-The variables defined by the server are:
-
- %{Attribute-Name} Corresponding value for Attribute-Name
- in request
- %{request:Attribute-Name} Corresponding value for Attribute-Name
- in request
- %{reply:Attribute-Name} Corresponding value for Attribute-Name
- in reply
- %{proxy-reply:Attribute-Name} Corresponding value for Attribute-Name
- in the proxy reply (if it exists)
-
-Additionally, you can use syntax similar to ${foo:-bar} as defined in
-'sh'. For example:
-
- 1. %{Foo:-bar}
- When attribute Foo is set: returns value of Foo
- When attribute Foo unset: returns literal string 'bar'
-
- 2. %{Foo:-%{Bar}}
- When attribute Foo is set: returns value of attribute Foo
- When attribute Foo unset: returns value of attribute Bar (if any)
-
- 3. %{Foo:-%{bar:-baz}}
- When attribute Foo is set: returns value of attribute Foo
- When attribute Foo unset: returns value of attribute Bar (if any)
- When attribute Bar unset: returns literal string 'baz'
-
-
-When calling an external program (e.g. from Exec-Program-Wait), these
-variables can be passed on the command line to the program. In
-addition, the server places all of the attributes in the RADIUS
-request into environment variables for the external program. The
+ Run-time variables
+ ------------------
+
+ See "man unlang" for more complete documentation on the run-time
+variables. This file is here only for historical purposes.
+
+
+ The above variable expansions also support the following
+meta-attributes. These are not normal RADIUS attributes, but are
+created by the server to be used like them, for ease of use. They can
+only be queried, and cannot be assigned.
+
+ Packet-Type RADIUS packet type (Access-Request, etc.)
+
+ Packet-Src-IP-Address IP address from which the packet was sent
+
+ Packet-Dst-IP-Address IP address to which the packet was sent
+ This may be "0.0.0.0", if the server
+ was configured with "bind_address = *".
+
+ Packet-Src-Port UDP port from which the packet was sent
+
+ Packet-Dst-Port UDP port to which the packet was sent.
+
+ %{config:section.subsection.item} Corresponding value in 'radiusd.conf'
+ for the string value of that item.
+
+ The %{config:...} variables should be used VERY carefully, as they
+may leak secret information from your RADIUS server, if you use them
+in reply attributes to the NAS!
+
+
+DEFAULT User-Name =~ "^([^@]+)@(.*)"
+ All-That-Matched = `%{0}`
+ Just-The-User-Name = `%{1}`
+ Just-The-Realm-Name = `%{2}`
+
+
+ The variables are used in dynamically translated strings. Most of
+the configuration entries in radiusd.conf (and related files) will do
+dynamic string translation. To do the same dynamic translation in a
+RADIUS attribute (when pulling it from a database, or "users" file),
+you must put the string into an back-quoted string:
+
+ Session-Timeout = `%{expr: 2 + 3}`
+
+ To do the dynamic translation in the 'radiusd.conf' (or some other
+configuration files), just use the variable as-is. See 'radiusd.conf'
+for examples.
+
+
+ Attributes as environment variables in executed programs
+ --------------------------------------------------------
+
+ When calling an external program (e.g. from 'rlm_exec' module),
+these variables can be passed on the command line to the program.
+In addition, the server places all of the attributes in the RADIUS
+request into environment variables for the external program. The
variables are renamed under the following rules:
1. All letters are made upper-case.
program as %{User-Name}, or used inside the program as the environment
variable USER_NAME (or $USER_NAME for shell scripts).
+ If you want to see the list of all of the variables, try adding a
+line 'printenv > /tmp/exec-program-wait' to the script. Then look in
+the file for a complete list of variables.
+
+
+ One-character variables
+ -----------------------
-The following one-character variables are also defined. However, they
+ The following one-character variables are also defined. However, they
are duplicates of the previous general cases, and are only provided
-for backwards compatibility. They may be removed in a future
-release.
+for backwards compatibility. They WILL BE removed in a future
+release. They also do NOT permit the use of conditional syntax
+(':-'), as described above.
- %a Protocol (SLIP/PPP)
- %c Callback-Number
+
+ Variable Description Proper Equivalent
+ -------- ----------- ----------------
+ %a Protocol (SLIP/PPP) %{Framed-Protocol}
+ %c Callback-Number %{Callback-Number}
%d request day (DD)
- %f Framed IP address
- %i Calling Station ID
+ %f Framed IP address %{Framed-IP-Address}
+ %i Calling Station ID %{Calling-Station-Id}
%l request timestamp
%m request month (MM)
- %n NAS IP address
- %p Port number
- %s Speed (PW_CONNECT_INFO)
+ %n NAS IP address %{NAS-IP-Address}
+ %p Port number %{NAS-Port}
+ %s Speed (PW_CONNECT_INFO) %{Connect-Info}
%t request in ctime format
- %u User name
- %A radacct_dir
+ %u User name %{User-Name}
+ %A radacct_dir %{config:radacctdir}
%C clientname
%D request date (YYYYMMDD)
- %L radlog_dir
- %M MTU
- %R radius_dir
- %S request timestamp in SQL format
- %T request timestamp in database format
- %U Stripped User name
- %V Request-Authenticator (Verified/None)
+ %H request hour
+ %L radlog_dir %{config:logdir}
+ %M MTU %{Framed-MTU}
+ %R radius_dir %{config:raddbdir}
+ %S request timestamp
+ in SQL format
+ %T request timestamp
+ in database format
+ %U Stripped User name %{Stripped-User-Name}
+ %V Request-Authenticator
+ (Verified/None)
%Y request year (YYYY)
- %Z All request attributes except password (must have big buffer)
+ %Z All request attributes
+ except password
+ (must have a big buffer)
+
+ $Id$