1RADMIN(8) FreeRADIUS Server Administration Tool RADMIN(8)
2
6 radmin - FreeRADIUS Administration tool
7
9 radmin [-d config_directory] [-e command] [-E] [-f socket_file] [-h]
10 [-i input_file] [-n name] [-q]
11
13 FreeRADIUS Server administration tool that connects to the control
14 socket of a running server, and gives a command-line interface to it.
15 At this time, only a few commands are supported. Please type "help" at
17 the command prompt for detailed information about the supported com‐
18 mands.
19
21 The security protections offered by this command are limited to the
22 permissions on the Unix domain socket, and the server configuration.
23 If someone can connect to the Unix domain socket, they have a substan‐
24 tial amount of control over the server.
25
27 The following command-line options are accepted by the program.
28 -d config directory
30 Defaults to /etc/raddb. radmin looks here for the server config‐
31 uration files to find the "listen" section that defines the con‐
32 trol socket filename.
33 -e command
35 Run command and exit.
36 -E Echo commands as they are being executed.
38 -f socket_file
40 Specify the socket filename directly. The radiusd.conf file is
41 not read.
42 -h Print usage help information.
44 -i input_file
46 Reads input from the specified file. If not specified, stdin is
47 used. This also sets "-q".
48 -n mname
50 Read raddb/name.conf instead of raddb/radiusd.conf.
51 -q Quiet mode.
53
55 The commands implemented by the command-line interface are almost com‐
56 pletely controlled by the server. There are a few commands interpreted
57 locally by radmin:
58 reconnect
60 Reconnect to the server.
61 quit Exit from radmin.
63 exit Exit from radmin.
65 The other commands are implemented by the server. Type "help" at the
67 prompt for more information.
68
70 debug file /var/log/radius/bob.log
71 Set debug logs to /var/log/radius/bob.log. There is very little
72 checking of this filename. Rogue administrators may be able use
73 this command to over-write almost any file on the system. If
74 those administrators have write access to "radius.conf", they
75 can do the same thing without radmin, too.
76 debug condition '(User-Name == "bob")'
78 Enable debugging output for all requests that match the condi‐
79 tion. Any "unlang" condition is valid here. The condition is
80 parsed as a string, so it must be enclosed in single or double
81 quotes. Strings enclosed in double-quotes must have back-
82 slashes and the quotation marks escaped inside of the string.
83 Only one debug condition can be active at a time.
85 debug condition '((User-Name == "bob") || (Packet-Src-IP-Address ==
87 192.0.2.22))'
88 A more complex condition that enables debugging output for
89 requests containing User-Name "bob", or requests that originate
90 from source IP address 192.0.2.22.
91 debug condition
93 Disable debug conditionals.
94
96 add <command>
97 do sub-command of add
98 add client <command>
100 Add client configuration commands
101 add client file <filename>
103 Add new client definition from <filename>
104 debug <command>
106 debugging commands
107 debug condition [condition]
109 Enable debugging for requests matching [condition]
110 debug level <number>
112 Set debug level to <number>. Higher is more debugging.
113 debug file [filename]
115 Send all debugging output to [filename]
116 del <command>
118 do sub-command of del
119 del client <command>
121 Delete client configuration commands
122 del client ipaddr <ipaddr>
124 Delete a dynamically created client
125 hup [module]
127 sends a HUP signal to the server, or optionally to one module
128 inject <command>
130 commands to inject packets into a running server
131 inject to <ipaddr> <port>
133 Inject packets to the destination IP and port.
134 inject from <ipaddr>
136 Inject packets as if they came from <ipaddr>
137 inject file <input-file> <output-file>
139 Inject packet from input-file>, with results sent to <output-
140 file>
141 reconnect
143 reconnect to a running server
144 terminate
146 terminates the server, and cause it to exit
147 set <command>
149 do sub-command of set
150 set module <command>
152 set module commands
153 set module config <module> variable value
155 set configuration for <module>
156 set module status [alive|dead]
158 set the module to be alive or dead (always return "fail")
159 set home_server <command>
161 set home server commands
162 set home_server state <ipaddr> <port> [alive|dead]
164 set state for given home server
165 show <command>
167 do sub-command of show
168 show client <command>
170 do sub-command of client
171 show client config <ipaddr>
173 show configuration for given client
174 show client list
176 shows list of global clients
177 show debug <command>
179 show debug properties
180 show debug condition
182 Shows current debugging condition.
183 show debug level
185 Shows current debugging level.
186 show debug file
188 Shows current debugging file.
189 show home_server <command>
191 do sub-command of home_server
192 show home_server config <ipaddr> <port>
194 show configuration for given home server
195 show home_server list
197 shows list of home servers
198 show home_server state <ipaddr> <port>
200 shows state of given home server
201 show module <command>
203 do sub-command of module
204 show module config <module>
206 show configuration for given module
207 show module flags <module>
209 show other module properties
210 show module list
212 shows list of loaded modules
213 show module methods <module>
215 show sections where <module> may be used
216 show uptime
218 shows time at which server started
219 show version
221 Prints version of the running server
222 show xml <reference>
224 Prints out configuration as XML
225 stats <command>
227 do sub-command of stats
228 stats client [auth/acct] <ipaddr>
230 show statistics for given client, or for all clients (auth or
231 acct)
232 stats home_server [<ipaddr>/auth/acct] <port>
234 show statistics for given home server (ipaddr and port), or for
235 all home servers (auth or acct)
236 stats detail <filename>
238 show statistics for the given detail file
239
241 unlang(5), radiusd.conf(5), raddb/sites-available/control-socket
242
244 Alan DeKok <aland@freeradius.org>
245 03 Feb 2015 RADMIN(8)