1RADCLIENT(1) FreeRADIUS Daemon RADCLIENT(1)
2
3
4
6 radclient - send packets to a RADIUS server, show reply
7
9 radclient [-4] [-6] [-d raddb_directory] [-c count] [-f file] [-F] [-h]
10 [-i id] [-n num_requests_per_second] [-p num_requests_in_parallel] [-q]
11 [-r num_retries] [-s] [-S shared_secret_file] [-t timeout] [-v] [-x]
12 server {acct|auth|status|disconnect|auto} secret
13
15 radclient is a radius client program. It can send arbitrary radius
16 packets to a radius server, then shows the reply. It can be used to
17 test changes you made in the configuration of the radius server, or it
18 can be used to monitor if a radius server is up.
19
20 radclient reads radius attribute/value pairs from it standard input, or
21 from a file specified on the command line. It then encodes these
22 attribute/value pairs using the dictionary, and sends them to the
23 remote server.
24
25 The User-Password and CHAP-Password attributes are automatically
26 encrypted before the packet is sent to the server.
27
28
30 -4 Use IPv4 (default)
31
32 -6 Use IPv6
33
34 -c count
35 Send each packet count times.
36
37 -d raddb_directory
38 The directory that contains the RADIUS dictionary files.
39 Defaults to /etc/raddb.
40
41 -f file
42 File to read the attribute/value pairs from. If this is not
43 specified, they are read from stdin. This option can be speci‐
44 fied multiple times, in which case packets are sent in order by
45 file, and within each file, by first packet to last packet. A
46 blank line separates logical packets within a file.
47
48 -F Print the file name, packet number and reply code.
49
50 -h Print usage help information.
51
52 -i id Use id as the RADIUS request Id.
53
54 -n num_requests_per_second
55 Try to send num_requests_per_second, evenly spaced. This option
56 allows you to slow down the rate at which radclient sends
57 requests. When not using -n, the default is to send packets as
58 quickly as possible, with no inter-packet delays.
59
60 Due to limitations in radclient, this option does not accurately
61 send the requested number of packets per second.
62
63 -p num_requests_in_parallel
64 Send num_requests_in_parallel, without waiting for a response
65 for each one. By default, radclient sends the first request it
66 has read, waits for the response, and once the response is
67 received, sends the second request in its list. This option
68 allows you to send many requests at simultaneously. Once
69 num_requests_in_parallel are sent, radclient waits for all of
70 the responses to arrive (or for the requests to time out),
71 before sending any more packets.
72
73 This option permits you to discover the maximum load accepted by
74 a RADIUS server.
75
76 -q Go to quiet mode, and do not print out anything.
77
78 -r num_retries
79 Try to send each packet num_retries times, before giving up on
80 it. The default is 10.
81
82 -s Print out some summaries of packets sent and received.
83
84 -S shared_secret_file
85 Rather than reading the shared secret from the command-line
86 (where it can be seen by others on the local system), read it
87 instead from shared_secret_file.
88
89 -t timeout
90 Wait timeout seconds before deciding that the NAS has not
91 responded to a request, and re-sending the packet. The default
92 timeout is 3.
93
94 -v Print out version information.
95
96 -x Print out debugging information.
97
98 server[:port]
99 The hostname or IP address of the remote server. Optionally a
100 UDP port can be specified. If no UDP port is specified, it is
101 looked up in /etc/services. The service name looked for is
102 radacct for accounting packets, and radius for all other
103 requests. If a service is not found in /etc/services, 1813 and
104 1812 are used respectively.
105
106 The RADIUS attributes read by radclient can contain the special
107 attribute Packet-Dst-IP-Address. If this attribute exists, then
108 that IP address is where the packet is sent, and the server
109 specified on the command-line is ignored.
110
111 If the RADIUS attribute list always contains the Packet-Dst-IP-
112 Address attribute, then the server parameter can be given as -.
113
114 The RADIUS attributes read by radclient can contain the special
115 attribute Packet-Dst-Port. If this attribute exists, then that
116 UDP port is where the packet is sent, and the :port specified on
117 the command-line is ignored.
118
119
120 acct | auth | status | disconnect | auto
121 Use auth to send an authentication packet (Access-Request), acct
122 to send an accounting packet (Accounting-Request), status to
123 send an status packet (Status-Server), or disconnect to send a
124 disconnection request. Instead of these values, you can also use
125 a decimal code here. For example, code 12 is also Status-Server.
126
127 The RADIUS attributes read by radclient can contain the special
128 attribute Packet-Type. If this attribute exists, then that type
129 of packet is sent, and the type specified on the command-line is
130 ignored.
131
132 If the RADIUS attribute list always contains the Packet-Type
133 attribute, then the type parameter can be given as auto.
134
135
136 secret The shared secret for this client. It needs to be defined on
137 the radius server side too, for the IP address you are sending
138 the radius packets from.
139
140
142 A sample session that queries the remote server for Status-Server (not
143 all servers support this, but FreeRADIUS has configurable support for
144 it).
145
146 $ echo "Message-Authenticator = 0x00" | radclient 192.168.1.42 status s3cr3t
147 Sending request to server 192.168.1.42, port 1812.
148 radrecv: Packet from host 192.168.1.42 code=2, id=140, length=54
149 Reply-Message = "FreeRADIUS up 21 days, 02:05"
150
151
152
154 radiusd(8),
155
157 Miquel van Smoorenburg, miquels@cistron.nl. Alan DeKok <aland@freera‐
158 dius.org>
159
160
161
162 2 April 2009 RADCLIENT(1)