The External RADIUS Interface protocol is based on the generic Helper Protocol. This manual describes the External RADIUS Interface Version 2.
If the External RADIUS program is enabled, it is used after the user password is verified. The Server sends it the following command:
nnnnnn LOGIN name@domain attributes settings
If the login request is accepted, the Helper program should return a positive response:
nnnnnn ACCEPT attributes
If the password was not accepted, a negative response should be returned:
nnnnnn REJECT optional-error-message
If the External RADIUS program is enabled, it is used to process the Start, Stop, and Interim-Update accounting requests. The Server sends the following command:
nnnnnn ACCNT command name@domain attributes
The Helper program should return a positive response:
The attributes in dictionaries should use the attribute type numeric values as keys (for example 27 for Session-Timeout).
The following attributes are interpreted as 32-bit integer values and they are encoded as numeric strings in dictionaries: NAS-Port, Service-Type, Framed-Protocol, Framed-Routing, Framed-MTU, Framed-Compression, Login-Service, Login-TCP-Port, Framed-IPX-Network, Session-Timeout, Idle-Timeout, Termination-Action, Framed-AppleTalk-Link, Framed-AppleTalk-Network, Event-Timestamp, NAS-Port-Type, Port-Limit, ARAP-Zone-Access, Password-Retry, Prompt, Tunnel-Type, Tunnel-Medium-Type, Tunnel-Preference, Acct-Interim-Interval, Acct-Delay-Time, Acct-Input-Octets, Acct-Output-Octets, Acct-Authentic, Acct-Session-Time, Acct-Input-Packets, Acct-Output-Packets, Acct-Terminate-Cause, Acct-Link-Count, Acct-Input-Gigawords, Acct-Output-Gigawords.
The following attributes are interpreted as 32-bit IP addresses and they are encoded as aaa.bbb.ccc.ddd strings in dictionaries: NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Login-IP-Host.
The following attributes are ignored in Helper responses:
All other attribute values ar