Поделиться через


EAP_ATTRIBUTE_TYPE (Compact 2013)

3/26/2014

This enumeration defines the set of possible EAP attribute types that are available on an authenticating entity.

Additional details for values in this enumerated type are obtained by referring to one of the following references: RFC 2865, RFC 2866, RFC 2869, RFC 2868, RFC 3162, RFC 3579, or RFC 3580.

Syntax

typedef enum  {
  eatMinimum = 0,
  eatUserName = 1,
  eatUserPassword = 2,
  eatMD5CHAPPassword = 3,
  eatNASIPAddress = 4,
  eatNASport = 5,
  eatServiceType = 6,
  eatFramedProtocol = 7,
  eatFramedIPAddress = 8,
  eatFramedIPNetmask = 9,
  eatFramedRouting = 10,
  eatFilterId = 11,
  eatFramedMTUeatFramedMTU = 12,
  eatFramedCompression = 13,
  eatLoginIPHost = 14,
  eatLoginService = 15,
  eatLoginTCPPort = 16,
  eatUnassigned17 = 17,
  eatReplyMessage = 18,
  eatCallbackNumber = 19,
  eatCallbackId = 20,
  eatUnassigned21 = 21,
  eatFramedRout = 22,
  eatFramedIPXNetwork = 23,
  eatState = 24,
  eatClass = 25,
  eatVendorSpecific = 26,
  eatSessionTimeout = 27,
  eatIdleTimeout = 28,
  eatTerminationAction = 29,
  eatCalledStationId = 30,
  eatCallingStationId = 31,
  eatNASIdentifier = 32,
  eatProxyState = 33,
  eatLoginLATService = 34,
  eatLoginLATNode = 35,
  eatLoginLATGroup = 36,
  eatFramedAppleTalkLink = 37,
  eatFramedAppleTalkNetwork = 38,
  eatFramedAppleTalkNetwork = 38,
  eatFramedAppleTalkZone = 39,
  eatAcctStatusType = 40,
  eatAcctDelayTime = 41,
  eatAcctInputOctets = 42,
  eatAcctOutputOctets = 43,
  eatAcctSessionId = 44,
  eatAcctAuthentic = 45,
  eatAcctSessionTime = 46,
  eatAcctInputPackets = 47,
  eatAcctOutputPackets = 48,
  eatAcctTerminateCause = 49,
  eatAcctMultiSessionId = 50,
  eatAcctLinkCount = 51,
  eatAcctEventTimeStamp = 55,
  eatMD5CHAPChallenge = 60,
  eatNASPortType = 61,
  eatPortLimit = 62,
  eatLoginLATPort = 63,
  eatTunnelType = 64,
  eatTunnelMediumTyp = 65,
  eatTunnelClientEndpoint = 66,
  eatTunnelServerEndpoint = 67,
  eatARAPPassword = 70,
  eatARAPFeatures = 71,
  eatARAPZoneAccess = 72,
  eatARAPSecurity = 73,
  eatARAPSecurityData = 74,
  eatPasswordRetry = 75,
  eatPrompt = 76,
  eatConnectInfo = 77,
  eatConfigurationToken = 78,
  eatEAPMessage = 79,
  eatSignature = 80,
  eatARAPChallengeResponse = 84,
  eatAcctInterimInterval = 85,
  eatNASIPv6Address = 95,
  eatFramedInterfaceId = 96,
  eatFramedIPv6Prefix = 97,
  eatLoginIPv6Host = 98,
  eatFramedIPv6Route = 99,
  eatFramedIPv6Pool = 100,
  eatARAPGuestLogon = 8096,
  eatCertificateOID = 8097,
  eatEAPConfiguration = 8098,
  eatPEAPEmbeddedEAPTypeId = 8099,
  eatPEAPFastRoamedSession = 8100,
  eatEAPTLV = 8102,
  eatCredentialsChanged = 8103,
  eatInnerEapMethodType = 8104,
  eatClearTextPassword = 8107,
  eatQuarantineSoH = 8150,
  eatPeerId = 9000,
  eatServerId = 9001,
  eatMethodId = 9002,
  eatEMSKeatEMSK= 9003,
  eatSessionId = 9004,
  eatReserved = 0xFFFFFFFF
} EAP_ATTRIBUTE_TYPE,  
EapAttributeType;

Constants

  • eatMinimum
    Specifies a value equal to zero, and used as the NULL terminator in any array of EAP_ATTRIBUTE structures.

    This attribute type is consumed by PPP client supplicants.

  • eatUserName
    Specifies the name of the user to be authenticated. This attribute type is also used when the user's password is changed. For Routing and Remote Access Service (RRAS) authentication sessions, the identity string (name) of the authenticating user is sent to IAS as part of the request attributes. The pValue member of EAP_ATTRIBUTE for this type points to a multibyte string without a NULL termination character.

    This attribute type is exported by MS-CHAPv2 methods and by PEAP methods. It is consumed by PPP server supplicants.

  • eatUserPassword
    Specifies the password of the user to be authenticated. The pValue member of EAP_ATTRIBUTE for this type points to a byte string.
  • eatMD5CHAPPassword
    Specifies the password provided by the user in response to an MD5 Challenge Handshake Authentication Protocol (CHAP) challenge. The pValue member of EAP_ATTRIBUTE for this type points to a byte string.
  • eatNASIPAddress
    Specifies the IP address of the Network Access Server (NAS) that is requesting user authentication. An Access-Request should specify either an NAS IP address or an NAS identifier. The pValue member of EAP_ATTRIBUTE for this type points to a byte string.
  • eatNASport
    Specifies the physical or virtual private network (VPN) through which the user is connecting to the NAS. Notice that this value is not a port number in the sense of TCP or UDP. The pValue member of EAP_ATTRIBUTE for this type points to a byte string.
  • eatServiceType
    Specifies the type of service the user has requested or the type of service to be provided. The pValue member of EAP_ATTRIBUTE for this type points to a byte string.
  • eatFramedProtocol
    Specifies the type of framed protocol to use for framed access, for example SLIP, PPP, or ARAP (AppleTalk Remote Access Protocol). The pValue member of EAP_ATTRIBUTE for this type points to a byte string.
  • eatFramedIPAddress
    Specifies the IP address that is configured for the user requesting authentication. This attribute is typically returned by the authentication provider. However, the NAS may use it in an authentication request to specify a preferred IP address. The pValue member of EAP_ATTRIBUTE for this type points to a byte string.
  • eatFramedIPNetmask
    Specifies the IP network mask for a user that is a router to a network.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatFramedRouting
    Specifies the routing method for a user that is a router to a network.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatFilterId
    Specifies the name of the filter list for the user requesting authentication. The pValue member of EAP_ATTRIBUTE for this type points to a byte string.
  • eatFramedMTU
    Specifies the Maximum Transmission Unit (MTU) for the user. This attribute is used if the MTU is not negotiated through some another way, such as PPP. The pValue member of EAP_ATTRIBUTE for this type points to a byte string.
  • eatFramedCompression
    Specifies a compression protocol to use for the connection.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatLoginIPHost
    Specifies the system with which to connect the user.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatLoginService
    Specifies the service to use to connect the user to the host specified by eatLoginIPHost.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatLoginTCPPort
    Specifies the port to which to connect the user. This attribute is present only if the eatLoginService attribute is present.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatUnassigned17
    This value is currently unassigned

    This attribute type is not used by EAPHost methods or supplicants.

  • eatReplyMessage
    Specifies a message to display to the user. The pValue member of EAP_ATTRIBUTE for this type points to a byte string.

    This attribute type consumed by the PPP server supplicant. This attribute type should not be used by any other method or supplicant. eatEAPMessage should be used to sent displayable messages whenever possible.

  • eatCallbackNumber
    Specifies a callback number. The pValue member of EAP_ATTRIBUTE for this type points to a byte string.
  • eatCallbackId
    Specifies a location to call back. The value of this attribute is interpreted by the NAS. The pValue member of EAP_ATTRIBUTE for this type points to a byte string.
  • eatUnassigned21
    This value is currently unassigned.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatFramedRoute
    Specifies routing information to configure on the NAS for the user.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatFramedIPXNetwork
    Specifies the IPX network number to configure for the user.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatState
    Specifies state information that is provided to the client by the server. For RRAS authentication sessions, if authentication completed successfully and IAS returned attributes, this state information is saved and used as input when constructing the request attributes for IAS during the next packet cycle. The pValue member of EAP_ATTRIBUTE for this type points to a byte string. Refer to RFC 2865 for detailed information about this value.

    This attribute type is consumed by PPP server supplicants.

  • eatClass
    Specifies a value that is provided to the NAS by the authentication provider. The NAS should use this value when communicating with the accounting provider. The pValue member of EAP_ATTRIBUTE for this type points to a byte string.
  • eatVendorSpecific
    Specifies a field for vendor-supplied extended attributes.

    This field is used to store Microsoft Point-to-Point Encryption (MPPE) keys consumed by the 802.1X supplicant.

    The following table shows the structure of the data pointed to by the pValue member of EAP_ATTRIBUTE for this type.

    First Byte

    Last Byte

    Description

    0

    3

    Length: 4 bytes

    The vendor identifier. This field always has a value of 311.

    4

    4

    Length: 1 byte

    The type of MPPE key. If the attribute refers to a MPPE send key, this field has a value of 16. If the attribute refers to a MPPE receive key, this field has a value of 17.

    5

    5

    Length: 1 byte

    The MPPE vendor-specific attribute length. This field always has a value of 52.

    6

    7

    Length: 2 bytes

    Salt. This field always has a value of 0.

    8

    8

    Length: 1 byte

    The MPPE key length. This field always has a value of 32.

    9

    40

    Length: 32 bytes

    The MPPE key. The field contents are as follows:

    • For MPPE send keys used on a client, this field contains the first 32 bytes (bytes 0-31) of the master session key (MSK).
    • For MPPE send keys used on a server, this field contains the second 32 bytes (bytes 32-63) of the MSK.
    • For MPPE receive keys used on a client, this field contains the second 32 bytes (bytes 32-63) of the MSK.
    • For MPPE receive keys used on a server, this field contains the first 32 bytes (bytes 0-31) of the MSK.

    41

    55

    Length: 15 bytes

    Padding.

    This attribute type is consumed by 802.1X supplicants.

  • eatSessionTimeout
    Specifies the maximum number of seconds for which to provide service to the user. After this time, the session is terminated. The pValue member of EAP_ATTRIBUTE for this type points to a byte string.

    This attribute type is typically used by EAP methods to set the time-out duration for authentication inside an Access-Challenge packet. The duration of the time-out is determined by IAS, not the EAP method.

    For RRAS authentication sessions, if authentication succeeded and there is a pending packet to be sent, the packet is sent with an interactive time-out if the corresponding eatSessionTimeout value is greater than 10.

    This attribute type is consumed by PPP server supplicants.

  • eatIdleTimeout
    Specifies the maximum number of consecutive seconds the session can be idle. If the idle time exceeds this value, the session is terminated.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatTerminationAction
    Specifies an action the server performs when time that the connection terminates. Refer to the above-referenced files for detailed information about this value.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatCalledStationId
    Specifies the telephone number called by using Dialed Number Identification (DNIS) or similar technology. The telephone number called by the user may differ from the telephone number from which the call originated. This attribute type may also be used to store other types of information, such as MAC addresses. The pValue member of EAP_ATTRIBUTE for this type points to a byte string.
  • eatCallingStationId
    Specifies the originating telephone number for a call, by using Automatic Number Identification (ANI) or similar technology. This attribute type may also be used to store other types of information, such as MAC addresses. The pValue member of EAP_ATTRIBUTE for this type points to a byte string.
  • eatNASIdentifier
    Specifies the NAS identifier. An Access-Request should specify either an NAS identifier or an NAS IP address. The pValue member of EAP_ATTRIBUTE for this type points to a byte string.
  • eatProxyState
    Specifies a value that a proxy server includes when forwarding an authentication request.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatLoginLATService
    Not used.
  • eatLoginLATNode
    Not used.
  • eatLoginLATGroup
    Not used.
  • eatFramedAppleTalkLink
    Specifies the AppleTalk network number for the user when the user is another router.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatFramedAppleTalkNetwork
    Specifies the AppleTalk network number that the NAS should use to allocate an AppleTalk node for the user. This attribute is used only when the user is not another router.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatFramedAppleTalkZone
    Specifies the AppleTalk default zone for the user.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatAcctStatusType
    Specifies whether the accounting provider should start or stop accounting for the user.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatAcctDelayTime
    Specifies the length of time that the client has been attempting to send the current request.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatAcctInputOctets
    Specifies the number of octets that have been received during the current accounting session.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatAcctOutputOctets
    Specifies the number of octets that were sent during the current accounting session.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatAcctSessionId
    Specifies a value to enable the identification of matching start and stop records within a log file.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatAcctAuthentic
    Specifies, to the accounting provider, how the user was authenticated; for example by Directory Services, RADIUS, or some other authentication provider.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatAcctSessionTime
    Specifies the number of seconds that have elapsed in the current accounting session.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatAcctInputPackets
    Specifies the number of packets that have been received during the current accounting session.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatAcctOutputPackets
    Specifies the number of packets that have been sent during the current accounting session.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatAcctTerminateCause
    Specifies how the current accounting session was terminated.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatAcctMultiSessionId
    Specifies a value to enable the identification of related accounting sessions within a log file.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatAcctLinkCount
    Specifies the number of links if the current accounting session is using a multilink connection.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatAcctEventTimeStamp
    Specifies an attribute that is included in an accounting request packet. It specifies the time that the event occurred.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatMD5CHAPChallenge
    Specifies the CHAP challenge sent by the NAS to a CHAP user.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatNASPortType
    Specifies the type of the port through which NAS is authenticating the user, for example, asynchronous, ISDN, virtual. The pValue member of EAP_ATTRIBUTE for this type points to a byte string.
  • eatPortLimit
    Specifies the number of ports the NAS should make available to the user for multilink sessions.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatLoginLATPort
    Not used.
  • eatTunnelType
    Specifies the tunneling protocol that is used.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatTunnelMediumType
    Specifies which transport medium to use when it creates a tunnel for those protocols (such as L2TP) that can operate over multiple transports.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatTunnelClientEndpoint
    Points to the address of the initiator end of the tunnel.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatTunnelServerEndpoint
    Points to the address of the server end of the tunnel.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatARAPPassword
    Specifies a password to use for AppleTalk Remote Access Protocol (ARAP) authentication.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatARAPFeatures
    Specifies information that an NAS should send back to the user in an ARAP "feature flags" packet.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatARAPZoneAccess
    Specifies how to use the ARAP zone list for the user.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatARAPSecurity
    Specifies an ARAP security module to use during a secondary authentication phase between the NAS and the user.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatARAPSecurityData
    Specifies the data to use with an ARAP security module.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatPasswordRetry
    Specifies the number of password retry tries to allow the user access. This attribute type is deprecated for EAP and RADIUS/EAP.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatPrompt
    Specifies whether the NAS should echo the user response to a challenge.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatConnectInfo
    Specifies information about the type of connection the user is using.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatConfigurationToken
    Specifies user-profile information in communications between RADIUS Proxy Servers and RADIUS Proxy Clients.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatEAPMessage
    Specifies that EAP information be sent directly between the user and the authentication provider. For RRAS authentication sessions, this attribute type is used to retrieve the EAP message from the authenticator and send the message to the client. The pValue member of EAP_ATTRIBUTE for this type points to a byte string.

    This attribute type is consumed by PPP server supplicants.

  • eatSignature
    Specifies a signature to include with CHAP, EAP, or ARAP packets.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatARAPChallengeResponse
    Specifies the response to a Apple Remote Access Protocol (ARAP) challenge. In ARAP, either the server or the client may respond to challenges.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatAcctInterimInterval
    Specifies the time, in seconds, between accounting updates.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatNASIPv6Address
    The IPv6 address of the NAS requesting user authentication. This address should be unique to the NAS within the scope of the RADIUS server. The pValue member of EAP_ATTRIBUTE for this type points to a byte string.
  • eatFramedInterfaceId
    The IPv6 interface identifier to be configured for the user. The pValue member of EAP_ATTRIBUTE for this type points to a byte string.
  • eatFramedIPv6Prefix
    The IPv6 prefix (and corresponding route) to be configured for the user. The pValue member of EAP_ATTRIBUTE for this type points to a byte string.
  • eatLoginIPv6Host
    Not used.
  • eatFramedIPv6Route
    Not used.
  • eatFramedIPv6Pool
    Not used.
  • eatARAPGuestLogon
    Specifies a Apple Remote Access Protocol (ARAP) guest logon.

    This attribute type is not used by EAPHost methods or supplicants.

  • eatEAPConfiguration
    Not used.
  • eatPEAPEmbeddedEAPTypeId
    The identifier of the inner EAP method that is used in PEAP authentication. The pValue member of EAP_ATTRIBUTE for this type points to a DWORD. Only the least significant byte of the DWORD is meaningful.

    This attribute type is exported by PEAP methods and is not consumed by any supplicant.

  • eatPEAPFastRoamedSession
    Specifies whether PEAP fast reconnect is used by the authenticator. The pValue member of EAP_ATTRIBUTE for this type points to a DWORD. If pValue points to 0, fast reconnect is not used by the authenticator. If pValue points to a nonzero value, fast reconnect is used by the authenticator.

    This attribute type is exported by PEAP methods and consumed by PPP client supplicants.

  • eatCredentialsChanged
    Specifies whether credentials have changed during EAP authentication. The pValue member of EAP_ATTRIBUTE for this type points to a DWORD. If pValue points to 0, the credentials have not changed. If pValue points to a nonzero value, credentials have changed.

    This attribute type may be exported by MS-CHAPv2 methods, and is consumed by PPP client supplicants.

  • eatInnerEapMethodType
    The inner EAP method that is used inside native tunnel methods. The pValue member of EAP_ATTRIBUTE for this type points to an EAP_METHOD_TYPE structure.

    This attribute type is exported by EAP methods.

  • eatClearTextPassword
    The password, in clear text, of the user to be authenticated. This attribute type is sent by EAP methods that use EAPHost to raise the identity user interface. The pValue member of EAP_ATTRIBUTE for this type points to an EAP_METHOD_TYPE structure.

    This attribute type is exported by EAPHost.

  • eatQuarantineSoH
    Contains SoH request and response information that is used during EAP authentication. The pValue member of EAP_ATTRIBUTE for this type points to a byte string.

    This attribute type is exported by EAPHost and PEAP methods, and consumed by PPP server supplicants.

  • eatPeerId
    The peer identity provided in the identity response message (EAP-Response/Identity). This identity may differ from the peer identity authenticated by the EAP method. The pValue member of EAP_ATTRIBUTE for this type points to an ASCII string. The string will be NULL if the EAP peer identity does not exist. For more information, see the Key Management Framework draft specification at this Internet Engineering Task Force (IETF) Web site.

    This attribute type is exported by EAP methods and consumed by supplicants.

  • eatServerId
    The identity of the server that is used when the EAP method authenticates to the server. The pValue member of EAP_ATTRIBUTE for this type points to an ASCII string. The string will be NULL if an EAP method does not define a method-specific peer identity. For more information, see the Key Management Framework draft specification at this Internet Engineering Task Force (IETF) Web site.

    This attribute type is exported by EAP methods and consumed by supplicants.

  • eatMethodId
    A temporally unique method identifier that identifies an EAP session of a given type between an peer and a server. Any EAP method that derives keys must specify this attribute type. The pValue member of EAP_ATTRIBUTE for this type points to a DWORD. For more information, see the Key Management Framework draft specification at this Internet Engineering Task Force (IETF) Web site.

    This attribute type is exported by EAPHost methods and other EAP methods, and consumed by supplicants.

  • eatEMSK
    The extended session master key (EMSK). This key material is derived between the peer and the server, and should not be shared with a third-party. The pValue member of EAP_ATTRIBUTE for this type points to a byte string, that should contain at least 64 octets of key material. For more information, see the Key Management Framework draft specification at this Internet Engineering Task Force (IETF) Web site.

    This attribute type is exported by EAP methods and consumed by supplicants.

  • eatSessionId
    An attribute type which carries the session identity
  • eatReserved
    Not used.

See Also

Reference

Common EAPHost Enumerations