not logged in | [Login]
Always use radiusd -X when debugging!
Also see the related list of run-time variables.
| name | description |
|---|---|
| attr | attribute name of an attribute reference |
| attr_num | attribute number of an attribute reference |
| debug_attr | print to debug output all instances of current attribute, or all attributes in a list; expands to a zero-length string |
| debug | dynamically change the debug level for the current request |
| hex | convert to hex |
| integer | convert to integer |
| length | size of the given attributes in bytes |
| map | processes data as a map string and applies to the current request |
| module | returns current module processing the request |
| regex | return named subcapture value from previous regex |
| string | convert data to a string if possible |
| strlen | length of given string "%{strlen:Hello}" == 5
|
| tag | tag of an attribute reference |
| vendor_num | vendor number of an attribute reference |
| vendor | vendor of an attribute reference |
| xlat | xlat expand given string value |
The following xlats are provided by particular modules, so the module will need to be instantiated before the xlat will be available to use.
xlat names marked with an asterisk (*) take the name of the module instantiation, so may change from that listed here if different instantiations are used.
| name | description |
|---|---|
| cache* | retrieve single attribute values from the cache |
| name | description |
|---|---|
| date* | convert dates between different formats |
| name | description |
|---|---|
| exec* | execute external program |
| name | description |
|---|---|
| base64 | encode string as base64: "%{base64:foo}" == "Zm9v"
|
| base64tohex | convert base64 to hex: "%{base64tohex:Zm9v}" == "666f6f"
|
| escape | escape string similar to rlm_sql 'safe_characters': "%{escape:<img>foo.jpg</img>}" == "=60img=62foo.jpg=60/img=62"
|
| expr* | |
| explode | split an attribute into multiple new attributes based on a delimiter: "%{explode:&ref <delim>}"
|
| hmacmd5 | generate HMAC-MD5 of string: "%{hmacmd5:foo bar}" == "31b6db9e5eb4addb42f1a6ca07367adc"
|
| hmacsha1 | generate HMAC-SHA1 of string: "%{hmacsha1:foo bar}" == "85d155c55ed286a300bd1cf124de08d87e914f3a"
|
| lpad | left-pad a string: if User-Name is "foo": "%{lpad:&User-Name 6 x}" == "xxxfoo"
|
| md5 | get md5sum hash: "%{md5:foo}" == "acbd18db4cc2f85cedef654fccc4a4d8"
|
| nexttime | calculate number of seconds until next n hour(s), day(s), week(s), year(s), e.g. if it were 16:18, %{nexttime:1h} would expand to 2520
|
| pairs | serialize attributes as comma-delimited string: "%{pairs:request:}" == "User-Name = 'foo', User-Password = 'bar', ..."
|
| rand | get random number from 0 to n-1 "%{rand:10}" == "9"
|
| randstr | get random string built from character classes (see below) |
| rpad | right-pad a string: if User-Name is "foo": "%{rpad:&User-Name 5 -}" == "foo--"
|
| sha1 | get sha1 hash: "%{sha1:foo}" == "0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33"
|
| sha256 | get sha256 hash: "%{sha256:foo}" == "2c26b46b68ffc68ff99b453c1d30413413422d706..."
|
| sha512 | get sha512 hash: "%{sha512:foo}" == "f7fbba6e0636f890e56fbbf3283e524c6fa3204ae29838..."
|
| tolower | convert to lowercase: "%{tolower:Bar}" == "bar"
|
| toupper | convert to uppercase: "%{toupper:Foo}" == "FOO"
|
| unescape | reverse of escape: "%{unescape:=60img=62foo.jpg=60/img=62}" == "<img>foo.jpg</img>"
|
| urlquote | quote special characters in URI: "%{urlquote:http://example.org/}" == "http%3A%47%47example.org%47"
|
| urlunquote | unquote URL special characters: "%{urlunquote:http%%3A%%47%%47example.org%%47}" == "http://example.org/"
|
Characters that can be used in randstr are:
| character | class |
|---|---|
| c | lowercase letters |
| C | uppercase letters |
| n | numbers |
| a | alphanumeric |
| ! | punctuation |
| . | alphanumeric + punctuation |
| s | alphanumeric + "./" |
| o | characters suitable for OTP (easily confused removed) |
| h | binary data as lowercase hex |
| H | binary data as uppercase hex |
Examples:
"%{randstr:CCCC!!cccnnn}" == "IPFL>{saf874"
"%{randstr:oooooooo}" == "rfVzyA4y"
"%{randstr:hhhh}" == "68d60de3"
| name | description |
|---|---|
| idn* | convert idn to ascii |
| name | description |
|---|---|
| ldap* | do an LDAP query |
| ldapquote | safely quote string for use in ldap query |
| name | description |
|---|---|
| mschap* | extract ms-chap data from the request, e.g. "%{mschap:User-Name}" or "%{mschap:Challenge}"
|
| name | description |
|---|---|
| perl* | call perl xlat function defined in func_xlat
|
| name | description |
|---|---|
| redis* | run a redis query: "%{redis:GET mykey}"
|
| name | description |
|---|---|
| rest* | retrieve text data from a URL |
| jsonquote | quote data for use in JSON |
| name | description |
|---|---|
| soh* | translate SoH data, currently just "%{soh:OS}"
|
| name | description |
|---|---|
| sql* | execute an SQL query, e.g. `"%{sql:SELECT user FROM users WHERE field = '%{Attribute-Name}';}%" |
| name | description |
|---|---|
| unbound*-a | lookup an A record in the DNS |
| unbound*-aaaa | lookup an AAAA record in the DNS |
| unbound*-ptr | lookup a PTR record in the DNS |
| name | description |
|---|---|
| unpack | unpack attribute data, e.g. "%{unpack:&Class 0 integer}" expands 4 octets at position 0 as an integer |
| name | description |
|---|---|
| modhextohex | convert Yubikey modhex to standard hex, e.g. "%{modhextohex:vvrbuctetdhc}" == "ffc1e0d3d260"
|
These are provided by proto_dhcp:
| name | description |
|---|---|
| client | provides per-client config options i.e. %{client:ipaddr} or %{client:mymadeupoption} |
| dhcp | |
| dhcp_options |
Last edited by Matthew Newton (mcnewton), 2018-03-21 11:27:15
Sponsored by Network RADIUS 