be connected.
|
|
Login-Service
|
15
|
Number
|
The service that connects the user to the login host.
|
|
Login-TCP-Port
|
16
|
Number
|
The TCP port to which the user should be connected.
|
|
Reply-Message
|
18
|
Text
|
The message displayed to the user when an authentication request is accepted.
|
|
Callback-Number
|
19
|
Text
|
The callback phone number.
|
|
Callback-ID
|
20
|
Text
|
The name of a location to be called by the access server when performing callback.
|
|
Framed-Route
|
22
|
Text
|
The routing information that is configured on the access client.
|
|
Framed-IPX-Network
|
23
|
Number
|
The IPX network number to be configured on the NAS for the user.
|
|
Class
|
25
|
Text
|
The attribute sent to the client in an Access-Accept packet, which is useful for correlating Accounting-Request packets with authentication sessions. The format is:
-
Type Contains the value 25 (1 octet).
-
Length Contains a value of 20 or greater (1 octet).
-
Checksum Contains an Adler-32 checksum that is computed over the remainder of the Class attribute (4 octets).
-
Vendor-ID Contains the ID of the access server vendor (4 octets). The high-order octet is 0 and the low-order 3 octets are the SMI Network Management Private Enterprise Code of the vendor in network byte order, as defined in RFC 1007 "Vendor SMI Network Management Private Enterprise Codes".
-
Version Contains the value of 1 (2 octets).
-
server-Address Contains the IP address of the RADIUS server that issued the Access-Challenge. For multihomed servers, this is the address of the network interface that received the original Access-Request (2 octets).
-
Service-Reboot-Time Specifies the time at which the first serial number was returned (8 octets).
-
Unique-Serial-Number Contains a unique number to distinguish an individual connection attempt (8 octets).
-
String Contains information that is used to classify accounting records for additional analysis (0 or more octets). In IAS, the Class attribute from the profile is copied into the String field.
The Class attribute is used to match the accounting and authentication records if the Class attribute is sent by the network access server in the accounting request packets. The combination of Serial-Number, Service-Reboot-Time, and server-Address must be a unique identification for each authentication that the server accepts.
|
|
Vendor-Specific
|
26
|
Text
|
The attribute that is used to support proprietary NAS features.
|
|
Session-Timeout
|
27
|
Number
|
The length of time (in seconds) before a session is terminated.
|
|
Idle-Timeout
|
28
|
Number
|
The length of idle time (in seconds) before a session is terminated.
|
|
Termination-Action
|
29
|
Number
|
The action that the NAS should take when service is completed.
|
|
Called-Station-ID
|
30
|
Text
|
The phone number that is dialed by the user.
|
|
Calling-Station-ID
|
31
|
Text
|
The phone number from which the call originated.
|
|
NAS-Identifier
|
32
|
Text
|
The string that identifies the NAS originating the request.
|
|
Login-LAT-Service
|
34
|
Text
|
The host with which the user is to be connected by LAT.
|
|
Login-LAT-Node
|
35
|
Text
|
The node with which the user is to be connected by LAT.
|
|
Login-LAT-Group
|
36
|
Text
|
The LAT group codes for which the user is authorized.
|
|
Framed-AppleTalk-Link
|
37
|
Number
|
The AppleTalk network number for the serial link to the user (this is used only when the user is a router).
|
|
Framed-AppleTalk-Network
|
38
|
Number
|
The AppleTalk network number that the NAS must query for existence in order to allocate the user's AppleTalk node.
|
|
Framed-AppleTalk-Zone
|
39
|
Text
|
The AppleTalk default zone for the user.
|
|
Acct-Status-Type
|
40
|
Number
|
The number that specifies whether an accounting packet starts or stops a bridging, routing, or Terminal server session.
|
|
Acct-Delay-Time
|
41
|
Number
|
The length of time (in seconds) for which the NAS has been sending the same accounting packet.
|
|
Acct-Input-Octets
|
42
|
Number
|
The number of octets received during the session.
|
|
Acct-Output-Octets
|
43
|
Number
|
The number of octets sent during the session.
|
|
Acct-Session-ID
|
44
|
Text
|
The unique numeric string that identifies the server session.
|
|
Acct-Authentic
|
45
|
Number
|
The number that specifies which server has authenticated an incoming call.
|
|
Acct-Session-Time
|
46
|
Number
|
The length of time (in seconds) for which the session has been active.
|
|
Acct-Input-Packets
|
47
|
Number
|
The number of packets received during the session.
|
|
Acct-Output-Packets
|
48
|
Number
|
The number of packets sent during the session.
|
|
Acct-Terminate-Cause
|
49
|
Number
|
The reason that a connection was terminated.
|
|
Acct-Multi-SSN-ID
|
50
|
Text
|
The unique numeric string that identifies the multilink session.
|
|
Acct-Link-Count
|
51
|
Number
|
The number of links in a multilink session.
|
|
Event-Timestamp
|
55
|
Time
|
The date and time that this event occurred on the NAS.
|
|
NAS-Port-Type
|
61
|
Number
|
The type of physical port that is used by the NAS originating the request.
|
|
Port-Limit
|
62
|
Number
|
The maximum number of ports that the NAS provides to the user.
|
|
Login-LAT-Port
|
63
|
Number
|
The port with which the user is connected by Local Area Transport (LAT).
|
|
Tunnel-Type
|
64
|
Number
|
The tunneling protocols to be used.
|
|
Tunnel-Medium-Type
|
65
|
Number
|
The transport medium to use when creating a tunnel for protocols. For example, L2TP packets can be sent over multiple link layers.
|
|
Tunnel-Client-Endpt
|
66
|
Text
|
The IP address of the tunnel client.
|
|
Tunnel-server-Endpt
|
67
|
Text
|
The IP address of the tunnel server.
|
|
Acct-Tunnel-Connection
|
68
|
Text
|
An identifier assigned to the tunnel.
|
|
Password-Retry
|
75
|
Number
|
The number of times a user can try to be authenticated before the NAS terminates the connection.
|
|
Prompt
|
76
|
Number
|
A number that indicates to the NAS whether or not it should (Prompt=1) or should not (Prompt=0) echo the user’s response as it is typed.
|
|
Connect-Info
|
77
|
Text
|
Information that is used by the NAS to specify the type of connection made. Typical information includes connection speed and data encoding protocols.
|
|
Configuration-Token
|
78
|
Text
|
The type of user profile to be used (sent from a RADIUS proxy server to a RADIUS proxy client) in an Access-Accept packet.
|
|
Tunnel-Pvt-Group-ID
|
81
|
Text
|
The group ID for a particular tunneled session.
|
|
Tunnel-Assignment-ID
|
82
|
Text
|
The tunnel to which a session is to be assigned.
|
|
Tunnel-Preference
|
83
|
Number
|
A number that indicates the preference of the tunnel type, as indicated with the Tunnel-Type attribute when multiple tunnel types are supported by the access server.
|
|
Acct-Interim-Interval
|
85
|
Number
|
The length of interval (in seconds) between each interim update sent by the NAS.
|
|
Ascend
|
107 to 255
|
Text
|
The vendor-specific attributes for Ascend. For more information, see the Ascend documentation.
|
|
Client-IP-Address
|
IAS 4108
|
Text
|
The IP address of the RADIUS client.
|
|
NAS-Manufacturer
|
IAS 4116
|
Number
|
The manufacturer of the NAS.
|
|
MS-CHAP-Error
|
IAS 4121
|
Number
|
The error data that describes an MS-CHAP transaction.
|
|
Authentication-Type
|
IAS 4127
|
Number
|
The authentication scheme that is used to verify the user.
|
|
Client-Friendly-Name
|
IAS 4128
|
Text
|
The friendly name for the RADIUS client.
|
|
SAM-Account-Name
|
IAS 4129
|
Text
|
The user account name in the Security Accounts Manager (SAM) database.
|
|
Fully-Qualified-User-Name
|
IAS 4130
|
Text
|
The user name in canonical format.
|
|
EAP-Friendly-Name
|
IAS 4132
|
Text
|
The friendly name that is used with Extensible Authentication Protocol (EAP).
|
|
Packet-Type
|
IAS 4136
|
Number
|
The type of packet, which can be:
-
1=Accept-Request
-
2=Access-Accept
-
3=Access-Reject
-
4=Accounting-Request
|
|
Reason Code
|
IAS 4142
|
Number
|
The reason for rejecting a user, which can be:
-
00 = Success
-
01 = Internal error
-
02 = Access denied
-
03 = Malformed request
-
04 = Global catalog unavailable
-
05 = Domain unavailable
-
06 = server unavailable
-
07 = No such domain
-
08 = No such user
-
16 = Authentication failure
-
17 = Password change failure
-
18 = Unsupported authentication type
-
19 = No reversibly encrypted password is stored for the user account
-
32 = Local users only
-
33 = Password must be changed
-
34 = Account disabled
-
35 = Account expired
-
36 = Account locked out
-
37 = Invalid logon hours
-
38 = Account restriction
-
48 = Did not match remote access policy
-
49 = Did not match connection request policy
-
64 = Dial-in locked out
-
65 = Dial-in disabled
-
66 = Invalid authentication type
-
67 = Invalid calling station
-
68 = Invalid dial-in hours
-
69 = Invalid called station
-
70 = Invalid port type
-
71 = Invalid restriction
-
80 = No record
-
96 = Session timed out
-
97 = Unexpected request
|
|
NP-Policy-Name
|
IAS 4149
|
Text
|
The friendly name of a remote access policy.
|