Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

ON THIS PAGE

    Vendor-Specific Attributes

     

    This appendix describes the Juniper Networks vendor-specific attributes used with Steel-Belted Radius Carrier.

    Table 206: Steel-Belted Radius Carrier Vendor-Specific Attributes

    Attribute Name

    Purpose

    Funk-Allowed-Access-Hours

    May be placed in the check list for a user or profile entry to control the exact time periods during which a user may be allowed access.

    Funk-Allowed-Access-Hours is a variable-length string that identifies time periods in a 7-day week of 24-hour days. This string consists of one or more day specifiers (each of which may list one or more days and/or ranges of days) followed by one or more ranges of 24-hour times, in minutes.

    Funk-Concurrent-Login-Limit

    Reserved for future use.

    Funk-Full-User-Name

    Reserved for future use.

    Funk-Location-Group-Id

    Added to an inbound authentication or accounting request when the request is matched to a location group and AddFunkLocationGroupIdToRequest is set to 1 in the radius.ini file.

    The value of the attribute is the name of the location group.

    Funk-Peer-Cert-Hash

    Added to the list of attributes available for secondary authorization processing when EAP-TLS is loaded as an automatic EAP helper. The attribute is added to the request only if Include_Certificate_Info in the [Secondary_Authorization] section of tlsauth.eap is set to 1.

    The value of the attribute is the hexadecimal ASCII representation of the SHA1 hash of the client's certificate.

    Funk-Peer-Cert-Issuer

    Added to the list of attributes available for secondary authorization processing when EAP-TLS is loaded as an automatic EAP helper. The attribute is added to the request only if Include_Certificate_Info in the [Secondary_Authorization] section of tlsauth.eap is set to 1.

    The value of the attribute is the contents of the Issuer attribute of the client's certificate.

    Funk-Peer-Cert-Principal

    Added to the list of attributes available for secondary authorization processing when EAP-TLS is loaded as an automatic EAP helper. The attribute is added to the request only if Include_Certificate_Info in the [Secondary_Authorization] section of tlsauth.eap is set to 1.

    The value of the attribute is the contents of the Subject Alternate Name or Other Name attribute of the client's certificate.

    Funk-Peer-Cert-Subject

    Added to the list of attributes available for secondary authorization processing when EAP-TLS is loaded as an automatic EAP helper. The attribute is added to the request only if Include_Certificate_Info in the [Secondary_Authorization] section of tlsauth.eap is set to 1.

    The value of the attribute is the contents of the Subject attribute of the client's certificate.

    Funk-Round-Robin-Group

    May be placed in the return list for a user or profile entry to dynamically assign an attribute set from an Attribute Value Pool at login time.

    The value of this attribute must be set to the .rr file name which defines the Attribute Value Pool.

    Funk-Source-IP-Address

    Added to the list of attributes available for request processing if AddSourceIPAddressAttrToRequest is set to 1 in the [Configuration] section of the radius.ini file.

    The value of the attribute is the IP address from which the packet containing the request was received.

    Funk-Source-IPv6-Address

    Reserved for future use.

    Funk-Tribe-Name

    Reserved for future use.