RADREP - Microsoft IAS Database Compatible Format RADIUS Attributes

Microsoft IAS RADIUS Attribute Sequence
(Database Compatible Log Format Only)

Microsoft's database-import log format for IAS log files became available with the launch of Windows 2000. Unlike the IAS-Standard log format, logs written in database-import log format present the data in a standard sequence that is identical regardless of the network access server (NAS) sending the data.

As the data is always written in a standard field sequence, all you need to do in order to add a custom field to the RADREP 'Usage Detailed' report is count through the fields (which are comma separated) until you reach the field you want to report on. This field number can then be entered into the 'Attrib Name or MS# or Field#' edit box on the 'Detailed Usage Report - Display Field Selection' screen in RADREP.

To simplify locating the field number of the attribute you want to report on, the following table shows the 'Field Number' and corresponding RADIUS attribute. Each of the listed attributes can be contained in a record that is part of the database-import log file, although the actual attributes recorded will depend on how your NAS server (RADIUS client) has been configured in regards to what accounting information it sends to the IAS server.

IAS database compatible format logs do not support reporting on Vendor-Specific Attributes, so if you have a requirement to report on vendor-specific RADIUS attributes you will have to stick with using the IAS-Standard log format.

Field Number Attribute Data type Represents

1 ComputerName Text Name of the server where the packet was received.
(This is an IAS-internal attribute.)

2 ServiceName Text Name of the service that generated the record, IAS or Windows 2000 remote access.
(This is an IAS-internal attribute.)

3 Record-Date Time Date at the IAS or remote access server.
(This is an IAS-internal attribute.)

4 Record-Time Time Time at the IAS or remote access server.
(This is an IAS-internal attribute.)

5 Packet-Type Number Type of packet. Can be:

1 = Accept-Request
2 = Access-Accept
3 = Access-Reject
4 = Accounting-Request

(This is an IAS-internal attribute.)

6 User-Name Text User's claimed identity.

7 Fully-Qualified-User-Name Text User name in canonical format.
(This is an IAS-internal attribute.)

8 Called-Station-Id Text Phone number dialed by user.

9 Calling-Station-Id Text Phone number from which call originated.

10 Callback-Number Text Callback phone number.

11 Framed-IP-Address Text Framed address to be configured for user.

12 NAS-Identifier Text Text identifying the NAS originating the request.

13 NAS-IP-Address Text The IP address of the NAS originating the request.

14 NAS-Port Number Physical port number of the NAS originating the request.

15 Client-Vendor Number Manufacturer of NAS.
(This is an IAS-internal attribute.)

16 Client-IP-Address Text The IP address of RADIUS client.
(This is an IAS-internal attribute.)

17 Client-Friendly-Name Text Friendly name for the RADIUS client.
(This is an IAS-internal attribute.)

18 Event-Timestamp Time The date and time that this event occurred on the NAS.

19 Port-Limit Number Maximum number of ports that NAS provides to the user.

20 NAS-Port-Type Number Type of physical port used by the NAS originating the request.

21 Connect-Info Text Indicates the nature of user's connection.

22 Framed-Protocol Number The protocol to be used.

23 Service-Type Number Type of service user has requested.

24 Authentication-Type Number Authentication scheme use to verify user. Can be:

1 = PAP
2 = CHAP
3 = MS-CHAP v1
4 = MS-CHAP v2
5 = EAP
7 = None
8 =Custom

(This is an IAS-internal attribute.)

25 NP-Policy-Name Text Friendly name of the remote access policy that granted or denied access. This attribute is logged in authentication accept and reject requests. If a user is rejected because none of the remote access policies matched, then this attribute is blank.

26 Reason-Code Number Reason for rejecting a user. Can be:

0 = IAS_SUCCESS
1 = IAS_INTERNAL_ERROR
2 = IAS_ACCESS_DENIED
3 = IAS_MALFORMED_REQUEST
4 = IAS_GLOBAL_CATALOG_UNAVAILABLE
5 = IAS_DOMAIN_UNAVAILABLE
6 = IAS_SERVER_UNAVAILABLE
7 = IAS_NO_SUCH_DOMAIN
8 = IAS_NO_SUCH_USER
16 = IAS_AUTH_FAILURE
17 = IAS_CHANGE_PASSWORD_FAILURE
18 = IAS_UNSUPPORTED_AUTH_TYPE
32 = IAS_LOCAL_USERS_ONLY
33 = IAS_PASSWORD_MUST_CHANGE
34 = IAS_ACCOUNT_DISABLED
35 = IAS_ACCOUNT_EXPIRED
36 = IAS_ACCOUNT_LOCKED_OUT
37 = IAS_INVALID_LOGON_HOURS
38 = IAS_ACCOUNT_RESTRICTION
48 = IAS_NO_POLICY_MATCH
64 = IAS_DIALIN_LOCKED_OUT
65 = IAS_DIALIN_DISABLED
66 = IAS_INVALID_AUTH_TYPE
67 = IAS_INVALID_CALLING_STATION
68 = IAS_INVALID_DIALIN_HOURS
69 = IAS_INVALID_CALLED_STATION
70 = IAS_INVALID_PORT_TYPE
71 = IAS_INVALID_RESTRICTION
80 = IAS_NO_RECORD
96 = IAS_SESSION_TIMEOUT
97 = IAS_UNEXPECTED_REQUEST

(This is an IAS-internal attribute.)

27 Class Text Attribute sent to client in an access-accept packet. The format is:

Type Always contains the value 25. 1 octet.
Length Always 20 or more. 1 octet.
Checksum Contains an Adler-32 checksum computed over the remainder of the Class attribute. 4 octets.
Vendor-Id The high-order octet is 0 and the low-order 3 octets are the SMI Network Management Private Enterprise Code of the Vendor in network byte order, as defined in the IETF RFC 1007 "Vendor SMI Network Management Private Enterprise Codes". 4 octets.
Version Always contains the value of 1. 2 octets.
Server-Address This field contains the IP address of the RADIUS server that issued the Access-Challenge. For multihomed servers,this will be the address of the network interface that received the original Access-Request. 2 octets.
Service-Reboot-Time Specifies the time at which the first serial number was returned. 8 octets.
Unique-Serial-Number 8 octets.
String Can be used to classify the accounting records so that this information can be used for further analysis. In IAS, the Class attribute from the profile should be copied into this String. 0 or more octets.

The combination of Serial-Number, Service-Reboot-Time, and Server-Address should be a unique identification for each authentication that the server accepted. This combination is used for correlating accounting records with the authentications.

28 Session-Timeout Number Length of time (in seconds) before session is terminated.

29 Idle-Timeout Number Length of idle time (in seconds) before session is terminated.

30 Termination-Action Number Action NAS should take when service is completed.

31 EAP-Friendly-Name Text EAP friendly name.

32 Acct-Status-Type Number Specifies whether accounting packet starts or stops a bridging, routing, or terminal server session.

33 Acct-Delay-Time Number Length of time (in seconds) for which the NAS has been sending the same accounting packet.

34 Acct-Input-Octets Number Number of octets received during the session.

35 Acct-Output-Octets Number Number of octets sent during the session.

36 Acct-Session-Id Text Unique numeric string identifying the server session.

37 Acct-Authentic Number Specifies which server authenticated an incoming call.

38 Acct-Session-Time Number Length of time (in seconds) for which the session has been logged in.

39 Acct-Input-Packets Number Number of packets received during the session.

40 Acct-Output-Packets Number Number of packets sent during the session.

41 Acct-Terminate-Cause Number Reason a connection was terminated.

42 Acct-Multi-Ssn-Id Text Unique numeric string identifying the multilink session.

43 Acct-Link-Count Number Number of links in a multilink session.

44 Acct-Interim-Interval Number Length of interval (in seconds) between each interim update the NAS sends.

45 Tunnel-Type Number Tunneling protocols to be used.

46 Tunnel-Medium-Type Number Transport medium to use when creating a tunnel for protocols (such as L2TP) that can operate over multiple transports.

47 Tunnel-Client-Endpt Text The IP address of the initiator end of the tunnel.

48 Tunnel-Server-Endpt Text The IP address of the server end of the tunnel.

49 Acct-Tunnel-Conn Text

50 Tunnel-Pvt-Group-ID Text Group ID for a particular tunneled session.

51 Tunnel-Assignment-ID Text Tunnel to which a session is to be assigned.

52 Tunnel-Preference Number

53 MS-Acct-Auth-Type Number Routing and Remote Access service attribute. See RFC 2548.

54 MS-Acct-EAP-Type Number Routing and Remote Access service attribute. See RFC 2548.

55 MS-RAS-Version Text Routing and Remote Access service attribute. See RFC 2548.

56 MS-RAS-Vendor Number Routing and Remote Access service attribute. See RFC 2548.

57 MS-CHAP-Error Text Routing and Remote Access service attribute. See RFC 2548.

58 MS-CHAP-Domain Text Routing and Remote Access service attribute. See RFC 2548.

59 MS-MPPE-Encryption-Types Number Routing and Remote Access service attribute. See RFC 2548.

60 MS-MPPE-Encryption-Policy Number Routing and Remote Access service attribute. See RFC 2548.

Field Number	Attribute	Data type	Represents
1	ComputerName	Text	Name of the server where the packet was received. (This is an IAS-internal attribute.)
2	ServiceName	Text	Name of the service that generated the record, IAS or Windows 2000 remote access. (This is an IAS-internal attribute.)
3	Record-Date	Time	Date at the IAS or remote access server. (This is an IAS-internal attribute.)
4	Record-Time	Time	Time at the IAS or remote access server. (This is an IAS-internal attribute.)
5	Packet-Type	Number	Type of packet. Can be: 1 = Accept-Request 2 = Access-Accept 3 = Access-Reject 4 = Accounting-Request (This is an IAS-internal attribute.)
6	User-Name	Text	User's claimed identity.
7	Fully-Qualified-User-Name	Text	User name in canonical format. (This is an IAS-internal attribute.)
8	Called-Station-Id	Text	Phone number dialed by user.
9	Calling-Station-Id	Text	Phone number from which call originated.
10	Callback-Number	Text	Callback phone number.
11	Framed-IP-Address	Text	Framed address to be configured for user.
12	NAS-Identifier	Text	Text identifying the NAS originating the request.
13	NAS-IP-Address	Text	The IP address of the NAS originating the request.
14	NAS-Port	Number	Physical port number of the NAS originating the request.
15	Client-Vendor	Number	Manufacturer of NAS. (This is an IAS-internal attribute.)
16	Client-IP-Address	Text	The IP address of RADIUS client. (This is an IAS-internal attribute.)
17	Client-Friendly-Name	Text	Friendly name for the RADIUS client. (This is an IAS-internal attribute.)
18	Event-Timestamp	Time	The date and time that this event occurred on the NAS.
19	Port-Limit	Number	Maximum number of ports that NAS provides to the user.
20	NAS-Port-Type	Number	Type of physical port used by the NAS originating the request.
21	Connect-Info	Text	Indicates the nature of user's connection.
22	Framed-Protocol	Number	The protocol to be used.
23	Service-Type	Number	Type of service user has requested.
24	Authentication-Type	Number	Authentication scheme use to verify user. Can be: 1 = PAP 2 = CHAP 3 = MS-CHAP v1 4 = MS-CHAP v2 5 = EAP 7 = None 8 =Custom (This is an IAS-internal attribute.)
25	NP-Policy-Name	Text	Friendly name of the remote access policy that granted or denied access. This attribute is logged in authentication accept and reject requests. If a user is rejected because none of the remote access policies matched, then this attribute is blank.
26	Reason-Code	Number	Reason for rejecting a user. Can be: 0 = IAS_SUCCESS 1 = IAS_INTERNAL_ERROR 2 = IAS_ACCESS_DENIED 3 = IAS_MALFORMED_REQUEST 4 = IAS_GLOBAL_CATALOG_UNAVAILABLE 5 = IAS_DOMAIN_UNAVAILABLE 6 = IAS_SERVER_UNAVAILABLE 7 = IAS_NO_SUCH_DOMAIN 8 = IAS_NO_SUCH_USER 16 = IAS_AUTH_FAILURE 17 = IAS_CHANGE_PASSWORD_FAILURE 18 = IAS_UNSUPPORTED_AUTH_TYPE 32 = IAS_LOCAL_USERS_ONLY 33 = IAS_PASSWORD_MUST_CHANGE 34 = IAS_ACCOUNT_DISABLED 35 = IAS_ACCOUNT_EXPIRED 36 = IAS_ACCOUNT_LOCKED_OUT 37 = IAS_INVALID_LOGON_HOURS 38 = IAS_ACCOUNT_RESTRICTION 48 = IAS_NO_POLICY_MATCH 64 = IAS_DIALIN_LOCKED_OUT 65 = IAS_DIALIN_DISABLED 66 = IAS_INVALID_AUTH_TYPE 67 = IAS_INVALID_CALLING_STATION 68 = IAS_INVALID_DIALIN_HOURS 69 = IAS_INVALID_CALLED_STATION 70 = IAS_INVALID_PORT_TYPE 71 = IAS_INVALID_RESTRICTION 80 = IAS_NO_RECORD 96 = IAS_SESSION_TIMEOUT 97 = IAS_UNEXPECTED_REQUEST (This is an IAS-internal attribute.)
27	Class	Text	Attribute sent to client in an access-accept packet. The format is: Type Always contains the value 25. 1 octet. Length Always 20 or more. 1 octet. Checksum Contains an Adler-32 checksum computed over the remainder of the Class attribute. 4 octets. Vendor-Id The high-order octet is 0 and the low-order 3 octets are the SMI Network Management Private Enterprise Code of the Vendor in network byte order, as defined in the IETF RFC 1007 "Vendor SMI Network Management Private Enterprise Codes". 4 octets. Version Always contains the value of 1. 2 octets. Server-Address This field contains the IP address of the RADIUS server that issued the Access-Challenge. For multihomed servers,this will be the address of the network interface that received the original Access-Request. 2 octets. Service-Reboot-Time Specifies the time at which the first serial number was returned. 8 octets. Unique-Serial-Number 8 octets. String Can be used to classify the accounting records so that this information can be used for further analysis. In IAS, the Class attribute from the profile should be copied into this String. 0 or more octets. The combination of Serial-Number, Service-Reboot-Time, and Server-Address should be a unique identification for each authentication that the server accepted. This combination is used for correlating accounting records with the authentications.
28	Session-Timeout	Number	Length of time (in seconds) before session is terminated.
29	Idle-Timeout	Number	Length of idle time (in seconds) before session is terminated.
30	Termination-Action	Number	Action NAS should take when service is completed.
31	EAP-Friendly-Name	Text	EAP friendly name.
32	Acct-Status-Type	Number	Specifies whether accounting packet starts or stops a bridging, routing, or terminal server session.
33	Acct-Delay-Time	Number	Length of time (in seconds) for which the NAS has been sending the same accounting packet.
34	Acct-Input-Octets	Number	Number of octets received during the session.
35	Acct-Output-Octets	Number	Number of octets sent during the session.
36	Acct-Session-Id	Text	Unique numeric string identifying the server session.
37	Acct-Authentic	Number	Specifies which server authenticated an incoming call.
38	Acct-Session-Time	Number	Length of time (in seconds) for which the session has been logged in.
39	Acct-Input-Packets	Number	Number of packets received during the session.
40	Acct-Output-Packets	Number	Number of packets sent during the session.
41	Acct-Terminate-Cause	Number	Reason a connection was terminated.
42	Acct-Multi-Ssn-Id	Text	Unique numeric string identifying the multilink session.
43	Acct-Link-Count	Number	Number of links in a multilink session.
44	Acct-Interim-Interval	Number	Length of interval (in seconds) between each interim update the NAS sends.
45	Tunnel-Type	Number	Tunneling protocols to be used.
46	Tunnel-Medium-Type	Number	Transport medium to use when creating a tunnel for protocols (such as L2TP) that can operate over multiple transports.
47	Tunnel-Client-Endpt	Text	The IP address of the initiator end of the tunnel.
48	Tunnel-Server-Endpt	Text	The IP address of the server end of the tunnel.
49	Acct-Tunnel-Conn	Text
50	Tunnel-Pvt-Group-ID	Text	Group ID for a particular tunneled session.
51	Tunnel-Assignment-ID	Text	Tunnel to which a session is to be assigned.
52	Tunnel-Preference	Number
53	MS-Acct-Auth-Type	Number	Routing and Remote Access service attribute. See RFC 2548.
54	MS-Acct-EAP-Type	Number	Routing and Remote Access service attribute. See RFC 2548.
55	MS-RAS-Version	Text	Routing and Remote Access service attribute. See RFC 2548.
56	MS-RAS-Vendor	Number	Routing and Remote Access service attribute. See RFC 2548.
57	MS-CHAP-Error	Text	Routing and Remote Access service attribute. See RFC 2548.
58	MS-CHAP-Domain	Text	Routing and Remote Access service attribute. See RFC 2548.
59	MS-MPPE-Encryption-Types	Number	Routing and Remote Access service attribute. See RFC 2548.
60	MS-MPPE-Encryption-Policy	Number	Routing and Remote Access service attribute. See RFC 2548.

If you have found this page via a search engine you might want to go to the RADREP Home Page.