Purpose of the Dictionaries
The primary purpose of the dictionaries is to map descriptive names
to attribute numbers in a packet. For efficiency reasons, each packet
contains an "encoded" version of an attribute. The encoded version is
binary data and is not readable, unlike a string (such as
"bob"). The encoded version cannot be used in the server policies, so
descriptive names are used instead.
The dictionaries secondary function is to define data types for an
attribute. As with the names, the data types are not encoded in a
packet. Instead, the types are stored in a dictionary on the server.
When the server needs to determine how to encode a
looks up that information in a dictionary. When the server needs to
decode an attribute from a packet, it looks up that information in the
dictionary as well, for example, to determine that the attribute
should be interpreted as a
User-Name of type
Finally, the dictionaries provide for easy extension of the protocol. New attributes can be defined in a dictionary without changing any of the source code of a server or a client. These attributes can then be used as part of a policy decision or logged as part of an accounting record. This capability lets equipment vendors define new functionality for their equipment by publishing a dictionary file. For example, if a server does not support an NAS, in many cases support may be added by writing the correct dictionary file for that NAS.
The main function of the dictionaries is most apparent when they are not available. In that case, the server displays the attribute name and data as hex strings; this is not very helpful to an administrator.
While dictionaries are part of the server’s configuration, they are
generally not meant to be edited by administrators. For that reason,
they are located in the system "shared file" directory, which is usually
/usr/share/freeradius/. In contrast, the
raddb/ directory contains
dictionary file that references the main dictionaries. It can
also be used to make local attribute definitions.