RADCLIENT

Section: FreeRADIUS Daemon (1)
Updated: 22 June 2004
 

NAME

radclient - send packets to a RADIUS server, show reply  

SYNOPSIS

radclient [-d raddb_directory] [-c count] [-f file] [-i id] [-r num_retries] [-s] [-S shared_secret_file] [-t timeout] [-qvx] server {acct|auth|status|disconnect} secret  

DESCRIPTION

radclient is a radius client program. It can send arbitrary radius packets to a radius server, then shows the reply. It can be used to test changes you made in the configuration of the radius server, or it can be used to monitor if a radius server is up.

radclient reads radius attribute/value pairs from it standard input, or from a file specified on the command line. It then encodes these attribute/value pairs using the dictionary, and sends them to the remote server.

The User-Password attribute is automatically encrypted by radclient.

 

OPTIONS

-c count
Send each packet count times. /etc/raddb.

-d raddb_directory
The directory that contains the RADIUS dictionary files. Defaults to /etc/raddb.

-f file
File to read the attribute/value pairs from. If this is not specified, they are read from stdin.

-i id
Use id as the RADIUS request Id.

-q
Go to quiet mode, and do not print out anything.

-r num_retries
Try to send each packet num_retries times, before giving up on it. The default is 10.

-sPrint

-S shared_secret_file
Rather than reading the shared secret from the command-line (where it can be seen by others on the local system), read it instead from shared_secret_file.

-t timeout
Wait timeout seconds before deciding that the NAS has not responded to a request, and re-sending the packet. The default timeout is 3.

-v
Print out version information.

-x
Print out extra debugging information.

server[:port]
The hostname or IP address of the remote server. Optionally a UDP port can be specified. If no UDP port is specified, it is looked up in /etc/services. The service name looked for is radacct for accounting packets, and radius for all other requests. If a service is not found in /etc/services, 1813 and 1812 are used respectively.

acct | auth
Use auth to send an authentication packet (Access-Request), acct to send an accounting packet (Accounting-Request), status to send an status packet (Status-Server), or disconnect to send a disconnection request. Instead of these values, you can also use a decimal code here. For example, code 12 is also Status-Server.

secret
The shared secret for this client. It needs to be defined on the radius server side too, for the IP address you are sending the radius packets from.

 

EXAMPLE

A sample session that queries the remote server for Status-Server (not all servers support this. Cistron-radiusd does since version 1.6.5):


$ echo "User-Name = fnord" | radclient 192.168.1.42 12 s3cr3t
Sending request to server 192.168.1.42, port 1812.
radrecv: Packet from host 192.168.1.42 code=2, id=140, length=54
    Reply-Message = "FreeRADIUS up 21 days, 02:05"

 

SEE ALSO

radiusd(8), radtest(1).  

AUTHORS

Miquel van Smoorenburg, miquels@cistron.nl. Alan DeKok <aland@freeradius.org>


 

Index

NAME
SYNOPSIS
DESCRIPTION
OPTIONS
EXAMPLE
SEE ALSO
AUTHORS
blog comments powered by Disqus