Lua script context API reference for accessing AAA request data
Script Context API
The context object provides access to AAA request data through sub-contexts
and methods. See scripts for script structure, parameters, and examples.
Root Context
The root context object provides these fields and methods:
Fields
| Field | Type | Description |
|---|---|---|
id | string | Unique request identifier |
instance_id | string | Server instance identifier (for HA deployments) |
cluster_id | string? | Cluster identifier (if configured) |
version | string | Radiator server version |
hostname | string | Server hostname |
root | context? | Root context (for nested contexts) |
parent | context? | Parent context (for nested contexts) |
Nested Contexts
Nested contexts are created automatically during tunneled EAP methods like EAP-TTLS, PEAP, and EAP-TEAP. When inner authentication runs inside the TLS tunnel, a child context is created with:
parent— the outer tunnel's contextroot— the original request context (the outermost context)
For non-tunneled requests, both root and parent are nil.
The vars sub-context is shared between parent and child contexts, allowing
data to be passed between outer and inner authentication phases.
Sub-contexts
| Field | Type | Description |
|---|---|---|
aaa | aaa | AAA processing state |
acct | acct | Accounting data |
auth | auth | Authentication state |
cache | cache | Cache operations |
cert | cert | Certificate information |
eap | eap | EAP protocol data |
eap_teap | eap_teap | EAP-TEAP specific data |
eap_ttls | eap_ttls | EAP-TTLS specific data |
http | http | HTTP request/response |
radius | radius | RADIUS packet data |
radiusproxy | radiusproxy | RADIUS proxy data |
stats | stats | Process/system stats |
tacacsplus | tacacsplus | TACACS+ protocol data |
tls | tls | TLS connection info |
user | user | User data from backend |
vars | vars | Custom variables |
Methods
| Method | Parameters | Returns | Description |
|---|---|---|---|
log(name, message) | logger name, message | - | Write to named AAA logger |
backend(name, query?) | backend name, optional query | result | Execute backend query |
challenge(timeout, message?) | seconds, optional message | - | Send challenge and wait for response |
count(namespace) | namespace array | - | Increment a statistics counter |
map(name, value) | map name, lookup value | result? | Execute a named policy map lookup |