SYNOPSIS

radmin [-d config_directory] [-e command] [-E] [-f socket_file] [-h] [-i input_file] [-n name] [-o output_file] [-q]

DESCRIPTION

FreeRADIUS Server administration tool that connects to the control socket of a running server, and gives a command-line interface to it.

At this time, only a few commands are supported. Please type "help" at the command prompt for detailed information about the supported commands.

WARNING

The security protections offered by this command are limited to the permissions on the Unix domain socket, and the server configuration. If someone can connect to the Unix domain socket, they have a substantial amount of control over the server.

OPTIONS

The following command-line options are accepted by the program.

-d config directory

Defaults to /etc/raddb. radmin looks here for the server configuration files to find the "listen" section that defines the control socket filename.

-e command

Run command and exit.

-E

Echo commands as they are being executed.

-f socket_file

Specify the socket filename directly. The radiusd.conf file is not read.

-h

Print usage help information.

-i input_file

Reads input from the specified file. If not specified, stdin is used. This also sets "-q".

-n mname

Read raddb/name.conf instead of raddb/radiusd.conf.

-o output_file

Write output to the specified file. If not specified, stdout is used. This also sets "-q".

-q

Quiet mode.

COMMANDS

The commands implemented by the command-line interface are almost completely controlled by the server. There are a few commands interpreted locally by radmin:

reconnect

Reconnect to the server.

quit

Exit from radmin.

exit

Exit from radmin.

The other commands are implemented by the server. Type "help" at the prompt for more information.

EXAMPLES

debug

Set debug logs to /var/log/radius/bob.log. There is very little checking of this filename. Rogue administrators may be able use this command to over-write almost any file on the system. If those administrators have write access to "radius.conf", they can do the same thing without radmin, too.

debug

Enable debugging output for all requests that match the condition. Any "unlang" condition is valid here. The condition is parsed as a string, so it must be enclosed in single or double quotes. Strings enclosed in double-quotes must have back-slashes and the quotation marks escaped inside of the string.

Only one debug condition can be active at a time.

debug

A more complex condition that enables debugging output for requests containing User-Name "bob", or requests that originate from source IP address 192.0.2.22.

debug

Disable debug conditionals.

FULL LIST OF COMMANDS

add

do sub-command of add

add

Add client configuration commands

add

Add new client definition from <filename>

debug

debugging commands

debug

Enable debugging for requests matching [condition]

debug

Set debug level to <number>. Higher is more debugging.

debug

Send all debugging output to [filename]

del

do sub-command of del

del

Delete client configuration commands

del

Delete a dynamically created client

hup

sends a HUP signal to the server, or optionally to one module

inject

commands to inject packets into a running server

inject

Inject packets to the destination IP and port.

inject

Inject packets as if they came from <ipaddr>

inject

Inject packet from input-file>, with results sent to <output-file>

reconnect

reconnect to a running server

terminate

terminates the server, and cause it to exit

set

do sub-command of set

set

set module commands

set

set configuration for <module>

set

set the module to be alive or dead (always return "fail")

set

set home server commands

set

set state for given home server

show

do sub-command of show

show

do sub-command of client

show

show configuration for given client

show

shows list of global clients

show

show debug properties

show

Shows current debugging condition.

show

Shows current debugging level.

show

Shows current debugging file.

show

do sub-command of home_server

show

show configuration for given home server

show

shows list of home servers

show

shows state of given home server

show

do sub-command of module

show

show configuration for given module

show

show other module properties

show

shows list of loaded modules

show

show sections where <module> may be used

show

shows time at which server started

show

Prints version of the running server

show

Prints out configuration as XML

stats

do sub-command of stats

stats

show statistics for given client, or for all clients (auth or acct)

stats

show statistics for given home server (ipaddr and port), or for all home servers (auth or acct)

stats

show statistics for the given detail file

RELATED TO radmin…

unlang(5), radiusd.conf(5), raddb/sites-available/control-socket

AUTHOR

Alan DeKok <[email protected]>