radclient(1) FreeRADIUS Daemon radclient(1)
NAME
radclient - send packets to a RADIUS server, show reply
SYNOPSIS
radclient [-d raddb_directory] [-c count] [-f file] [-i id] [-n num_requests_per_second] [-p num_requests_in_parallel] [-r num_retries] [-s] [-S shared_secret_file] [-t timeout] [-qvx] server {acct|auth|sta- tus|disconnect|auto} secret
DESCRIPTION
radclient is a radius client program. It can send arbitrary radius packets to a radius server, then shows the reply. It can be used to test changes you made in the configuration of the radius server, or it can be used to monitor if a radius server is up. radclient reads radius attribute/value pairs from it standard input, or from a file specified on the command line. It then encodes these attribute/value pairs using the dictionary, and sends them to the remote server. The User-Password and CHAP-Password attributes are automatically encrypted before the packet is sent to the server.
OPTIONS
-c count Send each packet count times. -d raddb_directory The directory that contains the RADIUS dictionary files. Defaults to /etc/raddb. -f file File to read the attribute/value pairs from. If this is not specified, they are read from stdin. This option can be speci- fied multiple times, in which case packets are sent in order by file, and within each file, by first packet to last packet. A blank line separates logical packets within a file. -i id Use id as the RADIUS request Id. -n num_requests_per_second Send num_requests_per_second, evenly spaced over time. By default, the requests are sent as fast as possible. This option allows you to slow down the rate at which radclient sends requests. -p num_requests_in_parallel Send num_requests_in_parallel, without waiting for a response for each one. By default, radclient sends the first request it has read, waits for the response, and once the response is received, sends the second request in its list. This option allows you to send many requests at simultaneously. Once num_requests_in_parallel are sent, radclient waits for all of the responses to arrive (or for the requests to time out), before sending any more packets. -q Go to quiet mode, and do not print out anything. -r num_retries Try to send each packet num_retries times, before giving up on it. The default is 10. -s Print out some summaries of packets sent and received. -S shared_secret_file Rather than reading the shared secret from the command-line (where it can be seen by others on the local system), read it instead from shared_secret_file. -t timeout Wait timeout seconds before deciding that the NAS has not responded to a request, and re-sending the packet. The default timeout is 3. -v Print out version information. -x Print out debugging information. server[:port] The hostname or IP address of the remote server. Optionally a UDP port can be specified. If no UDP port is specified, it is looked up in /etc/services. The service name looked for is radacct for accounting packets, and radius for all other requests. If a service is not found in /etc/services, 1813 and 1812 are used respectively. The RADIUS attributes read by radclient can contain the special attribute Packet-Dst-IP-Address. If this attribute exists, then that IP address is where the packet is sent, and the server specified on the command-line is ignored. If the RADIUS attribute list always contains the Packet-Dst-IP- Address attribute, then the server parameter can be given as -. The RADIUS attributes read by radclient can contain the special attribute Packet-Dst-Port. If this attribute exists, then that UDP port is where the packet is sent, and the :port specified on the command-line is ignored. acct | auth | status | disconnect | auto Use auth to send an authentication packet (Access-Request), acct to send an accounting packet (Accounting-Request), status to send an status packet (Status-Server), or disconnect to send a disconnection request. Instead of these values, you can also use a decimal code here. For example, code 12 is also Status-Server. The RADIUS attributes read by radclient can contain the special attribute Packet-Type. If this attribute exists, then that type of packet is sent, and the type specified on the command-line is ignored. If the RADIUS attribute list always contains the Packet-Type attribute, then the type parameter can be given as auto. secret The shared secret for this client. It needs to be defined on the radius server side too, for the IP address you are sending the radius packets from.
EXAMPLE
A sample session that queries the remote server for Status-Server (not all servers support this, but FreeRADIUS has configurable support for it). $ echo "Message-Authenticator = 0x00" | radclient 192.168.1.42 status s3cr3t Sending request to server 192.168.1.42, port 1812. radrecv: Packet from host 192.168.1.42 code=2, id=140, length=54 Reply-Message = "FreeRADIUS up 21 days, 02:05"
SEE ALSO
radiusd(8),
AUTHORS
Miquel van Smoorenburg, miquels@cistron.nl. Alan DeKok <aland@freera- dius.org> 7 April 2005 radclient(1)
Mac OS X 10.6Server - Generated Wed Apr 14 06:05:57 CDT 2010