1 .TH RADMIN 8 "19 Jul 2010" "" "FreeRADIUS Server Administration Tool"
3 radmin - FreeRADIUS Administration tool
20 FreeRADIUS Server administration tool that connects to the control
21 socket of a running server, and gives a command-line interface to it.
23 At this time, only a few commands are supported. Please type "help"
24 at the command prompt for detailed information about the supported
27 The security protections offered by this command are limited to the
28 permissions on the Unix domain socket, and the server
29 configuration. If someone can connect to the Unix domain socket, they
30 have a substantial amount of control over the server.
32 The following command-line options are accepted by the program.
33 .IP "\-d \fIconfig directory\fP"
34 Defaults to \fI/etc/raddb\fP. \fBradmin\fP looks here for the server
35 configuration files to find the "listen" section that defines the
36 control socket filename.
37 .IP "\-e \fIcommand\fP"
38 Run \fIcommand\fP and exit.
39 .IP "\-f \fIsocket_file\fP"
40 Specify the socket filename directly. The radiusd.conf file is not read.
41 .IP "\-i \fIinput_file\fP"
42 Reads input from the specified file. If not specified, stdin is used.
45 Read \fIraddb/name.conf\fP instead of \fIraddb/radiusd.conf\fP.
46 .IP "\-o \fIoutput_file\fP"
47 Write output to the specified file. If not specified, stdout is used.
52 The commands implemented by the command-line interface are almost
53 completely controlled by the server. There are a few commands
54 interpreted locally by radmin:
56 Reconnect to the server.
62 The other commands are implemented by the server. Type "help" at the
63 prompt for more information.
65 .IP debug\ file\ /var/log/radius/bob.log
66 Set debug logs to /var/log/radius/bob.log. There is very little
67 checking of this filename. Rogue administrators may be able use this
68 command to over-write almost any file on the system. If those
69 administrators have write access to "radius.conf", they can do the
70 same thing without radmin, too.
71 .IP debug\ condition\ '(User-Name\ ==\ "bob")'
72 Enable debugging output for all requests that match the condition.
73 Any "unlang" condition is valid here. The condition is parsed as a
74 string, so it must be enclosed in single or double quotes. Strings
75 enclosed in double-quotes must have back-slashes and the quotation
76 marks escaped inside of the string.
78 Only one debug condition can be active at a time.
79 .IP debug\ condition\ '((User-Name\ ==\ "bob")\ ||\ (Packet-Src-IP-Address\ ==\ 192.0.2.22))'
80 A more complex condition that enables debugging output for requests
81 containing User-Name "bob", or requests that originate from source IP
84 Disable debug conditionals.
85 .SH FULL LIST OF COMMANDS
88 .IP add\ client\ <command>
89 Add client configuration commands
90 .IP add\ client\ file\ <filename>
91 Add new client definition from <filename>
94 .IP debug\ condition\ [condition]
95 Enable debugging for requests matching [condition]
96 .IP debug\ level\ <number>
97 Set debug level to <number>. Higher is more debugging.
98 .IP debug\ file\ [filename]
99 Send all debugging output to [filename]
101 sends a HUP signal to the server, or optionally to one module
103 reconnect to a running server
105 terminates the server, and cause it to exit
107 do sub-command of set
108 .IP set\ module\ <command>
110 .IP set\ module\ config\ <module>\ variable\ value
111 set configuration for <module>
112 .IP set\ home_server\ <command>
113 set home server commands
114 .IP set\ home_server\ state\ <ipaddr>\ <port>\ [alive|dead]
115 set state for given home server
117 do sub-command of show
118 .IP show\ client\ <command>
119 do sub-command of client
120 .IP show\ client\ config\ <ipaddr>
121 show configuration for given client
122 .IP show\ client\ list
123 shows list of global clients
124 .IP show\ debug\ <command>
125 show debug properties
126 .IP show\ debug\ condition
127 Shows current debugging condition.
128 .IP show\ debug\ level
129 Shows current debugging level.
130 .IP show\ debug\ file
131 Shows current debugging file.
132 .IP show\ home_server\ <command>
133 do sub-command of home_server
134 .IP show\ home_server\ config\ <ipaddr>\ <port>
135 show configuration for given home server
136 .IP show\ home_server\ list
137 shows list of home servers
138 .IP show\ home_server\ state\ <ipaddr>\ <port>
139 shows state of given home server
140 .IP show\ module\ <command>
141 do sub-command of module
142 .IP show\ module\ config\ <module>
143 show configuration for given module
144 .IP show\ module\ flags\ <module>
145 show other module properties
146 .IP show\ module\ list
147 shows list of loaded modules
148 .IP show\ module\ methods\ <module>
149 show sections where <module> may be used
151 shows time at which server started
153 Prints version of the running server
154 .IP show\ xml\ <reference>
155 Prints out configuration as XML
157 do sub-command of stats
158 .IP stats\ client\ [auth/acct]\ <ipaddr>
159 show statistics for client
160 .IP stats\ home_server\ <ipaddr>\ <port>
161 show statistics for home server
163 unlang(5), radiusd.conf(5), raddb/sites-available/control-socket
165 Alan DeKok <aland@freeradius.org>