Run-time variables
------------------
- The run-time variables defined by the server are:
-
- %{Attribute-Name} The value of the given Attribute-Name
- in the request packet
-
- %{request:Attribute-Name} The value of value the given
- Attribute-Name in the request packet
- %{reply:Attribute-Name} The value of the given Attribute-Name
- in the reply packet
- %{proxy-request:Attribute-Name} The value of the given Attribute-Name
- in the proxy request packet (if it exists)
- %{proxy-reply:Attribute-Name} The value of the given Attribute-Name
- in the proxy reply packet (if it exists)
-
- The above variable expansions also support the meta-Attribute
-Packet-Type as well. See the RADIUS dictionary for details on its
-values.
-
- %{check:Attribute-Name} Corresponding value for Attribute-Name
- in check items for request
-
+ See "man unlang" for more complete documentation on the run-time
+variables. This file is here only for historical purposes.
+
+
+ The above variable expansions also support the following
+meta-attributes. These are not normal RADIUS attributes, but are
+created by the server to be used like them, for ease of use. They can
+only be queried, and cannot be assigned.
+
+ Packet-Type RADIUS packet type (Access-Request, etc.)
+
+ Packet-Src-IP-Address IP address from which the packet was sent
+
+ Packet-Dst-IP-Address IP address to which the packet was sent
+ This may be "0.0.0.0", if the server
+ was configured with "bind_address = *".
+
+ Packet-Src-Port UDP port from which the packet was sent
+
+ Packet-Dst-Port UDP port to which the packet was sent.
%{config:section.subsection.item} Corresponding value in 'radiusd.conf'
for the string value of that item.
may leak secret information from your RADIUS server, if you use them
in reply attributes to the NAS!
- e.g.
- %{User-Name} The string value of the User-Name attribute.
- %{proxy-reply:Framed-Protocol} The string value of the Framed-Protocol
- attribute, from the proxy reply.
- %{config:modules.unix.passwd} The string value of the 'passwd' configuration
- item in the 'unix' module, in the 'modules'
- section of radiusd.conf.
+DEFAULT User-Name =~ "^([^@]+)@(.*)"
+ All-That-Matched = `%{0}`
+ Just-The-User-Name = `%{1}`
+ Just-The-Realm-Name = `%{2}`
+
The variables are used in dynamically translated strings. Most of
the configuration entries in radiusd.conf (and related files) will do
for examples.
- Conditional syntax
- --------------------
-
- Additionally, you can use conditional syntax similar to ${foo:-bar} as
-defined in 'sh'. For example:
-
- 1. %{Foo:-bar}
- When attribute Foo is set: returns value of Foo
- When attribute Foo is unset: returns literal string 'bar'
-
- 2. %{Foo:-%{Bar}}
- When attribute Foo is set: returns value of attribute Foo
- When attribute Foo is unset: returns value of attribute Bar (if any)
-
- 3. %{Foo:-%{Bar:-baz}}
- When attribute Foo is set: returns value of attribute Foo
- When attribute Foo is unset: returns value of attribute Bar (if any)
- When attribute Bar is unset: returns literal string 'baz'
-
-
Attributes as environment variables in executed programs
--------------------------------------------------------
- When calling an external program (e.g. from Exec-Program-Wait), these
-variables can be passed on the command line to the program. In
-addition, the server places all of the attributes in the RADIUS
-request into environment variables for the external program. The
+ When calling an external program (e.g. from 'rlm_exec' module),
+these variables can be passed on the command line to the program.
+In addition, the server places all of the attributes in the RADIUS
+request into environment variables for the external program. The
variables are renamed under the following rules:
1. All letters are made upper-case.