1RADCLIENT(1)                   FreeRADIUS Daemon                  RADCLIENT(1)
2
3
4

NAME

6       radclient - send packets to a RADIUS server, show reply
7

SYNOPSIS

9       radclient  [-4]  [-6]  [-c  count]  [-d  raddb_directory]  [-D  dictio‐
10       nary_directory] [-f file] [-F] [-h] [-i id]  [-n  num_requests_per_sec‐
11       ond]  [-p  num_requests_in_parallel]  [-q]  [-r  num_retries]  [-s] [-S
12       shared_secret_file]  [-t  timeout]  [-v]  [-x]  server  {acct|auth|sta‐
13       tus|coa|disconnect|auto} secret
14

DESCRIPTION

16       radclient  is  a  radius  client  program. It can send arbitrary radius
17       packets to a radius server, then shows the reply. It  can  be  used  to
18       test  changes you made in the configuration of the radius server, or it
19       can be used to monitor if a radius server is up.
20
21       radclient reads radius attribute/value pairs from it standard input, or
22       from  a  file  specified  on  the  command  line. It then encodes these
23       attribute/value pairs using the  dictionary,  and  sends  them  to  the
24       remote server.
25
26       The   User-Password  and  CHAP-Password  attributes  are  automatically
27       encrypted before the packet is sent to the server.
28
29

OPTIONS

31       -4     Use IPv4 (default)
32
33       -6     Use IPv6
34
35       -c count
36              Send each packet count times.
37
38       -d raddb_directory
39              The directory that contains the user dictionary  file.  Defaults
40              to /etc/raddb.
41
42       -D dictionary_directory
43              The  directory  that contains the main dictionary file. Defaults
44              to /usr/share/freeradius.
45
46       -f file[:file]
47              File to read the attribute/value pairs  from.  If  this  is  not
48              specified,  they are read from stdin.  This option can be speci‐
49              fied multiple times, in which case packets are sent in order  by
50              file,  and  within each file, by first packet to last packet.  A
51              blank line separates logical packets within a file.  If  a  pair
52              of files separated by a colon is specified, the second file will
53              be used to filter the responses to requests from the first.  The
54              number  of  requests and filters must be the same.  A summary of
55              filter results will be displayed if -s is passed.
56
57       -F     Print the file name, packet number and reply code.
58
59       -h     Print usage help information.
60
61       -i id  Use id as the RADIUS request Id.
62
63       -n num_requests_per_second
64              Try to send num_requests_per_second, evenly spaced.  This option
65              allows  you  to  slow  down  the  rate  at which radclient sends
66              requests.  When not using -n, the default is to send packets  as
67              quickly as possible, with no inter-packet delays.
68
69              Due to limitations in radclient, this option does not accurately
70              send the requested number of packets per second.
71
72       -p num_requests_in_parallel
73              Send num_requests_in_parallel, without waiting  for  a  response
74              for  each one.  By default, radclient sends the first request it
75              has read, waits for the  response,  and  once  the  response  is
76              received,  sends  the  second  request in its list.  This option
77              allows you  to  send  many  requests  at  simultaneously.   Once
78              num_requests_in_parallel  are  sent,  radclient waits for all of
79              the responses to arrive (or  for  the  requests  to  time  out),
80              before sending any more packets.
81
82              This option permits you to discover the maximum load accepted by
83              a RADIUS server.
84
85       -P proto
86              Use proto transport protocol ("tcp" or "udp").   Only  available
87              if FreeRADIUS is compiled with TCP transport support.
88
89       -q     Go to quiet mode, and do not print out anything.
90
91       -r num_retries
92              Try  to  send each packet num_retries times, before giving up on
93              it.  The default is 10.
94
95       -s     Print out some summaries of packets sent and received.
96
97       -S shared_secret_file
98              Rather than reading the  shared  secret  from  the  command-line
99              (where  it  can  be seen by others on the local system), read it
100              instead from shared_secret_file.
101
102       -t timeout
103              Wait timeout seconds  before  deciding  that  the  NAS  has  not
104              responded  to a request, and re-sending the packet.  The default
105              timeout is 3.
106
107       -v     Print out version information.
108
109       -x     Print out debugging information.
110
111       server[:port]
112              The hostname or IP address of the remote  server.  Optionally  a
113              UDP  port  can  be specified. If no UDP port is specified, it is
114              looked up in /etc/services.  The  service  name  looked  for  is
115              radacct  for  accounting  packets,  and  radius  for  all  other
116              requests. If a service is not found in /etc/services,  1813  and
117              1812  are  used  respectively.   For coa and disconnect packets,
118              port 3799 is used.
119
120              If a host name is  specified,  then  radclient  will  do  a  DNS
121              lookup,  and  use  the  A  record  to find the IP address of the
122              RADIUS server.  If there is no A  record,  then  radclient  will
123              look  for  an AAAA record.  If there is no AAAA record, an error
124              will be produced.
125
126              IPv6 addresses may be specified  by  surrounding  it  in  square
127              brackets.   For  example,  [2002:c000:0201:0:0:0:0:0], or with a
128              port, [2002:c000:0201:0:0:0:0:0]:18120.
129
130              The RADIUS attributes read by radclient can contain the  special
131              attribute Packet-Dst-IP-Address.  If this attribute exists, then
132              that IP address is where the packet  is  sent,  and  the  server
133              specified on the command-line is ignored.
134
135              If  the RADIUS attribute list always contains the Packet-Dst-IP-
136              Address attribute, then the server parameter can be given as -.
137
138              The RADIUS attributes read by radclient can contain the  special
139              attribute  Packet-Dst-Port.  If this attribute exists, then that
140              UDP port is where the packet is sent, and the :port specified on
141              the command-line is ignored.
142
143
144       acct | auth | status | coa | disconnect | auto
145              Use auth to send an authentication packet (Access-Request), acct
146              to send an accounting  packet  (Accounting-Request),  status  to
147              send  a  status  packet  (Status-Server),  or coa to send a CoA-
148              Request, or disconnect to send a disconnection request.  Instead
149              of these values, you can also use a decimal code here. For exam‐
150              ple, code 12 is also Status-Server.
151
152              The RADIUS attributes read by radclient can contain the  special
153              attribute Packet-Type.  If this attribute exists, then that type
154              of packet is sent, and the type specified on the command-line is
155              ignored.
156
157              If  the  RADIUS  attribute  list always contains the Packet-Type
158              attribute, then the type parameter can be given as auto.
159
160
161       secret The shared secret for this client.  It needs to  be  defined  on
162              the  radius  server side too, for the IP address you are sending
163              the radius packets from.
164
165

EXAMPLE

167       A sample session that queries the remote server for Status-Server  (not
168       all  servers  support this, but FreeRADIUS has configurable support for
169       it).
170
171              $ echo "Message-Authenticator = 0x00" | radclient 192.0.2.42 status s3cr3t
172              Sending request to server 192.0.2.42, port 1812.
173              radrecv: Packet from host 192.0.2.42 code=2, id=140, length=54
174                  Reply-Message = "FreeRADIUS up 21 days, 02:05"
175
176
177

SEE ALSO

179       radiusd(8),
180

AUTHORS

182       Miquel van Smoorenburg, miquels@cistron.nl.  Alan DeKok  <aland@freera‐
183       dius.org>
184
185
186
187                                 22 March 2019                    RADCLIENT(1)
Impressum