-The variables defined by the server are:
-
- %{Attribute-Name} Corresponding value for Attribute-Name
- in the request packet
- %{request:Attribute-Name} Corresponding value for Attribute-Name
- in the request packet
- %{reply:Attribute-Name} Corresponding value for Attribute-Name
- in the reply packet
- %{proxy-request:Attribute-Name} Corresponding value for Attribute-Name
- in the proxy request packet (if it exists)
- %{proxy-reply:Attribute-Name} Corresponding value for Attribute-Name
- in the proxy reply packet (if it exists)
-
- The above support the meta-Attribute Packet-Type as well. See the RADIUS
-dictionary for details.
-
- %{check:Attribute-Name} Corresponding value for Attribute-Name
- in check items for request
-
+ Run-time variables
+ ------------------
+
+ See "man unlang" for more complete documentation on the run-time
+variables. This file is here only for historical purposes.
+
+
+ The above variable expansions also support the following
+meta-attributes. These are not normal RADIUS attributes, but are
+created by the server to be used like them, for ease of use. They can
+only be queried, and cannot be assigned.
+
+ Packet-Type RADIUS packet type (Access-Request, etc.)
+
+ Packet-Src-IP-Address IP address from which the packet was sent
+
+ Packet-Dst-IP-Address IP address to which the packet was sent
+ This may be "0.0.0.0", if the server
+ was configured with "bind_address = *".
+
+ Packet-Src-Port UDP port from which the packet was sent
+
+ Packet-Dst-Port UDP port to which the packet was sent.
%{config:section.subsection.item} Corresponding value in 'radiusd.conf'
for the string value of that item.
may leak secret information from your RADIUS server, if you use them
in reply attributes to the NAS!
- e.g.
- %{User-Name} The string value of the User-Name attribute.
- %{proxy-reply:Framed-Protocol} The string value of the Framed-Protocol
- attribute, from the proxy reply.
- %{config:modules.unix.passwd} The string value of the 'passwd' configuration
- item in the 'unix' module, in the 'modules'
- section of radiusd.conf.
+DEFAULT User-Name =~ "^([^@]+)@(.*)"
+ All-That-Matched = `%{0}`
+ Just-The-User-Name = `%{1}`
+ Just-The-Realm-Name = `%{2}`
-Variables are used in dynamically translated strings. Most of the
-configuration entries in radiusd.conf (and related files) will do
-dynamic string translation. To do the same dynamic translation in
-RADIUS attributes, you must put the string into an back-quoted string:
+
+ The variables are used in dynamically translated strings. Most of
+the configuration entries in radiusd.conf (and related files) will do
+dynamic string translation. To do the same dynamic translation in a
+RADIUS attribute (when pulling it from a database, or "users" file),
+you must put the string into an back-quoted string:
Session-Timeout = `%{expr: 2 + 3}`
-To do the dynamic translation in the 'radiusd.conf' (or some other
+ To do the dynamic translation in the 'radiusd.conf' (or some other
configuration files), just use the variable as-is. See 'radiusd.conf'
for examples.
-Additionally, you can use conditional syntax similar to ${foo:-bar} as
-defined in 'sh'. For example:
-
- 1. %{Foo:-bar}
- When attribute Foo is set: returns value of Foo
- When attribute Foo unset: returns literal string 'bar'
-
- 2. %{Foo:-%{Bar}}
- When attribute Foo is set: returns value of attribute Foo
- When attribute Foo unset: returns value of attribute Bar (if any)
-
- 3. %{Foo:-%{bar:-baz}}
- When attribute Foo is set: returns value of attribute Foo
- When attribute Foo unset: returns value of attribute Bar (if any)
- When attribute Bar unset: returns literal string 'baz'
+ Attributes as environment variables in executed programs
+ --------------------------------------------------------
-
-When calling an external program (e.g. from Exec-Program-Wait), these
-variables can be passed on the command line to the program. In
-addition, the server places all of the attributes in the RADIUS
-request into environment variables for the external program. The
+ When calling an external program (e.g. from 'rlm_exec' module),
+these variables can be passed on the command line to the program.
+In addition, the server places all of the attributes in the RADIUS
+request into environment variables for the external program. The
variables are renamed under the following rules:
1. All letters are made upper-case.
program as %{User-Name}, or used inside the program as the environment
variable USER_NAME (or $USER_NAME for shell scripts).
-If you want to see the list of all of the variables, try adding a line
-'printenv > /tmp/exec-program-wait' to the script. Then look in the
-file for a complete list of variables.
+ If you want to see the list of all of the variables, try adding a
+line 'printenv > /tmp/exec-program-wait' to the script. Then look in
+the file for a complete list of variables.
+
-The following one-character variables are also defined. However, they
+ One-character variables
+ -----------------------
+
+ The following one-character variables are also defined. However, they
are duplicates of the previous general cases, and are only provided
for backwards compatibility. They WILL BE removed in a future
release. They also do NOT permit the use of conditional syntax
%l request timestamp
%m request month (MM)
%n NAS IP address %{NAS-IP-Address}
- %p Port number %{NAS-Port-Id}
+ %p Port number %{NAS-Port}
%s Speed (PW_CONNECT_INFO) %{Connect-Info}
%t request in ctime format
%u User name %{User-Name}
%Z All request attributes
except password
(must have a big buffer)
+
+ $Id$