1RADMIN(8) FreeRADIUS Server Administration Tool RADMIN(8)
2
3
4
6 radmin - FreeRADIUS Administration tool
7
9 radmin [-d config_directory] [-e command] [-E] [-f socket_file] [-h]
10 [-i input_file] [-n name] [-o output_file] [-q]
11
13 FreeRADIUS Server administration tool that connects to the control
14 socket of a running server, and gives a command-line interface to it.
15
16 At this time, only a few commands are supported. Please type "help" at
17 the command prompt for detailed information about the supported com‐
18 mands.
19
21 The security protections offered by this command are limited to the
22 permissions on the Unix domain socket, and the server configuration.
23 If someone can connect to the Unix domain socket, they have a substan‐
24 tial amount of control over the server.
25
27 The following command-line options are accepted by the program.
28
29 -d config directory
30 Defaults to /etc/raddb. radmin looks here for the server config‐
31 uration files to find the "listen" section that defines the con‐
32 trol socket filename.
33
34 -e command
35 Run command and exit.
36
37 -E Echo commands as they are being executed.
38
39 -f socket_file
40 Specify the socket filename directly. The radiusd.conf file is
41 not read.
42
43 -h Print usage help information.
44
45 -i input_file
46 Reads input from the specified file. If not specified, stdin is
47 used. This also sets "-q".
48
49 -n mname
50 Read raddb/name.conf instead of raddb/radiusd.conf.
51
52 -o output_file
53 Write output to the specified file. If not specified, stdout is
54 used. This also sets "-q".
55
56 -q Quiet mode.
57
59 The commands implemented by the command-line interface are almost com‐
60 pletely controlled by the server. There are a few commands interpreted
61 locally by radmin:
62
63 reconnect
64 Reconnect to the server.
65
66 quit Exit from radmin.
67
68 exit Exit from radmin.
69
70 The other commands are implemented by the server. Type "help" at the
71 prompt for more information.
72
74 debug file /var/log/radius/bob.log
75 Set debug logs to /var/log/radius/bob.log. There is very little
76 checking of this filename. Rogue administrators may be able use
77 this command to over-write almost any file on the system. If
78 those administrators have write access to "radius.conf", they
79 can do the same thing without radmin, too.
80
81 debug condition '(User-Name == "bob")'
82 Enable debugging output for all requests that match the condi‐
83 tion. Any "unlang" condition is valid here. The condition is
84 parsed as a string, so it must be enclosed in single or double
85 quotes. Strings enclosed in double-quotes must have back-
86 slashes and the quotation marks escaped inside of the string.
87
88 Only one debug condition can be active at a time.
89
90 debug condition '((User-Name == "bob") || (Packet-Src-IP-
91 Address == 192.0.2.22))'
92 A more complex condition that enables debugging output for
93 requests containing User-Name "bob", or requests that originate
94 from source IP address 192.0.2.22.
95
96 debug condition
97 Disable debug conditionals.
98
100 add <command>
101 do sub-command of add
102
103 add client <command>
104 Add client configuration commands
105
106 add client file <filename>
107 Add new client definition from <filename>
108
109 debug <command>
110 debugging commands
111
112 debug condition [condition]
113 Enable debugging for requests matching [condition]
114
115 debug level <number>
116 Set debug level to <number>. Higher is more debugging.
117
118 debug file [filename]
119 Send all debugging output to [filename]
120
121 del <command>
122 do sub-command of del
123
124 del client <command>
125 Delete client configuration commands
126
127 del client ipaddr <ipaddr>
128 Delete a dynamically created client
129
130 hup [module]
131 sends a HUP signal to the server, or optionally to one module
132
133 inject <command>
134 commands to inject packets into a running server
135
136 inject to <ipaddr> <port>
137 Inject packets to the destination IP and port.
138
139 inject from <ipaddr>
140 Inject packets as if they came from <ipaddr>
141
142 inject file <input-file> <output-file>
143 Inject packet from input-file>, with results sent to <output-
144 file>
145
146 reconnect
147 reconnect to a running server
148
149 terminate
150 terminates the server, and cause it to exit
151
152 set <command>
153 do sub-command of set
154
155 set module <command>
156 set module commands
157
158 set module config <module> variable value
159 set configuration for <module>
160
161 set module status [alive|dead]
162 set the module to be alive or dead (always return "fail")
163
164 set home_server <command>
165 set home server commands
166
167 set home_server state <ipaddr> <port> [alive|dead]
168 set state for given home server
169
170 show <command>
171 do sub-command of show
172
173 show client <command>
174 do sub-command of client
175
176 show client config <ipaddr>
177 show configuration for given client
178
179 show client list
180 shows list of global clients
181
182 show debug <command>
183 show debug properties
184
185 show debug condition
186 Shows current debugging condition.
187
188 show debug level
189 Shows current debugging level.
190
191 show debug file
192 Shows current debugging file.
193
194 show home_server <command>
195 do sub-command of home_server
196
197 show home_server config <ipaddr> <port>
198 show configuration for given home server
199
200 show home_server list
201 shows list of home servers
202
203 show home_server state <ipaddr> <port>
204 shows state of given home server
205
206 show module <command>
207 do sub-command of module
208
209 show module config <module>
210 show configuration for given module
211
212 show module flags <module>
213 show other module properties
214
215 show module list
216 shows list of loaded modules
217
218 show module methods <module>
219 show sections where <module> may be used
220
221 show uptime
222 shows time at which server started
223
224 show version
225 Prints version of the running server
226
227 show xml <reference>
228 Prints out configuration as XML
229
230 stats <command>
231 do sub-command of stats
232
233 stats client [auth/acct] <ipaddr>
234 show statistics for given client, or for all clients (auth or
235 acct)
236
237 stats home_server [<ipaddr>/auth/acct] <port>
238 show statistics for given home server (ipaddr and port), or for
239 all home servers (auth or acct)
240
241 stats detail <filename>
242 show statistics for the given detail file
243
245 unlang(5), radiusd.conf(5), raddb/sites-available/control-socket
246
248 Alan DeKok <aland@freeradius.org>
249
250
251
252 14 Mar 2011 RADMIN(8)