RADIUS Attribute - Service-Type

As per RFC 2865:

This Attribute indicates the type of service the user has requested, or the type of service to be provided. It MAY be used in both Access-Request and Access-Accept packets. A NAS is not required to implement all of these service types, and MUST treat unknown or unsupported Service-Types as though an Access-Reject had been received instead.

 

A summary of the Service-Type Attribute format is shown below. The fields are transmitted from left to right.

 

Type (IETF Attribute Number) = (6) for Service-Type.
Length = 6
Value: The Value field is four octets.

 

 

 

1

Login

2

Framed

3

Callback Login

4

Callback Framed

5

Outbound

6

Administrative

7

NAS Prompt

8

Authenticate Only

9

Callback NAS Prompt

10

Call Check

11

Callback Administrative

 

The service types are defined as follows when used in an Access-Accept.  When used in an Access-Request, they MAY be considered to be a hint to the RADIUS server that the NAS has reason to believe the user would prefer the kind of service indicated, but the server is not required to honor the hint.

 

Login - The user should be connected to a host.

Framed - A Framed Protocol should be started for the User, such as PPP or SLIP.

Callback Login - The user should be disconnected and called back, then connected to a host.

Callback Framed - The user should be disconnected and called back, then a Framed Protocol should be started for the User, such as PPP or SLIP.

Outbound - The user should be granted access to outgoing devices.

Administrative - The user should be granted access to the administrative interface to the NAS from which privileged commands can be executed.

NAS Prompt - The user should be provided a command prompt on the NAS from which non-privileged commands can be executed.

Authenticate Only - Only Authentication is requested, and no authorization information needs to be returned in the Access-Accept (typically used by proxy servers rather than the NAS itself).

Callback - NAS Prompt The user should be disconnected and called back, then provided a command prompt on the NAS from which non-privileged commands can be executed.

Call Check - Used by the NAS in an Access-Request packet to indicate that a call is being received and that the RADIUS server should send back an Access-Accept to answer the call, or an Access-Reject to not accept the call, typically based on the Called-Station-Id or Calling-Station-Id attributes.  It is recommended that such Access-Requests use the value of Calling-Station-Id as the value of the User-Name.

Callback Administrative - The user should be disconnected and called back, then granted access to the administrative interface to the NAS from which privileged commands can be executed.