1 The variables defined by the server are:
3 %{Attribute-Name} Corresponding value for Attribute-Name
5 %{request:Attribute-Name} Corresponding value for Attribute-Name
7 %{reply:Attribute-Name} Corresponding value for Attribute-Name
9 %{check:Attribute-Name} Corresponding value for Attribute-Name
10 in check items for request
11 %{proxy-reply:Attribute-Name} Corresponding value for Attribute-Name
12 in the proxy reply (if it exists)
15 %{config:section.subsection.item} Corresponding value in 'radiusd.conf'
16 for the string value of that item.
18 The %{config:...} variables should be used VERY carefully, as they
19 may leak secret information from your RADIUS server, if you use them
20 in reply attributes to the NAS!
24 %{User-Name} The string value of the User-Name attribute.
25 %{proxy-reply:Framed-Protocol} The string value of the Framed-Protocol
26 attribute, from the proxy reply.
27 %{config:modules.unix.passwd} The string value of the 'passwd' configuration
28 item in the 'unix' module, in the 'modules'
29 section of radiusd.conf.
31 Variables are used in dynamically translated strings. Most of the
32 configuration entries in radiusd.conf (and related files) will do
33 dynamic string translation. To do the same dynamic translation in
34 RADIUS attributes, you must put the string into an back-quoted string:
36 Session-Timeout = `%{expr: 2 + 3}`
38 To do the dynamic translation in the 'radiusd.conf' (or some other
39 configuration files), just use the variable as-is. See 'radiusd.conf'
43 Additionally, you can use conditional syntax similar to ${foo:-bar} as
44 defined in 'sh'. For example:
47 When attribute Foo is set: returns value of Foo
48 When attribute Foo unset: returns literal string 'bar'
51 When attribute Foo is set: returns value of attribute Foo
52 When attribute Foo unset: returns value of attribute Bar (if any)
54 3. %{Foo:-%{bar:-baz}}
55 When attribute Foo is set: returns value of attribute Foo
56 When attribute Foo unset: returns value of attribute Bar (if any)
57 When attribute Bar unset: returns literal string 'baz'
60 When calling an external program (e.g. from Exec-Program-Wait), these
61 variables can be passed on the command line to the program. In
62 addition, the server places all of the attributes in the RADIUS
63 request into environment variables for the external program. The
64 variables are renamed under the following rules:
66 1. All letters are made upper-case.
68 2. All hyphens '-' are turned into underscores '_'
70 so the attribute User-Name can be passed on the command line to the
71 program as %{User-Name}, or used inside the program as the environment
72 variable USER_NAME (or $USER_NAME for shell scripts).
74 If you want to see the list of all of the variables, try adding a line
75 'printenv > /tmp/exec-program-wait' to the script. Then look in the
76 file for a complete list of variables.
78 The following one-character variables are also defined. However, they
79 are duplicates of the previous general cases, and are only provided
80 for backwards compatibility. They WILL BE removed in a future
81 release. They also do NOT permit the use of conditional syntax
82 (':-'), as described above.
85 Variable Description Proper Equivalent
86 -------- ----------- ----------------
87 %a Protocol (SLIP/PPP) %{Framed-Protocol}
88 %c Callback-Number %{Callback-Number}
90 %f Framed IP address %{Framed-IP-Address}
91 %i Calling Station ID %{Calling-Station-Id}
94 %n NAS IP address %{NAS-IP-Address}
95 %p Port number %{NAS-Port-Id}
96 %s Speed (PW_CONNECT_INFO) %{Connect-Info}
97 %t request in ctime format
98 %u User name %{User-Name}
99 %A radacct_dir %{config:radacctdir}
101 %D request date (YYYYMMDD)
103 %L radlog_dir %{config:logdir}
105 %R radius_dir %{config:raddbdir}
110 %U Stripped User name %{Stripped-User-Name}
111 %V Request-Authenticator
113 %Y request year (YYYY)
114 %Z All request attributes
116 (must have a big buffer)