[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

4.2.4 ATTRIBUTE statement


ATTRIBUTE  name  number  type [vendor] [flags]


The ATTRIBUTE statement defines the internal representation of an attribute: its symbolic name, data type and syntactical usage. Its parts have the following meaning:


The attribute name.


The attribute ID (number).


The attribute type.


Vendor name for vendor-specific attributes. For usual attributes this field is empty or contains a dash (‘-’). The latter usage is for compatibility with previos version of GNU Radius


Flags, defining attribute properties (see section Attributes).

The attribute property flags consist of a sequence of letters, whose meaning is determined by the following rules: (2)

  1. The attribute usage is described by three pairs of symbols, enclosed in square brackets. Each pair describes how the attribute can be used in each of three configuration files. The first pair corresponds to ‘raddb/users’, the second one corresponds to ‘raddb/hints’, and the third one corresponds to ‘raddb/huntgroups’. Within each pair, the letter ‘L’ in first position means that the attribute is allowed in LHS of a rule. The letter ‘R’ in second position means that the attribute is allowed in RHS of a rule. The absence of any of these letters is indicated by dash (‘-’). Thus, the following usage specification:

    means that the attribute may be used in LHS of a rule in ‘raddb/users’, in RHS of a rule in ‘raddb/hints’, and in both sides of a rule in ‘raddb/huntgroups’.

  2. The attribute additivity is described by one of the following letters:

    Additivity = Replace


    Additivity = Append


    Additivity = None

  3. The presence of letter ‘P’ in property flags raises the propagation bit.
  4. Letter ‘l’ (lower-case ell) enables logging the given attribute in detail file (see section Detailed Request Accounting). This is meaningful only for internal attributes, i.e. the ones whose decimal value is greater than 255 (see section Radius Internal Attributes). By default such attributes do not appear in detailed logs. The flag ‘l’ reverts this behavior.
  5. Letter ‘E’ marks attributes encrypted as described in RFC 2138. Currently these are User-Password and CHAP-Password.
  6. Letter ‘T’ marks attribute encrypted according to RFC 2868.
  7. The characters from ‘1’ to ‘9’ denote nine user-defined flags (see section Extended Comparison).


ATTRIBUTE  Service-Type  6 integer - [LR-RLR]=P 

This statement declares that the attribute number 6 will be referred to by the symbolic name ‘Service-Type’. The attribute is of integer data type and it may be used in any part of matching rules, except in LHS of a ‘raddb/hints’ rule. The additivity of Service-Type is set to ‘Replace’. The attribute will be propagated through the proxy chain.

[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

This document was generated by Sergey Poznyakoff on December, 6 2008 using texi2html 1.78.