Edit

RADIUS_ATTRIBUTE_TYPE enumeration (authif.h)

  • Article

Note

Internet Authentication Service (IAS) was renamed Network Policy Server (NPS) starting with Windows Server 2008. The content of this topic applies to both IAS and NPS. Throughout the text, NPS is used to refer to all versions of the service, including the versions originally referred to as IAS.

The RADIUS_ATTRIBUTE_TYPE type enumerates the possible types for a RADIUS attribute.

Syntax

typedef enum _RADIUS_ATTRIBUTE_TYPE {
  ratMinimum,
  ratUserName,
  ratUserPassword,
  ratCHAPPassword,
  ratNASIPAddress,
  ratNASPort,
  ratServiceType,
  ratFramedProtocol,
  ratFramedIPAddress,
  ratFramedIPNetmask,
  ratFramedRouting,
  ratFilterId,
  ratFramedMTU,
  ratFramedCompression,
  ratLoginIPHost,
  ratLoginService,
  ratLoginPort,
  ratReplyMessage,
  ratCallbackNumber,
  ratCallbackId,
  ratFramedRoute,
  ratFramedIPXNetwork,
  ratState,
  ratClass,
  ratVendorSpecific,
  ratSessionTimeout,
  ratIdleTimeout,
  ratTerminationAction,
  ratCalledStationId,
  ratCallingStationId,
  ratNASIdentifier,
  ratProxyState,
  ratLoginLATService,
  ratLoginLATNode,
  ratLoginLATGroup,
  ratFramedAppleTalkLink,
  ratFramedAppleTalkNetwork,
  ratFramedAppleTalkZone,
  ratAcctStatusType,
  ratAcctDelayTime,
  ratAcctInputOctets,
  ratAcctOutputOctets,
  ratAcctSessionId,
  ratAcctAuthentic,
  ratAcctSessionTime,
  ratAcctInputPackets,
  ratAcctOutputPackets,
  ratAcctTerminationCause,
  ratCHAPChallenge,
  ratNASPortType,
  ratPortLimit,
  ratTunnelType,
  ratMediumType,
  ratTunnelPassword,
  ratTunnelPrivateGroupID,
  ratNASIPv6Address,
  ratFramedInterfaceId,
  ratFramedIPv6Prefix,
  ratLoginIPv6Host,
  ratFramedIPv6Route,
  ratFramedIPv6Pool,
  ratCode,
  ratIdentifier,
  ratAuthenticator,
  ratSrcIPAddress,
  ratSrcPort,
  ratProvider,
  ratStrippedUserName,
  ratFQUserName,
  ratPolicyName,
  ratUniqueId,
  ratExtensionState,
  ratEAPTLV,
  ratRejectReasonCode,
  ratCRPPolicyName,
  ratProviderName,
  ratClearTextPassword,
  ratSrcIPv6Address,
  ratCertificateThumbprint
} RADIUS_ATTRIBUTE_TYPE;

Constants

 
ratMinimum
This value is equal to zero, and used as the null-terminator in any array of RADIUS_ATTRIBUTE structures.
ratUserName
Specifies the name of the user to be authenticated. The value field in RADIUS_ATTRIBUTE for this type is a pointer. See RFC 2865 for more information. Also see User Identification Attributes.
ratUserPassword
Specifies the password of the user to be authenticated. The value field in RADIUS_ATTRIBUTE for this type is a pointer. See RFC 2865 for more information.
ratCHAPPassword
Specifies the password provided by the user in response to a Challenge Handshake Authentication Protocol (CHAP) challenge. The value field in RADIUS_ATTRIBUTE for this type is a pointer. See RFC 2865 for more information.
ratNASIPAddress
Specifies the NAS IP address. An Access-Request should specify either an NAS IP address or an NAS identifier. The value field in RADIUS_ATTRIBUTE for this type is a 32-bit integral value. See RFC 2865 for more information.
ratNASPort
Identifies the physical or virtual private network (VPN) through which the user is connecting to the NAS. Note that this value is not a port number in the sense of TCP or UDP. The value field in RADIUS_ATTRIBUTE for this type is a 32-bit integral value. See RFC 2865 for more information.
ratServiceType
Specifies the type of service the user has requested or the type of service to be provided. The value field in RADIUS_ATTRIBUTE for this type is a 32-bit integral value. See RFC 2865 for more information.
ratFramedProtocol
Specifies the type of framed protocol to use for framed access, for example SLIP, PPP, or ARAP (AppleTalk Remote Access Protocol). The value field in RADIUS_ATTRIBUTE for this type is a 32-bit integral value. See RFC 2865 for more information.
ratFramedIPAddress
Specifies the IP address that will be configured for the user requesting authentication. This attribute is typically returned by the authentication provider. However, the NAS may use it in an authentication request to specify a preferred IP address. The value field in RADIUS_ATTRIBUTE for this type is a 32-bit integral value. See RFC 2865 for more information.
ratFramedIPNetmask
Specifies the IP network mask for a user that is a router to a network. The value field in RADIUS_ATTRIBUTE for this type is a 32-bit integral value. See RFC 2865 for more information.
ratFramedRouting
Specifies the routing method for a user that is a router to a network. The value field in RADIUS_ATTRIBUTE for this type is a 32-bit integral value. See RFC 2865 for more information.
ratFilterId
Identifies the filter list for the user requesting authentication. The value field in RADIUS_ATTRIBUTE for this type is a pointer. See RFC 2865 for more information.
ratFramedMTU
Specifies the Maximum Transmission Unit (MTU) for the user. This attribute is used in cases where the MTU is not negotiated through some other means, such as PPP. The value field in RADIUS_ATTRIBUTE for this type is a 32-bit integral value. See RFC 2865 for more information.
ratFramedCompression
Specifies a compression protocol to use for the connection. The value field in RADIUS_ATTRIBUTE for this type is a 32-bit integral value. See RFC 2865 for more information
ratLoginIPHost
Specifies the system with which to connect the user. The value field in RADIUS_ATTRIBUTE for this type is a 32-bit integral value. See RFC 2865 for more information.
ratLoginService
Specifies the service to use to connect the user to the host specified by ratLoginIPHost. The value field in RADIUS_ATTRIBUTE for this type is a 32-bit integral value. See RFC 2865 for more information.
ratLoginPort
Specifies the port to which to connect the user. This attribute is present only if the ratLoginService attribute is present. The value field in RADIUS_ATTRIBUTE for this type is a 32-bit integral value. See RFC 2865 for more information.
ratReplyMessage
Specifies a message to display to the user. The value field in RADIUS_ATTRIBUTE for this type is a pointer. See RFC 2865 for more information.
ratCallbackNumber
Specifies a callback number. The value field in RADIUS_ATTRIBUTE for this type is a pointer. See RFC 2865 for more information.
ratCallbackId
Identifies a location to callback. The value of this attribute is interpreted by the NAS. The value field in RADIUS_ATTRIBUTE for this type is a pointer. See RFC 2865 for more information.
ratFramedRoute
Provides routing information to configure on the NAS for the user. The value field in RADIUS_ATTRIBUTE for this type is a pointer. See RFC 2865 for more information.
ratFramedIPXNetwork
Specifies the IPX network number to configure for the user. The value field in RADIUS_ATTRIBUTE for this type is a 32-bit integral value. See RFC 2865 for more information.
ratState
This attribute is included in Access-Challenge and Access-Accept communications between the server and the client. Please refer to RFC 2865 for detailed information about this value. The value field in RADIUS_ATTRIBUTE for this type is a pointer.
ratClass
Specifies a value that is provided to the NAS by the authentication provider. The NAS should use this value when communicating with the accounting provider. The value field in RADIUS_ATTRIBUTE for this type is a pointer. See RFC 2865 for more information.
ratVendorSpecific
Allows vendors to provide their own extended attributes. The value field in RADIUS_ATTRIBUTE for this type is a pointer. See RFC 2865 for more information.
ratSessionTimeout
Specifies the maximum number of seconds for which to provide service to the user. After this time, the session is terminated. The value field in RADIUS_ATTRIBUTE for this type is a 32-bit integral value. See RFC 2865 for more information.
ratIdleTimeout
Specifies the maximum number of consecutive seconds the session can be idle. If the idle time exceeds this value, the session is terminated. The value field in RADIUS_ATTRIBUTE for this type is a 32-bit integral value. See RFC 2865 for more information.
ratTerminationAction
Indicates what action the NAS should take when the specified service is completed. It is only used in Access-Accept packets. The value field in RADIUS_ATTRIBUTE for this type is 32-bit integral value. See RFC 2865 for more information.
ratCalledStationId
Specifies the number that the user dialed to connect to the NAS. The value field in RADIUS_ATTRIBUTE for this type is a pointer. See RFC 2865 for more information.
ratCallingStationId
Specifies the number from which the user is calling. The value field in RADIUS_ATTRIBUTE for this type is a pointer. See RFC 2865 for more information.
ratNASIdentifier
Specifies the NAS identifier. An Access-Request should specify either an NAS identifier or an NAS IP address. The value field in RADIUS_ATTRIBUTE for this type is a pointer. See RFC 2865 for more information.
ratProxyState
Specifies a value that a proxy server includes when forwarding an authentication request. The value field in RADIUS_ATTRIBUTE for this type is a pointer. See RFC 2865 for more information.
ratLoginLATService
This attribute is not currently used for authentication on Windows. See RFC 2865 for more information.
ratLoginLATNode
This attribute is not currently used for authentication on Windows. See RFC 2865 for more information.
ratLoginLATGroup
This attribute is not currently used for authentication on Windows. See RFC 2865 for more information.
ratFramedAppleTalkLink
Specifies the AppleTalk network number for a user that is another router. The value field in RADIUS_ATTRIBUTE for this type is 32-bit integral value. See RFC 2865 for more information.
ratFramedAppleTalkNetwork
Specifies the AppleTalk network number that the NAS should use to allocate an AppleTalk node for the user. This attribute is used only when the user is not another router. The value field in RADIUS_ATTRIBUTE for this type is a 32-bit integral value. See RFC 2865 for more information.
ratFramedAppleTalkZone
Specifies the AppleTalk default zone for the user. The value field in RADIUS_ATTRIBUTE for this type is a pointer. See RFC 2865 for more information.
ratAcctStatusType
Specifies whether the accounting provider should start or stop accounting for the user. The value field in RADIUS_ATTRIBUTE for this type is a 32-bit integral value. See RFC 2866 for more information.
ratAcctDelayTime
Specifies the length of time that the client has been attempting to send the current request. The value field in RADIUS_ATTRIBUTE for this type is a 32-bit integral value. See RFC 2866 for more information.
ratAcctInputOctets
Specifies the number of octets that have been received during the current accounting session. The value field in RADIUS_ATTRIBUTE for this type is a 32-bit integral value. See RFC 2866 for more information.
ratAcctOutputOctets
Specifies the number of octets sent during the current accounting session. The value field in RADIUS_ATTRIBUTE for this type is a 32-bit integral value. See RFC 2866 for more information.
ratAcctSessionId
Specifies a value to enable the identification of matching start and stop records within a log file. The start and stop records are sent in the ratAcctStatusType attribute. The value field in RADIUS_ATTRIBUTE for this type is a pointer. See RFC 2866 for more information.
ratAcctAuthentic
Specifies, to the accounting provider, how the user was authenticated. The value field in RADIUS_ATTRIBUTE for this type is a 32-bit integral value. See RFC 2866 for more information.
ratAcctSessionTime
Specifies the number of seconds that have elapsed in the current accounting session. The value field in RADIUS_ATTRIBUTE for this type is a 32-bit integral value. See RFC 2866 for more information.
ratAcctInputPackets
Specifies the number of packets that have been received during the current accounting session. The value field in RADIUS_ATTRIBUTE for this type is a 32-bit integral value. See RFC 2866 for more information.
ratAcctOutputPackets
Specifies the number of packets that have been sent during the current accounting session. The value field in RADIUS_ATTRIBUTE for this type is a 32-bit integral value. See RFC 2866 for more information.
ratAcctTerminationCause
Specifies how the current accounting session was terminated. The value field in RADIUS_ATTRIBUTE for this type is a 32-bit integral value. See RFC 2866 for more information.
ratCHAPChallenge
Specifies the CHAP challenge sent by the NAS to a CHAP user. The value field in RADIUS_ATTRIBUTE for this type is a pointer. See RFC 2865 for more information.
ratNASPortType
Specifies the type of the port through which the user is connecting, for example, asynchronous, ISDN, virtual. The value field in RADIUS_ATTRIBUTE for this type is a 32-bit integral value. See RFC 2865 for more information.
ratPortLimit
Specifies the number of ports the NAS should make available to the user for multilink sessions. The value field in RADIUS_ATTRIBUTE for this type is a 32-bit integral value. See RFC 2865 for more information
ratTunnelType
Specifies either the tunneling protocol or protocols to be used (in the case of a tunnel initiator) or specifies the tunneling protocol in use (in the case of a tunnel terminator). See RFC 2868 for more information.
ratMediumType
Specifies the transport medium to use when creating a tunnel for protocols, such as L2TP, that can operate over multiple transports. See RFC 2868 for more information.
ratTunnelPassword
May contain a password to be used to authenticate to a remote server. It may only be included in an Access-Accept packet.
ratTunnelPrivateGroupID
Specifies the group ID for a particular tunneled session.
ratNASIPv6Address
Specifies the IPv6 Address of the NAS that requests authentication of the user. It should be unique to the NAS within the scope of the RADIUS server. It is only used in an Access-Request packet. See the NAS-IPv6-Address section in RFC 3162 for more information.
ratFramedInterfaceId
Specifies the IPv6 interface identifier to be configured for the user. It may be used in an Access-Accept packet. See the Framed-Interface-Id section in RFC 3162 for more information.
ratFramedIPv6Prefix
Specifies an IPv6 prefix (and corresponding route) to be configured for the user. It may be used in an Access-Accept packet and can appear multiple times. See the Framed-IPv6-Prefix section in RFC 3162 for more information.
ratLoginIPv6Host
Specifies the system with which to connect the user, when the ratLoginService attribute is included. It may be used in an Access-Accept packet. See the Login-IPv6-Host section in RFC 3162 for more information.
ratFramedIPv6Route
Specifies routing information to be configured for the user on the NAS. It is used in an Access-Accept packet and can appear multiple times. See the Framed-IPv6-Route section in RFC 3162 for more information.
ratFramedIPv6Pool
Specifies the name of an assigned pool that should be used to assign an IPv6 prefix for the user. If a NAS does not support multiple prefix pools, the NAS must ignore this attribute. See the Framed-IPv6-Pool section in RFC 3162 for more information.
ratCode
Specifies the request type code. This is an extended, read-only attribute, used only in the RadiusExtensionProcess and RadiusExtensionProcessEx functions. Its contents can be interpreted by comparing it with RADIUS_CODE enumeration values.
ratIdentifier
Specifies the request identifier. This is an extended, read-only attribute.
ratAuthenticator
Specifies the request authenticator. This is an extended, read-only attribute.
ratSrcIPAddress
Specifies the source IP address. This is an extended, read-only attribute.
ratSrcPort
Specifies the source IP port. This is an extended, read-only attribute.
ratProvider
Specifies the authentication provider. The value for this attribute is taken from the RADIUS_AUTHENTICATION_PROVIDER enumerated type. This is an extended, read-only attribute.
ratStrippedUserName
Specifies the user name with the realm removed. See User Identification Attributes for more information. This is an extended attribute.
ratFQUserName
Specifies the fully qualified user name. See User Identification Attributes for more information. This is an extended attribute.
ratPolicyName
Specifies a remote access policy name. This is an extended attribute.
ratUniqueId
Specifies a unique ID for the request. This is a read-only attribute.
ratExtensionState
This attribute is used to pass state information between extensions.
ratEAPTLV
Specifies an EAP-TLV packet. For more information about the EAP-TLV packet format, see IETF EAP RFC 3748.
ratRejectReasonCode
Specifies the reason code for a RADIUS Reject. For more information, see RADIUS_REJECT_REASON_CODE.
ratCRPPolicyName
Specifies the Connection Request Policy Name that matched this RADIUS packet.
ratProviderName
Specifies the remote RADIUS server group name for request forwarding.

If the Authentication indicated by ratProvider is a proxy, the extension DLL can change the ratProviderName to indicate which remote server group the request should be forwarded to.
ratClearTextPassword
Specifies the user password in clear text.

To support authorization databases using PEAP-MSChapv2, the extension DLL retrieves the user password from the database and sends it to NPS.
ratSrcIPv6Address
Source IPv6 address. It is not a standard RADIUS attribute. It corresponds to the internal attribute IAS_ATTRIBUTE_CLIENT_IPv6_ADDRESS. This is a read-only attribute.
ratCertificateThumbprint
Specifies the certificate thumbprint. It is not a standard RADIUS attribute. It corresponds to the internal attribute IAS_ATTRIBUTE_CERTIFICATE_THUMBPRINT. This is an extended attribute.

Remarks

The following attributes are read-only. Extension DLLs that implement RadiusExtensionProcess2 cannot add/remove/modify these attributes within a request or response contained in a RADIUS_EXTENSION_CONTROL_BLOCK.

  • ratCode
  • ratIdentifier
  • ratAuthenticator
  • ratSrcIPAddress
  • ratSrcPort
  • ratProvider
  • ratUniqueId
  • ratSrcIPv6Address

Requirements

Requirement Value
Minimum supported client None supported
Minimum supported server Windows Server 2008
Header authif.h

See also

About NPS Extensions

NPS Extensions Enumerations

NPS Extensions Reference

RADIUS_ATTRIBUTE

RADIUS_AUTHENTICATION_PROVIDER