I use freeradius-1.1.0 built from FreeBSD ports on FreeBSD. There is the following comment in default raddb/dictionary.sample (this file probably comes from the FreeBSD port):
# # Place additional attributes or $INCLUDEs here. They will # over-ride the definitions in the pre-defined dictionaries. # But this doesn't seem to be true or, at least, entirely true. For example, I place the following lines in my raddb/dictionary: # big all-inclusive freeradius dictionary $INCLUDE /usr/local/share/freeradius/dictionary # my local dictionary $INCLUDE /usr/local/local/dictionary.mine And dictionary.mine has this content: #try to override Digest-Response with value from # draft-ietf-radext-digest-auth-06.txt ATTRIBUTE Digest-Response 102 string Then I get the following error on radiusd startup: $ radiusd -sfxxyz -l stdout ... Errors reading dictionary: dict_init: /usr/local/local/dictionary.mine[3]: dict_addattr: Duplicate attribute name Digest-Response Errors reading radiusd.conf Shouldn't I be able to override name->number mapping for attributes ? How to work around this problem ? Is copying the "all-inclusive" dictionary and throwing out the following line the only solution ? ATTRIBUTE Digest-Response 206 string On a related note - is it a good idea in general to have digest authentication stuff defined in main dictionary file and dictionary.freeradius.internal ? Especially given that those definitions are based on the very old and expired draft and are very unlikely to become standard. I think that those definitions should be clearly separated into their own dictionary and they should also somehow be marked as based on the draft-sterman-aaa-sip-00.txt and conflicting with the subsequent drafts, including the latest one (draft-ietf-radext-digest-auth-06.txt). -- Andriy Gapon - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html