Section: FreeRADIUS Daemon (1)
Updated: 22 June 2004


radclient - send packets to a RADIUS server, show reply  


radclient [-d raddb_directory] [-c count] [-f file] [-i id] [-r num_retries] [-s] [-S shared_secret_file] [-t timeout] [-qvx] server {acct|auth|status|disconnect} secret  


radclient is a radius client program. It can send arbitrary radius packets to a radius server, then shows the reply. It can be used to test changes you made in the configuration of the radius server, or it can be used to monitor if a radius server is up.

radclient reads radius attribute/value pairs from it standard input, or from a file specified on the command line. It then encodes these attribute/value pairs using the dictionary, and sends them to the remote server.

The User-Password attribute is automatically encrypted by radclient.



-c count
Send each packet count times. /etc/raddb.

-d raddb_directory
The directory that contains the RADIUS dictionary files. Defaults to /etc/raddb.

-f file
File to read the attribute/value pairs from. If this is not specified, they are read from stdin.

-i id
Use id as the RADIUS request Id.

Go to quiet mode, and do not print out anything.

-r num_retries
Try to send each packet num_retries times, before giving up on it. The default is 10.


-S shared_secret_file
Rather than reading the shared secret from the command-line (where it can be seen by others on the local system), read it instead from shared_secret_file.

-t timeout
Wait timeout seconds before deciding that the NAS has not responded to a request, and re-sending the packet. The default timeout is 3.

Print out version information.

Print out extra debugging information.

The hostname or IP address of the remote server. Optionally a UDP port can be specified. If no UDP port is specified, it is looked up in /etc/services. The service name looked for is radacct for accounting packets, and radius for all other requests. If a service is not found in /etc/services, 1813 and 1812 are used respectively.

acct | auth
Use auth to send an authentication packet (Access-Request), acct to send an accounting packet (Accounting-Request), status to send an status packet (Status-Server), or disconnect to send a disconnection request. Instead of these values, you can also use a decimal code here. For example, code 12 is also Status-Server.

The shared secret for this client. It needs to be defined on the radius server side too, for the IP address you are sending the radius packets from.



A sample session that queries the remote server for Status-Server (not all servers support this. Cistron-radiusd does since version 1.6.5):

$ echo "User-Name = fnord" | radclient 12 s3cr3t
Sending request to server, port 1812.
radrecv: Packet from host code=2, id=140, length=54
    Reply-Message = "FreeRADIUS up 21 days, 02:05"



radiusd(8), radtest(1).  


Miquel van Smoorenburg, miquels@cistron.nl. Alan DeKok <aland@freeradius.org>



blog comments powered by Disqus