The following is an example entry (Access-Request) from an IAS format log file.
The format of this record, which is the same for all records in your log file, includes a header, followed by the attribute-value pairs for all attributes that are contained in the packet.
The first six record fields make up the header and are described in the following table.
Beyond the header, RADIUS attributes and values are listed in pairs in the following format:
For example, the two fields after the header contain a 6 and a 2, which can be interpreted as follows:
The value of this attribute is 2 (Framed).
This attribute-value pair is interpreted as Service-Type = Framed, which indicates to the NPS server to provide a framed protocol for the user – for example, Point-to-Point Protocol (PPP) or Serial Line Internet Protocol (SLIP).
The following table describes the RADIUS attributes, listed in numerical order, which can be found in an IAS format log file. Unlike database import log files, which use a fixed sequence of attributes, the sequence of the attributes in IAS format log files depends upon the sequence used by the network access server (NAS). For additional information about the sequence of these records, see the documentation for the NAS.
|
Attribute
|
ID
|
Data type
|
Represents
|
|
User-Name
|
1
|
Text
|
The user identity, as specified by the user.
|
|
NAS-IP-Address
|
4
|
Text
|
The IP address of the NAS originating the request.
|
|
NAS-Port
|
5
|
Number
|
The physical port number of the NAS originating the request.
|
|
Service-Type
|
6
|
Number
|
The type of service that the user has requested.
|
|
Framed-Protocol
|
7
|
Number
|
The protocol to be used.
|
|
Framed-IP-Address
|
8
|
Text
|
The framed IP address to be configured for the user.
|
|
Framed-IP-Netmask
|
9
|
Text
|
The IP netmask to be configured for the user.
|
|
Framed-Routing
|
10
|
Number
|
The routing method to be used by the user.
|
|
Filter-ID
|
11
|
Text
|
The name of the filter list for the user requesting authentication.
|
|
Framed-MTU
|
12
|
Number
|
The maximum transmission unit (MTU) to be configured for the user.
|
|
Framed-Compression
|
13
|
Number
|
The compression protocol to be used.
|
|
Login-IP-Host
|
14
|
Number
|
The IP address of the host to which the user should be connected.
|
|
Login-Service
|
15
|
Number
|
The service that connects the user to the login host.
|
|
Login-TCP-Port
|
16
|
Number
|
The TCP port to which the user is to be connected.
|
|
Reply-Message
|
18
|
Text
|
The message displayed to the user when an authentication request is accepted.
|
|
Callback-Number
|
19
|
Text
|
The callback phone number.
|
|
Callback-ID
|
20
|
Text
|
The name of a location to be called by the access server when performing callback.
|
|
Framed-Route
|
22
|
Text
|
The routing information that is configured on the access client.
|
|
Framed-IPX-Network
|
23
|
Number
|
The Internetwork Packet Exchange (IPX) network number to be configured on the NAS for the user.
|
|
Class
|
25
|
Text
|
The attribute sent to the client in an Access-Accept packet, which is useful for correlating Accounting-Request packets with authentication sessions. The format is:
-
Type contains the value 25 (1 octet).
-
Length contains a value of 20 or greater (1 octet).
-
Checksum contains an Adler-32 checksum that is computed over the remainder of the Class attribute (4 octets).
-
Vendor-ID contains the ID of the NAS vendor (4 octets). The high-order octet is 0 and the low-order 3 octets are the SMI Network Management Private Enterprise Code of the vendor in network byte order, as defined in "Private Enterprise Numbers" at http://go.microsoft.com/fwlink/?LinkId=131594.
-
Version contains the value of 1 (2 octets).
-
Server-Address contains the IP address of the RADIUS server that issued the Access-Challenge message. For multihomed servers, this is the address of the network interface that received the original Access-Request message (2 octets).
-
Service-Reboot-Time specifies the time at which the first serial number was returned (8 octets).
-
Unique-Serial-Number contains a unique number to distinguish an individual connection attempt (8 octets).
-
String contains information that is used to classify accounting records for additional analysis (0 or more octets). In NPS, the Class attribute is copied into the String field.
The Class attribute is used to match the accounting and authentication records if it is sent by the NAS in the Accounting-Request message. The combination of Serial-Number, Service-Reboot-Time, and Server-Address must be a unique identification for each authentication that the RADIUS server performs.
|
|
Vendor-Specific
|
26
|
Text
|
The attribute that is used to support proprietary NAS features.
|
|
Session-Timeout
|
27
|
Number
|
The length of time (in seconds) before a session is terminated.
|
|
Idle-Timeout
|
28
|
Number
|
The length of idle time (in seconds) before a session is terminated.
|
|
Termination-Action
|
29
|
Number
|
The action that the NAS is to take when service is completed.
|
|
Called-Station-ID
|
30
|
Text
|
The phone number that is dialed by the user.
|
|
Calling-Station-ID
|
31
|
Text
|
The phone number from which the call originated.
|
|
NAS-Identifier
|
32
|
Text
|
The string that identifies the NAS originating the request.
|
|
Login-LAT-Service
|
34
|
Text
|
The host with which the user is to be connected by Local Area Transport (LAT).
|
|
Login-LAT-Node
|
35
|
Text
|
The node with which the user is to be connected by LAT.
|
|
Login-LAT-Group
|
36
|
Text
|
The LAT group codes for which the user is authorized.
|
|
Framed-AppleTalk-Link
|
37
|
Number
|
The AppleTalk network number for the serial link to the user (this is used only when the user is a router).
|
|
Framed-AppleTalk-Network
|
38
|
Number
|
The AppleTalk network number that the NAS must query for existence in order to allocate the user AppleTalk node.
|
|
Framed-AppleTalk-Zone
|
39
|
Text
|
The AppleTalk default zone for the user.
|
|
Acct-Status-Type
|
40
|
Number
|
The number that specifies whether an accounting packet starts or stops a bridging, routing, or Terminal Services session.
|
|
Acct-Delay-Time
|
41
|
Number
|
The length of time (in seconds) for which the NAS has been sending the same accounting packet.
|
|
Acct-Input-Octets
|
42
|
Number
|
The number of octets received by NPS during the session.
|
|
Acct-Output-Octets
|
43
|
Number
|
The number of octets sent by NPS during the session.
|
|
Acct-Session-ID
|
44
|
Text
|
The unique numeric string that identifies the server session.
|
|
Acct-Authentic
|
45
|
Number
|
The number that specifies which server has authenticated an incoming call.
|
|
Acct-Session-Time
|
46
|
Number
|
The length of time (in seconds) for which the session has been active.
|
|
Acct-Input-Packets
|
47
|
Number
|
The number of packets received by NPS during the session.
|
|
Acct-Output-Packets
|
48
|
Number
|
The number of packets sent by NPS during the session.
|
|
Acct-Terminate-Cause
|
49
|
Number
|
The reason that a connection was terminated by NPS.
|
|
Acct-Multi-SSN-ID
|
50
|
Text
|
The unique numeric string that identifies the multilink session.
|
|
Acct-Link-Count
|
51
|
Number
|
The number of links in a multilink session.
|
|
Event-Timestamp
|
55
|
Time
|
The date and time that this event occurred on the NAS.
|
|
NAS-Port-Type
|
61
|
Number
|
The type of physical port that is used by the NAS originating the request.
|
|
Port-Limit
|
62
|
Number
|
The maximum number of ports that the NAS provides to the user.
|
|
Login-LAT-Port
|
63
|
Number
|
The port with which the user is connected by LAT.
|
|
Tunnel-Type
|
64
|
Number
|
The tunneling protocols to be used.
|
|
Tunnel-Medium-Type
|
65
|
Number
|
The transport medium to use when creating a tunnel for protocols. For example, L2TP packets can be sent over multiple link layers.
|
|
Tunnel-Client-Endpt
|
66
|
Text
|
The IP address of the tunnel client.
|
|
Tunnel-Server-Endpt
|
67
|
Text
|
The IP address of the tunnel server.
|
|
Acct-Tunnel-Connection
|
68
|
Text
|
An identifier assigned to the tunnel.
|
|
Password-Retry
|
75
|
Number
|
The number of times a user can try to be authenticated before the NAS terminates the connection.
|
|
Prompt
|
76
|
Number
|
A number that indicates to the NAS whether or not it should (Prompt=1) or should not (Prompt=0) echo the user response as it is typed.
|
|
Connect-Info
|
77
|
Text
|
Information that is used by the NAS to specify the type of connection made. Typical information includes connection speed and data encoding protocols.
|
|
Configuration-Token
|
78
|
Text
|
The type of user profile to be used (sent from a RADIUS proxy server to a RADIUS client) in an Access-Accept packet.
|
|
Tunnel-Pvt-Group-ID
|
81
|
Text
|
The group ID for a specific tunneled session.
|
|
Tunnel-Assignment-ID
|
82
|
Text
|
The tunnel to which a session is to be assigned.
|
|
Tunnel-Preference
|
83
|
Number
|
A number that indicates the preference of the tunnel type, as indicated by the Tunnel-Type attribute when multiple tunnel types are supported by the NAS.
|
|
Acct-Interim-Interval
|
85
|
Number
|
The length of interval (in seconds) between each interim update sent by the NAS.
|
|
Ascend
|
107 to 255
|
Text
|
The vendor-specific attributes for Ascend. For more information, see the Ascend documentation.
|
|
Client-IP-Address
|
IAS 4108
|
Text
|
The IP address of the RADIUS client.
|
|
NAS-Manufacturer
|
IAS 4116
|
Number
|
The manufacturer of the NAS.
|
|
MS-CHAP-Error
|
IAS 4121
|
Number
|
The error data that describes a Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) transaction.
|
|
Authentication-Type
|
IAS 4127
|
Number
|
The authentication scheme that is used to verify the user.
|
|
Client-Friendly-Name
|
IAS 4128
|
Text
|
The friendly name for the RADIUS client.
|
|
SAM-Account-Name
|
IAS 4129
|
Text
|
The user account name in the Security Accounts Manager (SAM) database.
|
|
Fully-Qualified-User-Name
|
IAS 4130
|
Text
|
The user name in canonical format.
|
|
EAP-Friendly-Name
|
IAS 4132
|
Text
|
The friendly name that is used with Extensible Authentication Protocol (EAP).
|
|
Packet-Type
|
IAS 4136
|
Number
|
The type of packet, which can be:
-
1 = Accept-Request
-
2 = Access-Accept
-
3 = Access-Reject
-
4 = Accounting-Request
|
|
Reason-Code
|
IAS 4142
|
Number
|
The reason for rejecting a connection request:
-
00 = Success
-
01 = Internal error
-
02 = Access denied
-
03 = Malformed request
-
04 = Global catalog unavailable
-
05 = Domain unavailable
-
06 = Server unavailable
-
07 = No such domain
-
08 = No such user
-
16 = Authentication failure
-
17 = Password change failure
-
18 = Unsupported authentication type
-
19 = No reversibly encrypted password is stored for the user account
-
32 = Local users only
-
33 = Password must be changed
-
34 = Account disabled
-
35 = Account expired
-
36 = Account locked out
-
37 = Logon hours are not valid
-
38 = Account restriction
-
48 = Did not match network policy
-
49 = Did not match connection request policy
-
64 = Dial-in locked out
-
65 = Dial-in disabled
-
66 = Authentication type is not valid
-
67 = Calling station is not valid
-
68 = Dial-in hours are not valid
-
69 = Called station is not valid
-
70 = Port type is not valid
-
71 = Restriction is not valid
-
80 = No record
-
96 = Session timed out
-
97 = Unexpected request
|
|
NP-Policy-Name
|
IAS 4149
|
Text
|
The friendly name of a network policy.
|