RADIUS Attributes

Updated: October 21, 2008

Applies To: Windows Server 2008, Windows Server 2008 R2

RADIUS attributes are containers that include a type, a length, and a value that hold information that is sent in RADIUS messages between RADIUS clients and RADIUS servers. One RADIUS message can include multiple RADIUS attributes, each of which holds a specific type of information for which the attribute was designed. For example, the Calling-Station-ID attribute can include a value that is the telephone number from which a dial-up networking session was initiated. A dial-in server that is configured as a RADIUS client can send the Calling-Station-ID attribute, along with other attributes and information, in an Access-Request RADIUS message to a RADIUS server.

The following figure shows the structure of each RADIUS attribute. RADIUS attributes use the common Type-Length-Value format that is used by other protocols.

RADIUS Attribute Structure

The Type field is 1 byte long and indicates the specific type of RADIUS attribute.

The Length field is one byte long and indicates the length of the attribute, including the Type, Length, and Value fields.

The Value field is zero or more octets and contains information specific to the attribute. The format and length of the Value field is based on the type of RADIUS attribute. Note that value 26 is reserved for vendor-specific attributes (VSAs).

The RADIUS standard attributes are listed in the following table. For information about other RADIUS attributes and their use, see Internet Engineering Task Force (IETF) Request for Comments (RFCs) 2865 and 2866.

 

Type Value Attribute Name Type Value Attribute Name

1

User-Name

45

Acct-Authentic

2

User-Password

46

Acct-Session-Time

3

CHAP-Password

47

Acct-Input-Packets

4

NAS-IP-Address

48

Acct-Output-Messages

5

NAS-Port

49

Acct-Terminate-Cause

6

Service-Type

50

Acct-Multi-Session-Id

7

Framed-Protocol

51

Acct-Link-Count

8

Framed-IP-Address

52

Acct-Input-Gigawords

9

Framed-IP-Netmask

53

Acct-Output-Gigawords

10

Framed-Routing

55

Event-Timestamp

11

Filter-ID

60

CHAP-Challenge

12

Framed-MTU

61

NAS-Port-Type

13

Framed-Compression

62

Port-Limit

14

Login-IP-Host

63

Login-LAT-Port

15

Login-Service

64

Tunnel-Type

16

Login-TCP-Port

65

Tunnel-Medium-Type

18

Reply-Message

66

Tunnel-Client-Endpt

19

Callback-Number

67

Tunnel-Server-Endpt

20

Callback-Id

68

Acct-Tunnel-Connection

22

Framed-Route

69

Tunnel-Password

23

Framed-IPX-Network

70

ARAP-Password

24

State

71

ARAP-Features

25

Class

72

ARAP-Zone-Access

26

Vendor-Specific

73

ARAP-Security

27

Session-Time-out

74

ARAP-Security-Data

28

Idle-Time-out

75

Password-Retry

29

Termination-Action

76

PROMPT

30

Called-Station-Id

77

Connect-Info

31

Calling-Station-Id

78

Configuration-Token

32

NAS-Identifier

79

EAP-Message

33

Proxy-State

80

Message-Authenticator

34

Login-LAT-Service

81

Tunnel-Pvt-Group-ID

35

Login-LAT-Node

82

Tunnel-Assignment-ID

36

Login-LAT-Group

83

Tunnel-Preference

37

Framed-AppleTalk-Link

84

ARAP-Challenge-Response

38

Framed-AppleTalk-Network

85

Acct-Interim-Interval

39

Framed-AppleTalk-Zone

86

Acct-Tunnel-Packets-Lost

40

Acct-Status-Type

87

NAS-Port-Id

41

Acct-Delay-Time

88

Framed-Pool

42

Acct-Input-Octets

90

Tunnel-Client-Auth-ID

43

Acct-Output-Octets

91

Tunnel-Server-Auth-ID

44

Acct-Session-Id

 

 

noteNote
The RADIUS standard attributes are described in Request for Comments (RFC) 2865 and RFC 2866.

Community Additions

ADD
Show: