Provided by: freeradius-common_2.2.8+dfsg-0.1ubuntu0.1_all bug

NAME
       dictionary - RADIUS dictionary file


DESCRIPTION
       The master RADIUS dictionary file resides in /etc/raddb/dictionary.  It references other dictionary files
       located  in  /usr/local/share/freeradius/.  Each dictionary file contains a list of RADIUS attributes and
       values, which the server uses to map between descriptive names and on-the-wire data.  The names  have  no
       meaning outside of the RADIUS server itself, and are never exchanged between server and clients.

       That  is,  editing the dictionaries will have NO EFFECT on anything other than the server that is reading
       those files.  Adding new attributes to the dictionaries will have NO EFFECT on RADIUS clients,  and  will
       not  make  RADIUS  clients  magically understand those attributes.  The dictionaries are solely for local
       administrator convenience, and are specific to each version of FreeRADIUS.

       The dictionaries in /usr/local/share SHOULD NOT be edited unless you know exactly  what  you  are  doing.
       Changing them will most likely break your RADIUS deployment.

       If  you  need to add new attributes, please edit the /etc/raddb/dictionary file.  It's sole purpose is to
       contain site-local defintions that are added by the local administrator.


FORMAT
       Every line starting with a hash sign ('#') is treated as comment and ignored.

       Each line of the file can contain one of the following strings

       ATTRIBUTE name number type [vendor|options]
            Define a RADIUS attribute name to number mapping.  The name field can be any non-space text, but  is
            usually  taken  from  RFC2865, and other related documents.  The number field is also taken from the
            relevant documents, for that name.  The type field can be one of string,  octets,  ipaddr,  integer,
            date,  ifid, ipv6addr, ipv6prefix, or ether abinary.  See the RFC's, or the main dictionary file for
            a description of the various types.

            The last (optional) field of an attribute definition can have either a vendor name, or  options  for
            that  attribute.   When  a  vendor  name  is given, the attribute is defined to be a vendor specific
            attribute.  Alternately, the options may be the a comma-separated list of the following options:

            encrypt=[1-3]
            Mark the attribute as being encrypted with one of three methods.  "1" means that  the  attribute  is
            encrypted with the method as defined in RFC2865 for the User-Password attribute.  "2" means that the
            password  is encrypted with the method as defined in RFC2868 for the Tunnel-Password attribute.  "3"
            means that the attribute is  encrypted  as  per  Ascend's  definitions  for  the  Ascend-Send-Secret
            attribute.

            has_tag
            Mark  the attribute as being permitted to have a tag, as defined in RFC2868.  The purpose of the tag
            is to allow grouping of attributes for tunnelled users.  See RFC2868 for more details.

       When the server receives an encoded attribute in a RADIUS packet, it looks up that attribute by number in
       the dictionary, and uses the name found there for printing diagnostic and log messages.

       VALUE attribute-name value-name number
            Define an attribute value name to number mapping, for an attribute of type integer.  The  attribute-
            name  field  MUST be previously defined by an ATTRIBUTE entry.  The value-name field can be any non-
            space text, but is usually taken from RFC2865, or other documents..  The number field is also  taken
            from the relevant documents, for that name.

            When  the  server  receives  an  encoded  value  in  a  RADIUS packet, it looks up the value of that
            attribute by number in the dictionary, and uses the name found there for printing diagnostic and log
            messages.

       VENDOR vendor-name number [format=t,l]
            Define a Vendor Specific Attribute encapsulation for vendor-name to number.  For a  list  of  vendor
            names and numbers, see http://www.iana.org/enterprise-numbers.txt.

       The "format=t,l" statement tells the server how many octets to use to encode/decode the vendor "type" and
       "length"  fields  in  the  attributes.  The default is "format=1,1", which does not have to be specified.
       For USR VSA's, the format is "format=4,0", for Lucent VSA's it's "format=2,1", and for Starent VSA's it's
       "format=2,2".

       The supported values for the number of type octets (i.e. the first digit) are 1, 2, and 4.   The  support
       values for the number of length octets (i.e. the second digit) are 0, 1, and 2.  Any combination of those
       values will work.

       $INCLUDE filename
            Include  dictionary  entries  from  the  file  filename.   The  filename is taken as relative to the
            location of the file which is asking for the inclusion.


FILES
       /etc/raddb/dictionary, /usr/share/freeradius/dictionary.*


SEE ALSO
       radiusd(8), naslist(5), RFC2865, RFC2866, RFC2868

                                                   31 Oct 2005                                     dictionary(5)