4
See "man unlang" for more complete documentation on the run-time
5
variables. This file is here only for historical purposes.
8
The above variable expansions also support the following
9
meta-attributes. These are not normal RADIUS attributes, but are
10
created by the server to be used like them, for ease of use. They can
11
only be queried, and cannot be assigned.
13
Packet-Type RADIUS packet type (Access-Request, etc.)
15
Packet-Src-IP-Address IP address from which the packet was sent
17
Packet-Dst-IP-Address IP address to which the packet was sent
18
This may be "0.0.0.0", if the server
19
was configured with "bind_address = *".
21
Packet-Src-Port UDP port from which the packet was sent
23
Packet-Dst-Port UDP port to which the packet was sent.
25
%{config:section.subsection.item} Corresponding value in 'radiusd.conf'
26
for the string value of that item.
28
The %{config:...} variables should be used VERY carefully, as they
29
may leak secret information from your RADIUS server, if you use them
30
in reply attributes to the NAS!
33
DEFAULT User-Name =~ "^([^@]+)@(.*)"
34
All-That-Matched = `%{0}`
35
Just-The-User-Name = `%{1}`
36
Just-The-Realm-Name = `%{2}`
39
The variables are used in dynamically translated strings. Most of
40
the configuration entries in radiusd.conf (and related files) will do
41
dynamic string translation. To do the same dynamic translation in a
42
RADIUS attribute (when pulling it from a database, or "users" file),
43
you must put the string into an back-quoted string:
45
Session-Timeout = `%{expr: 2 + 3}`
47
To do the dynamic translation in the 'radiusd.conf' (or some other
48
configuration files), just use the variable as-is. See 'radiusd.conf'
52
Attributes as environment variables in executed programs
53
--------------------------------------------------------
55
When calling an external program (e.g. from 'rlm_exec' module),
56
these variables can be passed on the command line to the program.
57
In addition, the server places all of the attributes in the RADIUS
58
request into environment variables for the external program. The
59
variables are renamed under the following rules:
61
1. All letters are made upper-case.
63
2. All hyphens '-' are turned into underscores '_'
65
so the attribute User-Name can be passed on the command line to the
66
program as %{User-Name}, or used inside the program as the environment
67
variable USER_NAME (or $USER_NAME for shell scripts).
69
If you want to see the list of all of the variables, try adding a
70
line 'printenv > /tmp/exec-program-wait' to the script. Then look in
71
the file for a complete list of variables.
74
One-character variables
75
-----------------------
77
The following one-character variables are also defined. However, they
78
are duplicates of the previous general cases, and are only provided
79
for backwards compatibility. They WILL BE removed in a future
80
release. They also do NOT permit the use of conditional syntax
81
(':-'), as described above.
84
Variable Description Proper Equivalent
85
-------- ----------- ----------------
86
%a Protocol (SLIP/PPP) %{Framed-Protocol}
87
%c Callback-Number %{Callback-Number}
89
%f Framed IP address %{Framed-IP-Address}
90
%i Calling Station ID %{Calling-Station-Id}
93
%n NAS IP address %{NAS-IP-Address}
94
%p Port number %{NAS-Port}
95
%s Speed (PW_CONNECT_INFO) %{Connect-Info}
96
%t request in ctime format
97
%u User name %{User-Name}
98
%A radacct_dir %{config:radacctdir}
100
%D request date (YYYYMMDD)
102
%L radlog_dir %{config:logdir}
104
%R radius_dir %{config:raddbdir}
109
%U Stripped User name %{Stripped-User-Name}
110
%V Request-Authenticator
112
%Y request year (YYYY)
113
%Z All request attributes
115
(must have a big buffer)