-.TH RADIUSD 8 "11 Nov 2007" "" "FreeRADIUS Daemon"
+.TH RADIUSD 8 "27 Dec 2007" "" "FreeRADIUS Daemon"
.SH NAME
radiusd - Authentication, Authorization and Accounting server
.SH SYNOPSIS
Finer-grained debug mode. In this mode the server will print details
of every request on it's \fBstdout\fP output. You can specify this
option multiple times (-x -x or -xx) to get more detailed output.
-.SH DEPRECATED OPTIONS
-The following options may work, and are accepted for backwards
-compatibility. Support for these options may be removed in a future
-revision of the server.
-.IP \-A
-Write a file \fIdetail.auth\fP in addition to the standard \fBdetail\fP file
-in the same directory. This file will contain all the authentication-request
-records. This can be useful for debugging, but not for normal operation.
-
-This command line option is accepted only for backwards
-compatibility. It no longer does anything. See the configuration for
-the \fIdetail\fP module in \fIradiusd.conf\fP.
-.IP "\-a \fIaccounting directory\fP"
-This defaults to \fI/var/log/radacct\fP. If that directory exists,
-\fBradiusd\fP will write an ascii accounting record into a detail file for
-every login/logout recorded. The location of the detail file is
-\fIacct_dir/\fP\fBterminal_server\fP\fI/detail\fP.
-
-This command line option is deprecated. See the \fIradacctdir\fP
-configuration item in the \fIradiusd.conf\fP file.
-.IP "\-g \fIfacility\fP"
-Specifies the syslog facility to be used with \fB-l syslog\fP. Default is
-\fIdaemon\fP. Another reasonable choice would be \fIauthpriv\fP.
-.IP "\-l \fIlogging directory\fP"
-This defaults to \fI/var/log\fP. \fBRadiusd\fP writes a logfile here
-called \fIradius.log\fP. It contains informational and error messages,
-and optionally a record of every login attempt (for aiding an ISP's
-helpdesk). The special arguments \fIstdout\fP and \fIstderr\fP cause
-the information to get written to the standard output, or standard
-error instead. The special argument \fIsyslog\fP sends the information
-with \fBsyslog\fP(3).
-
-This command line option is deprecated. See the \fIlog_dir\fP
-configuration item in the \fIradiusd.conf\fP file.
-.IP \-S
-Write the stripped usernames (without prefix or suffix) in the \fBdetail\fP
-file instead of the raw record as received from the terminal server.
-
-This command line option is deprecated. See the \fIlog_stripped_names\fP
-configuration item in the \fIradiusd.conf\fP file.
-.IP \-y
-Write details about every authentication request in the
-\fIradius.log\fP file.
-
-This command line option is deprecated. See the \fIlog_auth\fP
-configuration item in the \fIradiusd.conf\fP file.
-.IP \-z
-Include the password in the \fIradius.log\fP file \fBeven\fP for successful
-logins. \fIThis is very insecure!\fP.
-
-This command line option is deprecated. See the
-\fIlog_auth_badpass\fP and the \fIlog_auth_goodpass\fP configuration
-items in the \fIradiusd.conf\fP file.
.SH DEBUGGING
The server can be difficult to configure correctly in systems with
complex requirements. We STRONGLY RECOMMEND proceeding via the
const char *radlib_dir = NULL;
int log_stripped_names;
int debug_flag = 0;
-int log_auth_detail = FALSE;
int check_config = FALSE;
const char *radiusd_version = "FreeRADIUS Version " RADIUSD_VERSION ", for host " HOSTINFO ", built on " __DATE__ " at " __TIME__;
int main(int argc, char *argv[])
{
int rcode;
- unsigned char buffer[4096];
int argval;
int spawn_flag = TRUE;
int dont_fork = FALSE;
mainconfig.log_file = NULL;
/* Process the options. */
- while ((argval = getopt(argc, argv, "Aa:bcCd:fg:hi:l:mn:p:sSvxXyz")) != EOF) {
+ while ((argval = getopt(argc, argv, "Cd:fhi:mn:p:svxX")) != EOF) {
switch(argval) {
-
- case 'A':
- log_auth_detail = TRUE;
- break;
-
- case 'a':
- if (radacct_dir) free(radacct_dir);
- radacct_dir = strdup(optarg);
- break;
-
- case 'c':
- /* ignore for backwards compatibility with Cistron */
- break;
-
case 'C':
check_config = TRUE;
spawn_flag = FALSE;
flag |= 1;
break;
- case 'l':
- if ((strcmp(optarg, "stdout") == 0) ||
- (strcmp(optarg, "stderr") == 0) ||
- (strcmp(optarg, "syslog") == 0)) {
- fprintf(stderr, "radiusd: -l %s is unsupported. Use log_destination in radiusd.conf\n", optarg);
- exit(1);
- }
- if (radlog_dir) free(radlog_dir);
- radlog_dir = strdup(optarg);
- break;
-
- case 'g':
- fprintf(stderr, "radiusd: -g is unsupported. Use log_destination in radiusd.conf.\n");
- exit(1);
- break;
-
case 'm':
debug_memory = 1;
break;
- case 'n':
- if ((strchr(optarg, '/') != NULL) ||
- (strchr(optarg, '.') != NULL) ||
- (strlen(optarg) > 45)) usage(1);
-
- snprintf(buffer, sizeof(buffer), "%s.conf",
- optarg);
- if (mainconfig.radiusd_conf)
- free(mainconfig.radiusd_conf);
- mainconfig.radiusd_conf = strdup(buffer);
- break;
-
- case 'S':
- log_stripped_names++;
- break;
-
case 'p':
mainconfig.port = atoi(optarg);
if ((mainconfig.port <= 0) ||
debug_flag++;
break;
- case 'y':
- mainconfig.log_auth = TRUE;
- mainconfig.log_auth_badpass = TRUE;
- break;
-
- case 'z':
- mainconfig.log_auth_badpass = TRUE;
- mainconfig.log_auth_goodpass = TRUE;
- break;
-
default:
usage(1);
break;
FILE *output = status?stderr:stdout;
fprintf(output,
- "Usage: %s [-a acct_dir] [-d db_dir] [-l log_dir] [-i address] [-AcfnsSvXxyz]\n", progname);
+ "Usage: %s [-d db_dir] [-l log_dir] [-i address] [-fsvXx]\n", progname);
fprintf(output, "Options:\n\n");
- fprintf(output, " -a acct_dir use accounting directory 'acct_dir'.\n");
- fprintf(output, " -A Log auth detail.\n");
fprintf(output, " -C Check configuration and exit.\n");
fprintf(output, " -d raddb_dir Configuration files are in \"raddbdir/*\".\n");
fprintf(output, " -f Run as a foreground process, not a daemon.\n");
fprintf(output, " -h Print this help message.\n");
fprintf(output, " -i ipaddr Listen on ipaddr ONLY\n");
- fprintf(output, " -l log_dir Log file is \"log_dir/radius.log\" (not used in debug mode)\n");
fprintf(output, " -p port Listen on port ONLY\n");
fprintf(output, " -s Do not spawn child processes to handle requests.\n");
- fprintf(output, " -S Log stripped names.\n");
fprintf(output, " -v Print server version information.\n");
fprintf(output, " -X Turn on full debugging.\n");
fprintf(output, " -x Turn on additional debugging. (-xx gives more debugging).\n");
- fprintf(output, " -y Log authentication failures, with password.\n");
- fprintf(output, " -z Log authentication successes, with password.\n");
exit(status);
}