Creating Server-Side Attributes
It is necessary to define new server-side attributes when creating
custom local configurations, such as defining groups via the
man rlm_passwd). In other situations, local policies will
need "place holder" attributes. These attributes are used to contain
data such as a "local policy name". Since there is no standard attribute
defining a "local policy name", one has to be created. Since this data
is never sent in a request or response packet, the attribute should be a
When defining a new attribute, some general rules apply. The
attribute name should be chosen to be globally unique, to avoid conflict
with other attribute names. Using the name or acronym of your
organization as the first word of the attribute name is usually a good
The attribute number should be between
4000, to avoid
conflict with other server-side attributes defined in newer releases of
the server. This range has been allocated by the server for "site local"
attribute definitions, and no release will ever define attributes in
The attribute number should be assigned to one, and only one, name. Assigning two different names to the same number will cause a parse error, and the server will refuse to start.
The attribute type should be one of the well-known data types defined above. It is unfortunately impossible to define a new data type in a dictionary, as doing so will result in a parse error, and the server will refuse to start.
Other than as described above, the choice of attribute meaning is completely open. Once defined, these attributes may be used in the server wherever an attribute is valid. The only caveat is that they cannot be placed into a RADIUS packet.