1RADMIN(8)            FreeRADIUS Server Administration Tool           RADMIN(8)
2
3
4

NAME

6       radmin - FreeRADIUS Administration tool
7

SYNOPSIS

9       radmin  [-d  config_directory]  [-D  dictionary_directory] [-e command]
10       [-E] [-f socket_file] [-h] [-i input_file] [-n name] [-q]
11

DESCRIPTION

13       FreeRADIUS Server administration tool  that  connects  to  the  control
14       socket of a running server, and gives a command-line interface to it.
15
16       At this time, only a few commands are supported.  Please type "help" at
17       the command prompt for detailed information about  the  supported  com‐
18       mands.
19

WARNING

21       The  security  protections  offered  by this command are limited to the
22       permissions on the Unix domain socket, and  the  server  configuration.
23       If  someone can connect to the Unix domain socket, they have a substan‐
24       tial amount of control over the server.
25

OPTIONS

27       The following command-line options are accepted by the program.
28
29       -d config directory
30              Defaults to /etc/raddb. radmin looks here for the server config‐
31              uration files to find the "listen" section that defines the con‐
32              trol socket filename.
33
34       -D dictionary directory
35              Set main dictionary directory.  Defaults  to  /usr/share/freera‐
36              dius.
37
38       -e command
39              Run command and exit.
40
41       -E     Echo commands as they are being executed.
42
43       -f socket_file
44              Specify  the socket filename directly.  The radiusd.conf file is
45              not read.
46
47       -h     Print usage help information.
48
49       -i input_file
50              Reads input from the specified file.  If not specified, stdin is
51              used.  This also sets "-q".
52
53       -n mname
54              Read raddb/name.conf instead of raddb/radiusd.conf.
55
56       -q     Quiet mode.
57

COMMANDS

59       The  commands implemented by the command-line interface are almost com‐
60       pletely controlled by the server.  There are a few commands interpreted
61       locally by radmin:
62
63       reconnect
64              Reconnect to the server.
65
66       quit   Exit from radmin.
67
68       exit   Exit from radmin.
69
70       The  other  commands are implemented by the server.  Type "help" at the
71       prompt for more information.
72

EXAMPLES

74       debug file /var/log/radius/bob.log
75              Set debug logs to /var/log/radius/bob.log.  There is very little
76              checking of this filename.  Rogue administrators may be able use
77              this command to over-write almost any file on  the  system.   If
78              those  administrators  have  write access to "radius.conf", they
79              can do the same thing without radmin, too.
80
81       debug condition '(User-Name == "bob")'
82              Enable debugging output for all requests that match  the  condi‐
83              tion.   Any  "unlang" condition is valid here.  The condition is
84              parsed as a string, so it must be enclosed in single  or  double
85              quotes.   Strings  enclosed  in  double-quotes  must  have back-
86              slashes and the quotation marks escaped inside of the string.
87
88              Only one debug condition can be active at a time.
89
90       debug condition '((User-Name ==  "bob")  ||  (Packet-Src-IP-Address  ==
91       192.0.2.22))'
92              A  more  complex  condition  that  enables  debugging output for
93              requests containing User-Name "bob", or requests that  originate
94              from source IP address 192.0.2.22.
95
96       debug condition
97              Disable debug conditionals.
98

FULL LIST OF COMMANDS

100       add <command>
101              do sub-command of add
102
103       add client <command>
104              Add client configuration commands
105
106       add client file <filename>
107              Add new client definition from <filename>
108
109       debug <command>
110              debugging commands
111
112       debug condition [condition]
113              Enable debugging for requests matching [condition]
114
115       debug level <number>
116              Set debug level to <number>.  Higher is more debugging.
117
118       debug file [filename]
119              Send all debugging output to [filename]
120
121       del <command>
122              do sub-command of del
123
124       del client <command>
125              Delete client configuration commands
126
127       del client ipaddr <ipaddr>
128              Delete a dynamically created client
129
130       hup [module]
131              sends a HUP signal to the server, or optionally to one module
132
133       inject <command>
134              commands to inject packets into a running server
135
136       inject to <ipaddr> <port>
137              Inject packets to the destination IP and port.
138
139       inject from <ipaddr>
140              Inject packets as if they came from <ipaddr>
141
142       inject file <input-file> <output-file>
143              Inject  packet  from  input-file>, with results sent to <output-
144              file>
145
146       reconnect
147              reconnect to a running server
148
149       terminate
150              terminates the server, and cause it to exit
151
152       set <command>
153              do sub-command of set
154
155       set module <command>
156              set module commands
157
158       set module config <module> variable value
159              set configuration for <module>
160
161       set module status [alive|dead]
162              set the module to be alive or dead (always return "fail")
163
164       set home_server <command>
165              set home server commands
166
167       set home_server state <ipaddr> <port> [alive|dead]
168              set state for given home server
169
170       show <command>
171              do sub-command of show
172
173       show client <command>
174              do sub-command of client
175
176       show client config <ipaddr> [udp|tcp]
177              shows configuration for a given client.
178
179       show client list
180              shows list of global clients
181
182       show debug <command>
183              show debug properties
184
185       show debug condition
186              Shows current debugging condition.
187
188       show debug level
189              Shows current debugging level.
190
191       show debug file
192              Shows current debugging file.
193
194       show home_server <command>
195              do sub-command of home_server
196
197       show home_server config <ipaddr> <port>
198              show configuration for given home server
199
200       show home_server list
201              shows list of home servers
202
203       show home_server state <ipaddr> <port>
204              shows state of given home server
205
206       show module <command>
207              do sub-command of module
208
209       show module config <module>
210              show configuration for given module
211
212       show module flags <module>
213              show other module properties
214
215       show module list
216              shows list of loaded modules
217
218       show module methods <module>
219              show sections where <module> may be used
220
221       show uptime
222              shows time at which server started
223
224       show version
225              Prints version of the running server
226
227       show xml <reference>
228              Prints out configuration as XML
229
230       stats <command>
231              do sub-command of stats
232
233       stats client [auth/acct] <ipaddr>
234              show statistics for given client, or for all  clients  (auth  or
235              acct)
236
237       stats home_server [<ipaddr>|auth|acct] <port>
238              show  statistics for given home server (ipaddr and port), or for
239              all home servers (auth or acct)
240
241       stats detail <filename>
242              show statistics for the given detail file
243

SEE ALSO

245       unlang(5), radiusd.conf(5), raddb/sites-available/control-socket
246

AUTHOR

248       Alan DeKok <aland@freeradius.org>
249
250
251
252                                  11 Mar 2019                        RADMIN(8)
Impressum