FreeRADIUS 3.0.12: SQL xlat return back-quoted value in response

Alexey Dotsenko lex at
Wed Dec 21 14:57:25 CET 2016

Stefan Paetow писал 2016-12-21 13:26:
>> | 50 | ras       | Cisco-AVPair | += | %{exec: /usr/bin/echo -n 
>> %{User-Name}}                |
> No, you don't store the %{exec:...} in the table. You use something 
> like this:
> update reply {
>     Cisco-AVPair += "%{exec:/usr/bin/echo -n %{User-Name}}"
> }

Greetings Stefan

I know about ulang functionality in the FR configuration files, and I 
successfully use it in my installation.
But my question relates to runtime attributes and modules expansion 
(xlat) in the sql check/reply tables.
In FR 2.x this functionality was available. It could be possible to 
specify the attribute (`%{User-Name}` for example) or module 
(`%{sql:SELECT value FROM macfilter WHERE username=\'%{User-Name}\'}}` 
for example) in 'value' column of sql check/reply table. And these 
values was interpreted at run time - exactly the same as ulang rules in 
config files. Back-ticks in this case, provides an indication to xlat.

In FR 3 this functionality was broken. And was corrected only in the 
version 3.0.12. But not completely - value after the expansion is 
returned enclosed in back-quotes.

Best regards,
Alex Dotsenko.

More information about the Freeradius-Users mailing list