Man page of RADMIN
RADMIN
Section: FreeRADIUS Server Administration Tool (8)
Updated: 15 Feb 2009
Index of this MAN page
Back To MAN Pages From BackTrack 5 R1 Master List
NAME
radmin - FreeRADIUS Administration tool
SYNOPSIS
radmin
[-d
config_directory]
[-e
command]
[-f
socket_file]
[-i
input_file]
[-n
name]
[-o
output_file]
[-q]
DESCRIPTION
FreeRADIUS Server administration tool that connects to the control
socket of a running server, and gives a command-line interface to it.
At this time, only a few commands are supported. Please type "help"
at the command prompt for detailed information about the supported
commands.
WARNING
This tool is experimental and should not be used in production
environments. Changes may be made at any time to the commands
accepted by the server, and/or to the resulting output.
The security protections offered by this command are pretty minimal.
If someone has permission to connect to the server, they can do almost
anything, from stopping the server, to changing its configuration.
Please exercise caution when using this command!
OPTIONS
The following command-line options are accepted by the program.
- -d config directory
-
Defaults to /etc/raddb. radmin looks here for the server
configuration files to find the "listen" section that defines the
control socket filename.
- -e command
-
Run command and exit.
- -f socket_file
-
Specify the socket filename directly. The radiusd.conf file is not read.
- -i input_file
-
Reads input from the specified file. If not specified, stdin is used.
This also sets "-q".
- -n mname
-
Read raddb/name.conf instead of raddb/radiusd.conf.
- -o output_file
-
Write output to the specified file. If not specified, stdout is used.
This also sets "-q".
- -q
-
Quiet mode.
COMMANDS
The commands implemented by the command-line interface are almost
completely controlled by the server. There are a few commands
interpreted locally by radmin:
- reconnect
-
Reconnect to the server.
- quit
-
Exit from radmin.
- exit
-
Exit from radmin.
The other commands are implemented by the server. Type "help" at the
prompt for more information.
EXAMPLES
- debug file /var/log/radius/bob.log
-
Set debug logs to /var/log/radius/bob.log. There is very little
checking of this filename. Rogue administrators may be able use this
command to over-write almost any file on the system. If those
administrators have write access to "radius.conf", they can do the
same thing without radmin, too.
- debug condition '(User-Name == bob)'
-
Enable debugging output for all requests that match the condition.
Any "unlang" condition is valid here. The condition is parsed as a
string, so it must be enclosed in single or double quotes. Strings
enclosed in double-quotes must have back-slashes and the quotation
marks escaped inside of the string.
Only one debug condition can be active at a time.
- debug condition '((User-Name == bob) || (Packet-Src-IP-Address == 192.0.2.22))'
-
A more complex condition that enables debugging output for requests
containing User-Name "bob", or requests that originate from source IP
address 192.0.2.22.
- debug condition
-
Disable debug conditionals.
FULL LIST OF COMMANDS
- add <command>
-
do sub-command of add
- add client <command>
-
Add client configuration commands
- add client file <filename>
-
Add new client definition from <filename>
- debug <command>
-
debugging commands
- debug condition [condition]
-
Enable debugging for requests matching [condition]
- debug level <number>
-
Set debug level to <number>. Higher is more debugging.
- debug file [filename]
-
Send all debugging output to [filename]
- hup [module]
-
sends a HUP signal to the server, or optionally to one module
- reconnect
-
reconnect to a running server
- terminate
-
terminates the server, and cause it to exit
- set <command>
-
do sub-command of set
- set module <command>
-
set module commands
- set module config <module> variable value
-
set configuration for <module>
- set home_server <command>
-
set home server commands
- set home_server state <ipaddr> <port> [alive|dead]
-
set state for given home server
- show <command>
-
do sub-command of show
- show client <command>
-
do sub-command of client
- show client config <ipaddr>
-
show configuration for given client
- show client list
-
shows list of global clients
- show debug <command>
-
show debug properties
- show debug condition
-
Shows current debugging condition.
- show debug level
-
Shows current debugging level.
- show debug file
-
Shows current debugging file.
- show home_server <command>
-
do sub-command of home_server
- show home_server config <ipaddr> <port>
-
show configuration for given home server
- show home_server list
-
shows list of home servers
- show home_server state <ipaddr> <port>
-
shows state of given home server
- show module <command>
-
do sub-command of module
- show module config <module>
-
show configuration for given module
- show module flags <module>
-
show other module properties
- show module list
-
shows list of loaded modules
- show module methods <module>
-
show sections where <module> may be used
- show uptime
-
shows time at which server started
- show version
-
Prints version of the running server
- show xml <reference>
-
Prints out configuration as XML
- stats <command>
-
do sub-command of stats
- stats client [auth/acct] <ipaddr>
-
show statistics for client
- stats home_server <ipaddr> <port>
-
show statistics for home server
SEE ALSO
unlang(5), radiusd.conf(5), raddb/sites-available/control-socket
AUTHOR
Alan DeKok <aland@freeradius.org>
Index
- NAME
-
- SYNOPSIS
-
- DESCRIPTION
-
- WARNING
-
- OPTIONS
-
- COMMANDS
-
- EXAMPLES
-
- FULL LIST OF COMMANDS
-
- SEE ALSO
-
- AUTHOR
-
This document was created by
man2html,
using the manual pages.
Time: 07:34:21 GMT, September 13, 2011