This document is a Mac OS X manual page. Manual pages are a command-line technology for providing documentation. You can view these manual pages locally using the man(1) command. These manual pages come from many different sources, and thus, have a variety of writing styles.

This manual page is associated with Mac OS X Server. It is not available on standard Mac OS X (client) installations.

For more information about the manual page format, see the manual page for manpages(5).

dictionary(5)                                                                                  dictionary(5)



NAME
       dictionary - RADIUS dictionary file

DESCRIPTION
       The  master  RADIUS dictionary file resides in /etc/raddb/dictionary.  It references other dictionary
       files located in /usr/local/share/freeradius/.  Each  dictionary  file  contains  a  list  of  RADIUS
       attributes  and  values, which the server uses to map between descriptive names and on-the-wire data.
       The names have no meaning outside of the RADIUS server itself, and are never exchanged between server
       and clients.

       That is, editing the dictionaries will have NO EFFECT on anything other than the server that is read-ing reading
       ing those files.  Adding new attributes to the dictionaries will have NO EFFECT  on  RADIUS  clients,
       and  will not make RADIUS clients magically understand those attributes.  The dictionaries are solely
       for local administrator convenience, and are specific to each version of FreeRADIUS.

       The dictionaries in /usr/local/share SHOULD NOT be edited unless you know exactly what you are doing.
       Changing them will most likely break your RADIUS deployment.

       If  you need to add new attributes, please edit the /etc/raddb/dictionary file.  It's sole purpose is
       to contain site-local defintions that are added by the local administrator.


FORMAT
       Every line starting with a hash sign ('#') is treated as comment and ignored.

       Each line of the file can contain one of the following strings

       ATTRIBUTE name number type [vendor|options]
            Define a RADIUS attribute name to number mapping.  The name field can be any non-space text, but
            is usually taken from RFC2865, and other related documents.  The number field is also taken from
            the relevant documents, for that name.  The type field can be one  of  string,  octets,  ipaddr,
            integer,  date,  ifid,  ipv6addr, ipv6prefix, or abinary.  See the RFC's, or the main dictionary
            file for a description of the various types.

            The last (optional) field of an attribute definition can have either a vendor name,  or  options
            for  that  attribute.  When a vendor name is given, the attribute is defined to be a vendor spe-cific specific
            cific attribute.  Alternately, the options may be the a comma-separated list  of  the  following
            options:


            encrypt=[1-3]
            Mark  the  attribute as being encrypted with one of three methods.  "1" means that the attribute
            is encrypted with the method as defined in RFC2865 for the User-Password attribute.   "2"  means
            that  the  password  is  encrypted with the method as defined in RFC2868 for the Tunnel-Password
            attribute.  "3" means that the attribute is  encrypted  as  per  Ascend's  definitions  for  the
            Ascend-Send-Secret attribute.

            has_tag
            Mark  the attribute as being permitted to have a tag, as defined in RFC2868.  The purpose of the
            tag is to allow grouping of attributes for tunnelled users.  See RFC2868 for more details.

       When the server receives an encoded attribute in a RADIUS packet, it looks up that attribute by  num-ber number
       ber in the dictionary, and uses the name found there for printing diagnostic and log messages.


       VALUE attribute-name value-name number
            Define  an  attribute  value  name  to  number  mapping,  for an attribute of type integer.  The
            attribute-name field MUST be previously defined by an ATTRIBUTE entry.  The value-name field can
            be any non-space text, but is usually taken from RFC2865, or other documents..  The number field
            is also taken from the relevant documents, for that name.

            When the server receives an encoded value in a RADIUS packet, it looks  up  the  value  of  that
            attribute by number in the dictionary, and uses the name found there for printing diagnostic and
            log messages.


       VENDOR vendor-name number [format=t,l]
            Define a Vendor Specific Attribute encapsulation for vendor-name to number.  For a list of  ven-dor vendor
            dor names and numbers, see http://www.iana.org/enterprise-numbers.txt

       The "format=t,l" statement tells the server how many octets to use to encode/decode the vendor "type"
       and "length" fields in the attributes.  The default is "format=1,1", which does not have to be speci-
       fied.  For USR VSA's, the format is "format=4,0", for Lucent VSA's it's "format=2,1", and for Starent
       VSA's it's "format=2,2".

       The supported values for the number of type octets (i.e. the first digit) are 1, 2, and 4.  The  sup-
       port values for the number of length octets (i.e. the second digit) are 0, 1, and 2.  Any combination
       of those values will work.


       $INCLUDE filename
            Include dictionary entries from the file filename.  The filename is taken  as  relative  to  the
            location of the file which is asking for the inclusion.


FILES
       /etc/raddb/dictionary, /usr/share/freeradius/dictionary.*

SEE ALSO
       radiusd(8), naslist(5), RFC2865, RFC2866, RFC2868



                                                 31 Oct 2005                                   dictionary(5)