3.3. Special characters Previous topic Parent topic Child topic Next topic

Wherever you can specify a file name in the Radiator configuration file, you can use some special characters in the path name. These special characters can also be used in a number of other configuration file parameters. These special characters will be replaced at run time, so you can dynamically change file paths and the like so they depend on such things as the date, realm, user name, and so on.
Special characters are introduced by a %, followed by a single character. Different characters are replaced at run-time by different information. The following special characters are available:

Table 1. Special characters, which are replaced from the current time according to the Radiator host

Specifier Replacement
%1 Current time in long format, for example, Thu Jul 1 08:38:21 1999
%B Current time in common SQL date time format, for example, Sep 12, 2003 15:48
%G Current time in extended SQL date format including seconds, for example, Sep 12, 2003 15:48:59
%t Current time in seconds since Jan 1, 1970
%S Current second (00-59)
%M Current minute (00-59)
%H Current hour (00-23)
%d Current day of the month (2 digits)
%m Current month number (2 digits, 01-12)
%Y Current year (4 digits)
%y Last 2 digits of the current year (2 digits)
%q Day of the week, abbreviated (for example, Sun, Mon, Tue)
%Q Day of the week (for example, Sunday, Monday, Tuesday)
%v Month of the year, abbreviated (for example, Jan, Feb, Mar)
%V Month of the year (for example, January, February, March)
%s Microseconds in the current second
%O The server instance number, when FarmSize is used to specify a server farm. 0 is the main (supervising) server.

Table 2. Special characters, which are replaced from the timestamp of the current packet

Specifier Replacement
%o Timestamp in long format, for example, Thu Jul 1 08:38:21 1999
%A Timestamp in common SQL date time format, for example, Sep 12, 2003 15:48
%J Timestamp in another common SQL date time format, for example, 2003-09-12 15:48:00
%F Timestamp in extended SQL date format including seconds, for example, Sep 12, 2003 15:48:59
%b Timestamp in seconds since Jan 1 1970
%p Timestamp second (0-59)
%k Timestamp minute (0-59)
%j Timestamp hour (0-23)
%i Timestamp day of the month (2 digits)
%g Timestamp month number (2 digits)
%f Timestamp year (4 digits)
%e Last 2 digits of the timestamp year (2 digits)
%E The elapsed time in seconds since the packet was received. Can be used, for example, to log processing time for proxied packets.

Table 3. Special characters, which are replaced with other information of the current request

Specifier Replacement
%c IP address of the client who sent the current request, if any
%C Client name of the client who sent the current request, if any.
Note
This does a reverse name lookup on the address and depending on your environment, this may take a number of seconds to resolve.
%R The realm of the user name in the current request, if any, after any RewriteUsername is applied. This is everything following the first @ sign in the User-Name
%K The trailing realm of the user name named in the current request, if any, after any RewriteUsername is applied. This is everything following the last @ sign in the User-Name
%N NAS-IP-Address in the current request, if any
%n Full User-Name, including the realm, currently being authenticated, after any RewriteUsername is applied
%U User-Name currently being authenticated with the realm, if any, stripped off, after any RewriteUsername is applied
%u Full original User-Name that was received, before any RewriteUsername is applied
%w User name part of the full original user name before any RewriteUsername rules were applied
%W Realm part of the full original user name before any RewriteUsername rules were applied
%P Decrypted User-Password from the current request
%T Request type of the current request, if any. This may be, for example, Access-Request or Accounting- Request.
%z User-Name in the current packet, hashed with MD5.
%I NAS identifier as an integer instead of dotted decimal character string, useful for speeding up SQL queries
%X EAP identity of the EAP request, with any trailing @realm stripped off
%x EAP identity of the EAP request
%Z The RADIUS Identifier of the incoming request
%{attr} The value of the named attribute in the current packet (if any). For example, %{User-Name} is the same as %n

Table 4. Miscellaneous special characters

Specifier Replacement
%% Percent character
%r Literal newline character
%D Value of DbDir as configured in your Radiator configuration file
%L Value of LogDir as configured in your Radiator configuration file
%h Hostname this server is running on
%{Special:X} Same as %X, where X is any of the single special characters listed above. For example, %{Special:a} will produce the same result as just %a
%{GlobalVar:name} The value of the global variable called name. Global variables can be set with name=value on the command line, or with “DefineFormattedGlobalVar name value” in the configuration file. If the variable "name" has not been defined, replaced with an empty string.
%a Framed-IP-Address in the reply message being created, if any
%{Request:name} Value of the named attribute in the current request, if any. This is the same as just %{name}, but may be used instead for clarity.
%{OuterRequest:name} Value of the named attribute in the outer request, of the current request, if any. May be used where the request has been tunnelled using PEAP or TTLS.
%{Reply:name} Value of the named attribute in the reply currently being created, if any. For example, %{Reply:Framed-IP-Address} is the same as %a. If there is no current reply, or the attribute is not present in the reply, replaced with an empty string
%{RequestAttrs:name} All values of the named attribute in the current request, separated by commas
%{OuterRequestAttrs:name} All values of the named attribute in the outer request of the current request, separated by commas
%{ReplyAttrs:name} All values of the named attribute in the current reply, separated by commas
%{Client:name} Value of the named parameter from the Client clause that accepted the current packet, if any.
%{Handler:name} Value of the named parameter from the Handler clause that is handling the current packet, if any.
%{AuthBy:name} Value of the named parameter from the AuthBy clause that is handling the current packet, if any.
%{Server:name} Value of the named parameter from the global server configuration, for example, %{Server:Trace} is replaced by the current value of the global Trace parameter.
%{RequestVar:name} Value of the current request object similar to Client, Handler, and AuthBy specials above.
%{ReplyVar:name} Value of the current reply object similar to Client, Handler, and AuthBy specials above.
%{IntegerVal:name} Value of the named attribute in the current packet, if any, expressed as an integer, instead of as a value name from the dictionary, for example, %{IntegerVal:Tunnel- Type} is replaced by 3 if the Tunnel-Type is L2TP.
%{TimestampVal:number} Value of the current Unix time stamp + the number. Number can be a positive or negative integer, request attribute name ,or a special character. For example, %{TimestampVal:3000}, %{TimestampVal:Session-Timeout} or %{TimestampVal:%{Reply:Session-Timeout}}. This is useful for replacing hooks with formatters for calculating time stamps.
%{HexAddress:name} Replaced by the named IPv4 attribute in the current packet, if any, expressed as a hexadecimal string. For example, %{HexAddress: NAS-IP-Address} is replaced by CB3F9A01 if the NAS-IP-Address in the current request is 203.63.154.1.
%{Quote:somestring} When used with SQL modules, replaced by somestring quoted with the appropriate quoting style for the SQL database in use. For example, when used with a mysql database, %{Quote:somestring} is replaced by somestring.
%{SQL:identifier:query} Replaced with a value fetched from an SQL database. Looks for a previously defined AuthBy SQL clause with the Identifier of identifier and runs the SQL query given by query. The first row in the result will be used as the value of the special character. This type of lookup is done whenever the special character is evaluated.
%{EAPTLS:name} Value of named TLS session parameter for the current TLS-based EAP authentication. The valid parameter names are: Protocol, Cipher, Session_ID, Start_Time, and Timeout. For more information, see OpenSSL sess_id Opens in new window.
%0 - %99 Depending on the context, these may be replaced with context-specific values, which are documented in this reference manual.
Note that some of these specifiers are only valid when a RADIUS message is being processed. In any other context, such a specifier will be replaced by an empty string.
In the following example, the log file will be stored in LogDir, with a name that starts with the current year. If LogDir is /var/log and the current year was 1998, this would result in a log file name of /var/log/1998-logfile.
LogFile %L/%Y-logfile
Special characters of the form %{x:y} may be nested and contain other %{a:b} or %h special forms, such as %{x:%{y:z}}, or %{x:%h} This can be useful in an example, where the resulting Host parameter will be desthostname.com:
DefineFormattedGlobalVar hostname myhostname
DefineFormattedGlobalVar role myrolename
DefineFormattedGlobalVar myhostname_myrolename desthostname.com
.....
Host %{GlobalVar:%{GlobalVar:hostname}_%{GlobalVar:role}}
You can use the SQL form of the special characters to do arbitrarily complicated arithmetic in your special characters, even without doing a database lookup (although it will still use the database server to do the arithmetic):
Port sql:identifier:select (17 + 23) / SQRT(64)