Provided by: freeradius-common_2.1.12+dfsg-1.2ubuntu8.2_all bug

NAME

       dictionary - RADIUS dictionary file

DESCRIPTION

       The  master  RADIUS dictionary file resides in /etc/raddb/dictionary.  It references other
       dictionary files located in /usr/local/share/freeradius/.  Each dictionary file contains a
       list  of  RADIUS  attributes  and values, which the server uses to map between descriptive
       names and on-the-wire data.  The names have  no  meaning  outside  of  the  RADIUS  server
       itself, and are never exchanged between server and clients.

       That  is,  editing  the dictionaries will have NO EFFECT on anything other than the server
       that is reading those files.  Adding new attributes  to  the  dictionaries  will  have  NO
       EFFECT  on  RADIUS  clients,  and  will not make RADIUS clients magically understand those
       attributes.  The dictionaries are solely for  local  administrator  convenience,  and  are
       specific to each version of FreeRADIUS.

       The dictionaries in /usr/local/share SHOULD NOT be edited unless you know exactly what you
       are doing.  Changing them will most likely break your RADIUS deployment.

       If you need to add new attributes, please edit the /etc/raddb/dictionary file.  It's  sole
       purpose is to contain site-local defintions that are added by the local administrator.

FORMAT

       Every line starting with a hash sign ('#') is treated as comment and ignored.

       Each line of the file can contain one of the following strings

       ATTRIBUTE name number type [vendor|options]
            Define  a  RADIUS  attribute  name to number mapping.  The name field can be any non-
            space text, but is usually taken from RFC2865,  and  other  related  documents.   The
            number  field  is  also  taken  from the relevant documents, for that name.  The type
            field  can  be  one  of  string,  octets,  ipaddr,  integer,  date,  ifid,  ipv6addr,
            ipv6prefix,  or  ether  abinary.   See  the  RFC's, or the main dictionary file for a
            description of the various types.

            The last (optional) field of an attribute definition can have either a  vendor  name,
            or options for that attribute.  When a vendor name is given, the attribute is defined
            to be a vendor specific attribute.  Alternately, the options  may  be  the  a  comma-
            separated list of the following options:

            encrypt=[1-3]
            Mark  the attribute as being encrypted with one of three methods.  "1" means that the
            attribute is encrypted with the method as defined in RFC2865  for  the  User-Password
            attribute.   "2"  means  that the password is encrypted with the method as defined in
            RFC2868 for the Tunnel-Password attribute.  "3" means that the attribute is encrypted
            as per Ascend's definitions for the Ascend-Send-Secret attribute.

            has_tag
            Mark  the  attribute  as  being  permitted to have a tag, as defined in RFC2868.  The
            purpose of the tag is to allow grouping  of  attributes  for  tunnelled  users.   See
            RFC2868 for more details.

       When  the  server  receives  an  encoded  attribute  in  a RADIUS packet, it looks up that
       attribute by number in the  dictionary,  and  uses  the  name  found  there  for  printing
       diagnostic and log messages.

       VALUE attribute-name value-name number
            Define  an  attribute value name to number mapping, for an attribute of type integer.
            The attribute-name field MUST be previously  defined  by  an  ATTRIBUTE  entry.   The
            value-name  field  can  be  any non-space text, but is usually taken from RFC2865, or
            other documents..  The number field is also taken from the  relevant  documents,  for
            that name.

            When  the  server receives an encoded value in a RADIUS packet, it looks up the value
            of that attribute by number in the dictionary, and uses  the  name  found  there  for
            printing diagnostic and log messages.

       VENDOR vendor-name number [format=t,l]
            Define  a  Vendor  Specific Attribute encapsulation for vendor-name to number.  For a
            list of vendor names and numbers, see http://www.iana.org/enterprise-numbers.txt.

       The "format=t,l" statement tells the server how many octets to use  to  encode/decode  the
       vendor  "type"  and "length" fields in the attributes.  The default is "format=1,1", which
       does not have to be specified.  For USR VSA's, the  format  is  "format=4,0",  for  Lucent
       VSA's it's "format=2,1", and for Starent VSA's it's "format=2,2".

       The supported values for the number of type octets (i.e. the first digit) are 1, 2, and 4.
       The support values for the number of length octets (i.e. the second digit) are 0,  1,  and
       2.  Any combination of those values will work.

       $INCLUDE filename
            Include dictionary entries from the file filename.  The filename is taken as relative
            to the location of the file which is asking for the inclusion.

FILES

       /etc/raddb/dictionary, /usr/share/freeradius/dictionary.*

SEE ALSO

       radiusd(8), naslist(5), RFC2865, RFC2866, RFC2868

                                           31 Oct 2005                              dictionary(5)