4 The run-time variables defined by the server are:
6 %{Attribute-Name} The value of the given Attribute-Name
9 %{request:Attribute-Name} The value of value the given
10 Attribute-Name in the request packet
11 %{reply:Attribute-Name} The value of the given Attribute-Name
13 %{proxy-request:Attribute-Name} The value of the given Attribute-Name
14 in the proxy request packet (if it exists)
15 %{proxy-reply:Attribute-Name} The value of the given Attribute-Name
16 in the proxy reply packet (if it exists)
18 The above variable expansions also support the meta-Attribute
19 Packet-Type as well. See the RADIUS dictionary for details on its
22 %{check:Attribute-Name} Corresponding value for Attribute-Name
23 in check items for request
26 %{config:section.subsection.item} Corresponding value in 'radiusd.conf'
27 for the string value of that item.
29 The %{config:...} variables should be used VERY carefully, as they
30 may leak secret information from your RADIUS server, if you use them
31 in reply attributes to the NAS!
35 %{User-Name} The string value of the User-Name attribute.
36 %{proxy-reply:Framed-Protocol} The string value of the Framed-Protocol
37 attribute, from the proxy reply.
38 %{config:modules.unix.passwd} The string value of the 'passwd' configuration
39 item in the 'unix' module, in the 'modules'
40 section of radiusd.conf.
42 The variables are used in dynamically translated strings. Most of
43 the configuration entries in radiusd.conf (and related files) will do
44 dynamic string translation. To do the same dynamic translation in a
45 RADIUS attribute (when pulling it from a database, or "users" file),
46 you must put the string into an back-quoted string:
48 Session-Timeout = `%{expr: 2 + 3}`
50 To do the dynamic translation in the 'radiusd.conf' (or some other
51 configuration files), just use the variable as-is. See 'radiusd.conf'
58 Additionally, you can use conditional syntax similar to ${foo:-bar} as
59 defined in 'sh'. For example:
62 When attribute Foo is set: returns value of Foo
63 When attribute Foo is unset: returns literal string 'bar'
66 When attribute Foo is set: returns value of attribute Foo
67 When attribute Foo is unset: returns value of attribute Bar (if any)
69 3. %{Foo:-%{Bar:-baz}}
70 When attribute Foo is set: returns value of attribute Foo
71 When attribute Foo is unset: returns value of attribute Bar (if any)
72 When attribute Bar is unset: returns literal string 'baz'
75 Attributes as environment variables in executed programs
76 --------------------------------------------------------
78 When calling an external program (e.g. from Exec-Program-Wait), these
79 variables can be passed on the command line to the program. In
80 addition, the server places all of the attributes in the RADIUS
81 request into environment variables for the external program. The
82 variables are renamed under the following rules:
84 1. All letters are made upper-case.
86 2. All hyphens '-' are turned into underscores '_'
88 so the attribute User-Name can be passed on the command line to the
89 program as %{User-Name}, or used inside the program as the environment
90 variable USER_NAME (or $USER_NAME for shell scripts).
92 If you want to see the list of all of the variables, try adding a
93 line 'printenv > /tmp/exec-program-wait' to the script. Then look in
94 the file for a complete list of variables.
97 One-character variables
98 -----------------------
100 The following one-character variables are also defined. However, they
101 are duplicates of the previous general cases, and are only provided
102 for backwards compatibility. They WILL BE removed in a future
103 release. They also do NOT permit the use of conditional syntax
104 (':-'), as described above.
107 Variable Description Proper Equivalent
108 -------- ----------- ----------------
109 %a Protocol (SLIP/PPP) %{Framed-Protocol}
110 %c Callback-Number %{Callback-Number}
112 %f Framed IP address %{Framed-IP-Address}
113 %i Calling Station ID %{Calling-Station-Id}
115 %m request month (MM)
116 %n NAS IP address %{NAS-IP-Address}
117 %p Port number %{NAS-Port}
118 %s Speed (PW_CONNECT_INFO) %{Connect-Info}
119 %t request in ctime format
120 %u User name %{User-Name}
121 %A radacct_dir %{config:radacctdir}
123 %D request date (YYYYMMDD)
125 %L radlog_dir %{config:logdir}
127 %R radius_dir %{config:raddbdir}
132 %U Stripped User name %{Stripped-User-Name}
133 %V Request-Authenticator
135 %Y request year (YYYY)
136 %Z All request attributes
138 (must have a big buffer)