4.2.4 ATTRIBUTE statement

Syntax

ATTRIBUTE  name  number  type [vendor] [flags]

Usage

The ATTRIBUTE statement defines the internal representation of an attribute: its symbolic name, data type and syntactical usage. Its parts have the following meaning:

name

The attribute name.

number

The attribute ID (number).

type

The attribute type.

vendor

Vendor name for vendor-specific attributes. For usual attributes this field is empty or contains a dash (‘-’). The latter usage is for compatibility with previous version of GNU Radius

flags

Flags, defining attribute properties (see Attributes).

The attribute property flags consist of a sequence of letters, whose meaning is determined by the following rules: ²

1. The attribute usage is described by three pairs of symbols, enclosed in square brackets. Each pair describes how the attribute can be used in each of three configuration files. The first pair corresponds to raddb/users, the second one corresponds to raddb/hints, and the third one corresponds to raddb/huntgroups. Within each pair, the letter ‘L’ in first position means that the attribute is allowed in LHS of a rule. The letter ‘R’ in second position means that the attribute is allowed in RHS of a rule. The absence of any of these letters is indicated by dash (‘-’). Thus, the following usage specification:

           [L--RLR]
   

   means that the attribute may be used in LHS of a rule in raddb/users, in RHS of a rule in raddb/hints, and in both sides of a rule in raddb/huntgroups.

2. The attribute additivity is described by one of the following letters:

   =

   Additivity = Replace

   +

   Additivity = Append

   N

   Additivity = None

3. The presence of letter ‘P’ in property flags raises the propagation bit.
4. Letter ‘l’ (lower-case ell) enables logging the given attribute in detail file (see Detailed Request Accounting). This is meaningful only for internal attributes, i.e. the ones whose decimal value is greater than 255 (see Radius Internal Attributes). By default such attributes do not appear in detailed logs. The flag ‘l’ reverts this behavior.
5. Letter ‘E’ marks attributes encrypted as described in RFC 2138. Currently these are User-Password and CHAP-Password.
6. Letter ‘T’ marks attribute encrypted according to RFC 2868.
7. The characters from ‘1’ to ‘9’ denote nine user-defined flags (see Extended Comparison).

Example

ATTRIBUTE  Service-Type  6 integer - [LR-RLR]=P

This statement declares that the attribute number 6 will be referred to by the symbolic name ‘Service-Type’. The attribute is of integer data type and it may be used in any part of matching rules, except in LHS of a raddb/hints rule. The additivity of Service-Type is set to ‘Replace’. The attribute will be propagated through the proxy chain.