The variables defined by the server are: %{Attribute-Name} Corresponding value for Attribute-Name in request %{request:Attribute-Name} Corresponding value for Attribute-Name in request %{reply:Attribute-Name} Corresponding value for Attribute-Name in reply %{proxy-reply:Attribute-Name} Corresponding value for Attribute-Name in the proxy reply (if it exists) %{config:section.subsection.item} Corresponding value in 'radiusd.conf' for the string value of that item. The %{config:...} variables should be used VERY carefully, as they may leak secret information from your RADIUS server, if you use them in reply attributes to the NAS! e.g. %{User-Name} The string value of the User-Name attribute. %{proxy-reply:Framed-Protocol} The string value of the Framed-Protocol attribute, from the proxy reply. %{config:modules.unix.passwd} The string value of the 'passwd' configuration item in the 'unix' module, in the 'modules' section of radiusd.conf. Additionally, you can use conditional syntax similar to ${foo:-bar} as defined in 'sh'. For example: 1. %{Foo:-bar} When attribute Foo is set: returns value of Foo When attribute Foo unset: returns literal string 'bar' 2. %{Foo:-%{Bar}} When attribute Foo is set: returns value of attribute Foo When attribute Foo unset: returns value of attribute Bar (if any) 3. %{Foo:-%{bar:-baz}} When attribute Foo is set: returns value of attribute Foo When attribute Foo unset: returns value of attribute Bar (if any) When attribute Bar unset: returns literal string 'baz' When calling an external program (e.g. from Exec-Program-Wait), these variables can be passed on the command line to the program. In addition, the server places all of the attributes in the RADIUS request into environment variables for the external program. The variables are renamed under the following rules: 1. All letters are made upper-case. 2. All hyphens '-' are turned into underscores '_' so the attribute User-Name can be passed on the command line to the program as %{User-Name}, or used inside the program as the environment variable USER_NAME (or $USER_NAME for shell scripts). If you want to see the list of all of the variables, try adding a line 'printenv > /tmp/exec-program-wait' to the script. Then look in the file for a complete list of variables. The following one-character variables are also defined. However, they are duplicates of the previous general cases, and are only provided for backwards compatibility. They WILL BE removed in a future release. They also do NOT permit the use of conditional syntax (':-'), as described above. Variable Description Proper Equivalent -------- ----------- ---------------- %a Protocol (SLIP/PPP) %{Framed-Protocol} %c Callback-Number %{Callback-Number} %d request day (DD) %f Framed IP address %{Framed-IP-Address} %i Calling Station ID %{Calling-Station-Id} %l request timestamp %m request month (MM) %n NAS IP address %{NAS-IP-Address} %p Port number %{NAS-Port-Id} %s Speed (PW_CONNECT_INFO) %{Connect-Info} %t request in ctime format %u User name %{User-Name} %A radacct_dir %{config:radacctdir} %C clientname %D request date (YYYYMMDD) %H request hour %L radlog_dir %{config:logdir} %M MTU %{Framed-MTU} %R radius_dir %{config:raddbdir} %S request timestamp in SQL format %T request timestamp in database format %U Stripped User name %{Stripped-User-Name} %V Request-Authenticator (Verified/None) %Y request year (YYYY) %Z All request attributes except password (must have a big buffer)