summaryrefslogtreecommitdiffstats
path: root/man/man1
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-28 09:49:46 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-28 09:49:46 +0000
commit50b37d4a27d3295a29afca2286f1a5a086142cec (patch)
tree9212f763934ee090ef72d823f559f52ce387f268 /man/man1
parentInitial commit. (diff)
downloadfreeradius-50b37d4a27d3295a29afca2286f1a5a086142cec.tar.xz
freeradius-50b37d4a27d3295a29afca2286f1a5a086142cec.zip
Adding upstream version 3.2.1+dfsg.upstream/3.2.1+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--man/man1/dhcpclient.171
-rw-r--r--man/man1/rad_counter.142
-rw-r--r--man/man1/radclient.1195
-rw-r--r--man/man1/radeapclient.1100
-rw-r--r--man/man1/radlast.121
-rw-r--r--man/man1/radtest.181
-rw-r--r--man/man1/radwho.199
-rw-r--r--man/man1/radzap.168
-rw-r--r--man/man1/smbencrypt.122
9 files changed, 699 insertions, 0 deletions
diff --git a/man/man1/dhcpclient.1 b/man/man1/dhcpclient.1
new file mode 100644
index 0000000..d6a538e
--- /dev/null
+++ b/man/man1/dhcpclient.1
@@ -0,0 +1,71 @@
+.TH DHCPCLIENT 1 "19 September 2016" "" "FreeRADIUS Daemon"
+.SH NAME
+dhcpclient - Send a DHCP request with provided RADIUS attributes and get the output response.
+.SH SYNOPSIS
+.B dhcpclient
+.RB [ \-d
+.IR raddb_directory ]
+.RB [ \-D
+.IR dictionary_directory ]
+.RB [ \-f
+.IR file ]
+.RB [ \-h ]
+.RB [ \-i
+.IR interface ]
+.RB [ \-t
+.IR timeout ]
+.RB [ \-v ]
+.RB [ \-x ]
+\fIserver[:port] {discover|request|decline|release|inform|auto}\fP
+.SH DESCRIPTION
+\fBdhcpclient\fP is a DHCP test client program. It can send arbitrary DHCP
+packets to the FreeRADIUS server running as DHCP server, then shows the reply.
+It can be used to test changes you made in the configuration of the radius server,
+or it can be used to monitor if a radius server is up.
+.PP
+\fBdhcpclient\fP reads radius attribute/value pairs from its standard
+input, or from a file specified on the command line. It then encodes
+these attribute/value pairs using the dictionary, and sends them
+to the local/remote server.
+.PP
+
+.SH OPTIONS
+
+.IP \-d\ \fIraddb_directory\fP
+The directory that contains the user dictionary file. Defaults to
+\fI/etc/raddb\fP.
+.IP \-D\ \fIdictionary_directory\fP
+The directory that contains the main dictionary file. Defaults to
+\fI/usr/share/freeradius\fP.
+.IP \-f\ \fIfile[:file]\fP
+File to read the attribute/value pairs from. If this is not specified,
+they are read from stdin. This option can be specified multiple
+times, in which case packets are sent in order by file, and within
+each file, by first packet to last packet. A blank line separates
+logical packets within a file.
+.IP \-h
+Print usage help information.
+.IP \-i\ \fIinterface\fP
+Select which interface to send/receive at packet level on a raw socket.
+.IP \-t\ \fItimeout\fP
+Wait \fItimeout\fP seconds before deciding that the NAS has not
+responded to a request, and re-sending the packet. This may be a floating
+point number, e.g. 2.2.
+.IP \-v
+Print out program version information.
+.IP \-x
+Print out debugging information.
+.IP server[:port]
+The hostname or IP address of the remote server. Optionally a UDP port
+can be specified. If no UDP port is specified, it is looked up in
+\fI/etc/services\fP. The service name looked for is \fBradacct\fP for
+accounting packets, and \fBradius\fP for all other requests. If a
+service is not found in \fI/etc/services\fP, 1813 and 1812 are used
+respectively.
+.IP discover\ |\ request\ |\ decline\ |\ release\ |\ inform\ |\ auto
+DHCP options - use the type relevant for testing
+
+.SH SEE ALSO
+radiusd(8)
+.SH AUTHORS
+Alan DeKok <aland@freeradius.org>
diff --git a/man/man1/rad_counter.1 b/man/man1/rad_counter.1
new file mode 100644
index 0000000..74e7c73
--- /dev/null
+++ b/man/man1/rad_counter.1
@@ -0,0 +1,42 @@
+.TH RAD_COUNTER 1 "19 September 2016" "" "FreeRADIUS Daemon"
+.SH NAME
+rad_counter - Query and maintain FreeRADIUS rlm_counter DB file.
+
+This tool is deprecated
+
+.SH SYNOPSIS
+.B rad_counter
+.RB [ \--file
+.IR counter_filename ]
+.RB [ \--user
+.IR username ]
+.RB [ \--match
+.IR <regex> ]
+.RB [ \--reset
+.IR number]
+.RB [ \--help ]
+.RB [ \-\-hours | \-\-minutes | \-\-seconds ]
+
+.SH DESCRIPTION
+\fBrad_counter\fP is a tool that can query and maintain FreeRADIUS rlm_counter DB files.
+.PP
+
+.SH OPTIONS
+
+.IP \--file=
+Counter DB filename.
+.IP \--user=\ \fIusername\fP
+Information for specific user.
+.IP \--match=\ \fI<regex>\fP
+Information for matching users.
+.IP \--reset=\ \fInumber\fP
+Reset counter to <number>. If divisor is set use it, else <number> means seconds.
+.IP \--help
+Show the help screen.
+.IP \--(hours\ |\ minutes\ |\ seconds)
+Specify information divisor.
+
+.SH SEE ALSO
+radiusd(8)
+.SH AUTHORS
+Alan DeKok <aland@freeradius.org>
diff --git a/man/man1/radclient.1 b/man/man1/radclient.1
new file mode 100644
index 0000000..229dcae
--- /dev/null
+++ b/man/man1/radclient.1
@@ -0,0 +1,195 @@
+.TH RADCLIENT 1 "22 March 2019" "" "FreeRADIUS Daemon"
+.SH NAME
+radclient - send packets to a RADIUS server, show reply
+.SH SYNOPSIS
+.B radclient
+.RB [ \-4 ]
+.RB [ \-6 ]
+.RB [ \-c
+.IR count ]
+.RB [ \-d
+.IR raddb_directory ]
+.RB [ \-D
+.IR dictionary_directory ]
+.RB [ \-f
+.IR file ]
+.RB [ \-F ]
+.RB [ \-h ]
+.RB [ \-i
+.IR id ]
+.RB [ \-n
+.IR num_requests_per_second ]
+.RB [ \-p
+.IR num_requests_in_parallel ]
+.RB [ \-q ]
+.RB [ \-r
+.IR num_retries ]
+.RB [ \-s ]
+.RB [ \-S
+.IR shared_secret_file ]
+.RB [ \-t
+.IR timeout ]
+.RB [ \-v ]
+.RB [ \-x ]
+\fIserver {acct|auth|status|coa|disconnect|auto} secret\fP
+.SH DESCRIPTION
+\fBradclient\fP is a radius client program. It can send arbitrary radius
+packets to a radius server, then shows the reply. It can be used to
+test changes you made in the configuration of the radius server,
+or it can be used to monitor if a radius server is up.
+.PP
+\fBradclient\fP reads radius attribute/value pairs from it standard
+input, or from a file specified on the command line. It then encodes
+these attribute/value pairs using the dictionary, and sends them
+to the remote server.
+.PP
+The \fIUser-Password\fP and \fICHAP-Password\fP attributes are
+automatically encrypted before the packet is sent to the server.
+
+.SH OPTIONS
+
+.IP \-4
+Use IPv4 (default)
+.IP \-6
+Use IPv6
+.IP \-c\ \fIcount\fP
+Send each packet \fIcount\fP times.
+.IP \-d\ \fIraddb_directory\fP
+The directory that contains the user dictionary file. Defaults to
+\fI/etc/raddb\fP.
+.IP \-D\ \fIdictionary_directory\fP
+The directory that contains the main dictionary file. Defaults to
+\fI/usr/share/freeradius\fP.
+.IP \-f\ \fIfile[:file]\fP
+File to read the attribute/value pairs from. If this is not specified,
+they are read from stdin. This option can be specified multiple
+times, in which case packets are sent in order by file, and within
+each file, by first packet to last packet. A blank line separates
+logical packets within a file. If a pair of files separated by a
+colon is specified, the second file will be used to filter the
+responses to requests from the first. The number of requests and
+filters must be the same. A summary of filter results will be displayed
+if \-s is passed.
+.IP \-F
+Print the file name, packet number and reply code.
+.IP \-h
+Print usage help information.
+.IP \-i\ \fIid\fP
+Use \fIid\fP as the RADIUS request Id.
+.IP \-n\ \fInum_requests_per_second\fP
+Try to send \fInum_requests_per_second\fP, evenly spaced. This option
+allows you to slow down the rate at which radclient sends requests.
+When not using \-n, the default is to send packets as quickly as
+possible, with no inter-packet delays.
+
+Due to limitations in radclient, this option does not accurately send
+the requested number of packets per second.
+.IP \-p\ \fInum_requests_in_parallel\fP
+Send \fInum_requests_in_parallel\fP, without waiting for a response
+for each one. By default, radclient sends the first request it has
+read, waits for the response, and once the response is received, sends
+the second request in its list. This option allows you to send many
+requests at simultaneously. Once \fInum_requests_in_parallel\fP are
+sent, radclient waits for all of the responses to arrive (or for the
+requests to time out), before sending any more packets.
+
+This option permits you to discover the maximum load accepted by a
+RADIUS server.
+.IP "\-P\ \fIproto\fP"
+Use \fIproto\fP transport protocol ("tcp" or "udp").
+Only available if FreeRADIUS is compiled with TCP transport support.
+.IP \-q
+Go to quiet mode, and do not print out anything.
+.IP \-r\ \fInum_retries\fP
+Try to send each packet \fInum_retries\fP times, before giving up on
+it. The default is 10.
+.IP \-s
+Print out some summaries of packets sent and received.
+.IP \-S\ \fIshared_secret_file\fP
+Rather than reading the shared secret from the command-line (where it
+can be seen by others on the local system), read it instead from
+\fIshared_secret_file\fP.
+.IP \-t\ \fItimeout\fP
+Wait \fItimeout\fP seconds before deciding that the NAS has not
+responded to a request, and re-sending the packet. The default
+timeout is 3.
+.IP \-v
+Print out version information.
+.IP \-x
+Print out debugging information.
+.IP server[:port]
+The hostname or IP address of the remote server. Optionally a UDP port
+can be specified. If no UDP port is specified, it is looked up in
+\fI/etc/services\fP. The service name looked for is \fBradacct\fP for
+accounting packets, and \fBradius\fP for all other requests. If a
+service is not found in \fI/etc/services\fP, 1813 and 1812 are used
+respectively. For coa and disconnect packets, port 3799 is used.
+
+If a host name is specified, then radclient will do a DNS lookup, and
+use the A record to find the IP address of the RADIUS server. If
+there is no A record, then radclient will look for an AAAA record. If
+there is no AAAA record, an error will be produced.
+
+IPv6 addresses may be specified by surrounding it in square brackets.
+For example, [2002:c000:0201:0:0:0:0:0], or with a port,
+[2002:c000:0201:0:0:0:0:0]:18120.
+
+The RADIUS attributes read by \fIradclient\fP can contain the special
+attribute \fBPacket-Dst-IP-Address\fP. If this attribute exists, then
+that IP address is where the packet is sent, and the \fBserver\fP
+specified on the command-line is ignored.
+
+If the RADIUS attribute list always contains the
+\fBPacket-Dst-IP-Address\fP attribute, then the \fBserver\fP parameter
+can be given as \fB-\fP.
+
+The RADIUS attributes read by \fIradclient\fP can contain the special
+attribute \fBPacket-Dst-Port\fP. If this attribute exists, then that
+UDP port is where the packet is sent, and the \fB:port\fP specified
+on the command-line is ignored.
+
+.IP acct\ |\ auth\ |\ status\ |\ coa\ |\ disconnect\ |\ auto
+Use \fBauth\fP to send an authentication packet (Access-Request),
+\fBacct\fP to send an accounting packet (Accounting-Request),
+\fBstatus\fP to send a status packet (Status-Server), or
+\fBcoa\fP to send a CoA-Request, or
+\fBdisconnect\fP to send a disconnection request. Instead of these
+values, you can also use a decimal code here. For example, code 12 is
+also \fBStatus-Server\fP.
+
+The RADIUS attributes read by \fIradclient\fP can contain the special
+attribute \fBPacket-Type\fP. If this attribute exists, then that type
+of packet is sent, and the \fItype\fP specified on the command-line
+is ignored.
+
+If the RADIUS attribute list always contains the
+\fBPacket-Type\fP attribute, then the \fBtype\fP parameter can be
+given as \fBauto\fP.
+
+.IP secret
+The shared secret for this client. It needs to be defined on the
+radius server side too, for the IP address you are sending the radius
+packets from.
+
+.SH EXAMPLE
+
+A sample session that queries the remote server for
+\fIStatus-Server\fP (not all servers support this, but FreeRADIUS has
+configurable support for it).
+.RS
+.sp
+.nf
+.ne 3
+$ echo "Message-Authenticator = 0x00" | radclient 192.0.2.42 status s3cr3t
+Sending request to server 192.0.2.42, port 1812.
+radrecv: Packet from host 192.0.2.42 code=2, id=140, length=54
+ Reply-Message = "FreeRADIUS up 21 days, 02:05"
+.fi
+.sp
+.RE
+
+.SH SEE ALSO
+radiusd(8),
+.SH AUTHORS
+Miquel van Smoorenburg, miquels@cistron.nl.
+Alan DeKok <aland@freeradius.org>
diff --git a/man/man1/radeapclient.1 b/man/man1/radeapclient.1
new file mode 100644
index 0000000..687ef61
--- /dev/null
+++ b/man/man1/radeapclient.1
@@ -0,0 +1,100 @@
+.TH RADEAPCLIENT 1 "08 September 2003" "" "FreeRADIUS Daemon"
+.SH NAME
+radeapclient - send EAP packets to a RADIUS server, calculate responses
+.SH SYNOPSIS
+.B radeapclient
+.RB [ \-4 ]
+.RB [ \-6 ]
+.RB [ \-c
+.IR count ]
+.RB [ \-d
+.IR raddb_directory ]
+.RB [ \-f
+.IR file ]
+.RB [ \-h ]
+.RB [ \-i
+.IR source_ip ]
+.RB [ \-q ]
+.RB [ \-s ]
+.RB [ \-r
+.IR retries ]
+.RB [ \-S
+.IR file ]
+.RB [ \-t
+.IR timeout ]
+.RB [ \-v ]
+.RB [ \-x ]
+\fIserver {acct|auth} secret\fP
+.SH DESCRIPTION
+\fBradeapclient\fP is a radius client program. It can send arbitrary radius
+packets to a radius server, then shows the reply. Radeapclient differs from
+radclient in that if there is an EAP-MD5 challenge, then it will be responded
+to.
+.PP
+\fBradeapclient\fP is otherwise identical to \fBradclient\fP.
+.PP
+The \fIEAP-Identity\fP attribute, if present is used to construct an
+EAP Identity message.
+.PP
+.PP
+The \fIEAP-MD5-Password\fP attribute, if present is used to respond to an
+MD5 challenge.
+.PP
+No other EAP types are currently supported.
+
+.SH OPTIONS
+.IP \-4
+Use IPv4 (default)
+.IP \-6
+Use IPv6
+.IP \-c\ \fIcount\fP
+Send each packet \fIcount\fP times.
+.IP \-d\ \fIraddb\fP
+Set dictionary directory.
+.IP \-f\ \fIfile\fP
+Read packets from \fIfile\fP, not stdin.
+.IP \-r\ \fIretries\fP
+If timeout, retry sending the packet \fIretries\fP times.
+.IP \-t\ \fItimeout\fP
+Wait \fItimeout\fP seconds before retrying (may be a floating point number).
+.IP \-h
+Print usage help information.
+.IP \-i\ \fIid\fP
+Set request id to '\fIid\fP'. Values may be 0..255
+.IP \-S\ \fIfile\fP
+Read secret from \fIfile\fP, not command line.
+.IP \-q
+Quiet, do not print anything out.
+.IP \-s
+Print out summary information of auth results.
+.IP \-v
+Show program version information.
+.IP \-x
+Enable debugging mode.
+
+.SH EXAMPLE
+
+A sample session that queries the remote server with an EAP-MD5
+challenge.
+.RS
+.sp
+.nf
+.ne 3
+( echo 'User-Name = "bob"';
+ echo 'EAP-MD5-Password = "hello"';
+ echo 'NAS-IP-Address = marajade.sandelman.ottawa.on.c';
+ echo 'EAP-Code = Response';
+ echo 'EAP-Id = 210';
+ echo 'EAP-Type-Identity = "bob";
+ echo 'Message-Authenticator = 0x00';
+ echo 'NAS-Port = 0' ) >req.txt
+
+radeapclient -x localhost auth testing123 <req.txt
+.fi
+.sp
+.RE
+
+.SH SEE ALSO
+radclient(1)
+.SH AUTHOR
+Michael Richardson, <mcr@sandelman.ottawa.on.ca>
diff --git a/man/man1/radlast.1 b/man/man1/radlast.1
new file mode 100644
index 0000000..ff48f22
--- /dev/null
+++ b/man/man1/radlast.1
@@ -0,0 +1,21 @@
+.TH RADLAST 1 "22 February 2001" "" "FreeRADIUS Daemon"
+.SH NAME
+radlast - show "last" info from the radwtmp file
+.SH SYNOPSIS
+.B radlast
+.IR [ options ]
+.SH DESCRIPTION
+The FreeRADIUS server can write an accounting log in the
+\fIwtmp\fP format of the local system. \fBradlast\fP is a frontend
+for the systems \fBlast\fP command - it just calls \fBlast\fP
+with the \fI-f path_to_radwtmp_file\fP argument, and passes all
+options on the command line to the system \fBlast\fP command.
+.SH OPTIONS
+See the manpage of the system \fBlast\fP command.
+.SH SEE ALSO
+radiusd(8),
+radiusd.conf(5),
+wtmp(5),
+last(1).
+.SH AUTHOR
+Miquel van Smoorenburg, miquels@cistron.nl.
diff --git a/man/man1/radtest.1 b/man/man1/radtest.1
new file mode 100644
index 0000000..2bf8997
--- /dev/null
+++ b/man/man1/radtest.1
@@ -0,0 +1,81 @@
+.TH RADTEST 1 "5 April 2010" "" "FreeRADIUS Daemon"
+.SH NAME
+radtest - send packets to a RADIUS server, show reply
+.SH SYNOPSIS
+.B radtest
+.RB [ \-d
+.IR raddb_directory ]
+.RB [ \-P
+.IR tcp/udp ]
+.RB [ \-t
+.IR pap/chap/mschap/eap-md5 ]
+.RB [ \-x
+.IR ]
+.RB [ \-4
+.IR ]
+.RB [ \-6
+.IR ]
+.I user password radius-server nas-port-number secret
+.RB [ ppphint ]
+.RB [ nasname ]
+.SH DESCRIPTION
+\fBradtest\fP is a frontend to \fBradclient\fP(1). It generates a
+list of attribute/value pairs based on the command line arguments,
+and feeds these into \fBradclient\fP. It's a fast and convenient
+way to test a radius server.
+
+.SH OPTIONS
+
+.IP "\-d \fIraddb_directory\fP"
+The directory that contains the RADIUS dictionary files. Defaults to
+\fI/etc/raddb\fP.
+
+.IP "\-P\ \fIproto\fP"
+Use \fIproto\fP transport protocol ("tcp" or "udp").
+Only available if FreeRADIUS is compiled with TCP transport support.
+
+.IP "\-t \fIpap/chap/mschap/eap-md5\fP"
+Choose the authentication method to use. e.g. "-t pap", "-t chap", "-t
+mschap", or "-t eap-md5",. Defaults to "pap". Using EAP-MD5 requires
+that the "radeapclient" program is installed.
+
+.IP "\-x"
+Enables debugging output for the RADIUS client.
+
+.IP "\-4"
+Use NAS-IP-Address for the NAS address (default)
+
+.IP "\-6"
+Use NAS-IPv6-Address for the NAS address (default)
+
+.IP user
+Username to send.
+
+.IP password
+Password of the user.
+
+.IP radius-server
+Hostname or IP address of the radius server. Optionally, you may specify a
+port by appending :port
+
+.IP nas-port-number
+The value of the NAS-Port attribute. Is an integer between 0 and 2^31,
+and it really doesn't matter what you put here. \fI10\fP will do fine.
+
+.IP secret
+The shared secret for this client.
+
+.IP ppphint
+If you put an integer > 0 here, radtest (or actually radclient) will
+add the attribute \fIFramed-Protocol = PPP\fP to the request packet.
+
+.IP nasname
+If present, this will be resolved to an IP address and added to
+the request packet as the \fINAS-IP-Address\fP attribute. If you
+don't specify it, the local hostname of the system will be used.
+
+.SH SEE ALSO
+radiusd(8),
+radclient(1).
+.SH AUTHOR
+Miquel van Smoorenburg, miquels@cistron.nl.
diff --git a/man/man1/radwho.1 b/man/man1/radwho.1
new file mode 100644
index 0000000..c131255
--- /dev/null
+++ b/man/man1/radwho.1
@@ -0,0 +1,99 @@
+.TH RADWHO 1 "17 Feb 2013" "" "FreeRADIUS Daemon"
+.SH NAME
+radwho - show online users
+.SH SYNOPSIS
+.B radwho
+.RB [ \-c ]
+.RB [ \-d
+.IR raddb_directory ]
+.RB [ \-F
+.IR radutmp_file ]
+.RB [ \-i ]
+.RB [ \-n ]
+.RB [ \-N
+.IR nas_ip_address ]
+.RB [ \-p ]
+.RB [ \-P
+.IR nas_port ]
+.RB [ \-r ]
+.RB [ \-R ]
+.RB [ \-s ]
+.RB [ \-S ]
+.RB [ \-u
+.IR user ]
+.RB [ \-U
+.IR user ]
+.RB [ \-Z ]
+.SH DESCRIPTION
+The FreeRADIUS server can be configured to maintain an active session
+database in a file called \fIradutmp\fP. This utility shows the
+content of that session database.
+.SH OPTIONS
+.IP \-c
+Shows caller ID (if available) instead of the full name.
+.IP \-d\ \fIraddb_directory\fP
+The directory that contains the RADIUS configuration files. Defaults to
+\fI/etc/raddb\fP.
+.IP \-F\ \fIradutmp_file\fP
+The file that contains the radutmp file. If this is specified, \-d is
+not necessary.
+.IP \-i
+Shows the session ID instead of the full name.
+.IP \-n
+Normally radwho looks up the username in the systems password file,
+and shows the full username as well. The \fB-n\fP flags prevents this.
+.IP \-N\ \fInas_ip_address\fP
+Show only those entries which match the given NAS IP address.
+.IP \-p
+Adds an extra column for the port type - I for ISDN, A for Analog.
+.IP \-P\ \fInas_port\fP
+Show only those entries which match the given NAS port.
+.IP \-r
+Outputs all data in \fIraw\fP format - no headers, no formatting,
+fields are comma-separated.
+.IP \-R
+Output all data in RADIUS attribute format. All fields are printed.
+.IP \-s
+Show full name.
+.IP \-S
+Hide shell users. Doesn't show the entries for users that do not
+have a SLIP or PPP session.
+.IP \-u\ \fIuser\fP
+Show only those entries which match the given username (case insensitive).
+.IP \-U\ \fIuser\fP
+Show only those entries which match the given username (case sensitive).
+.IP \-Z
+When combined with \fI-R\fP, prints out the contents of an
+Accounting-Request packet which can be passed to \fIradclient\fP, in
+order to "zap" that users session from \fIradutmp\fP.
+.PP
+For example,
+.RS
+.sp
+.nf
+.ne 3
+$ radwho -ZRN 10.0.0.1 | radclient -f - radius.example.net acct testing123
+.fi
+.sp
+.RE
+will result in all an Accounting-Request packet being sent to the
+RADIUS server, which tells the server that the NAS rebooted. i.e. It
+"zaps" all of the users on that NAS.
+
+To "zap" one user, specify NAS, username, and NAS port:
+.RS
+.sp
+.nf
+.ne 3
+$ radwho -ZRN 10.0.0.1 -u user -P 10 | radclient -f - radius.example.net acct testing123
+.fi
+.sp
+.RE
+Other combinations are also possible.
+
+.SH SEE ALSO
+radiusd(8),
+radclient(1),
+radiusd.conf(5).
+.SH AUTHOR
+Miquel van Smoorenburg, miquels@cistron.nl.
diff --git a/man/man1/radzap.1 b/man/man1/radzap.1
new file mode 100644
index 0000000..03b9a43
--- /dev/null
+++ b/man/man1/radzap.1
@@ -0,0 +1,68 @@
+.TH RADZAP 1 "8 April 2005" "" "FreeRADIUS Daemon"
+.SH NAME
+radzap - remove rogue entries from the active sessions database
+.SH SYNOPSIS
+.B radzap
+.RB [ \-d
+.IR raddb_directory ]
+.RB [ \-h ]
+.RB [ \-N
+.IR nas_ip_address ]
+.RB [ \-P
+.IR nas_port ]
+.RB [ \-u
+.IR user ]
+.RB [ \-U
+.IR user ]
+.RB [ \-x ]
+\fIserver[:port] secret\fP
+.SH DESCRIPTION
+The FreeRADIUS server can be configured to maintain an active session
+database in a file called \fIradutmp\fP. Commands like \fBradwho\fP(1)
+use this database. Sometimes that database can get out of sync, and
+then it might contain rogue entries. \fBradzap\fP can clean up this
+database.
+
+As of FreeRADIUS 1.1.0, \fBradzap\fP is a simple shell-script wrapper
+around \fBradwho\fP(1) and \fBradclient\fP(1).
+
+The sessions are "zapped" by sending an Accounting-Request packet
+which contains the information necessary for the server to delete the
+session record. \fBradzap\fP sends a packet to the server, rather
+than writing to \fIradutmp\fP directly, because session records may
+also be maintained in SQL.
+.SH OPTIONS
+.IP \-d\ \fIraddb_directory\fP
+The directory that contains the RADIUS configuration files.
+\fBradzap\fP reads \fIradiusd.conf\fP to determine the location of the
+\fIradutmp\fP file.
+.IP \-h
+Print usage help information.
+.IP \-N\ \fInas_ip_address\fP
+Zap the entries which match the given NAS IP address.
+.IP \-P\ \fInas_port\fP
+Zap the entries which match the given NAS port.
+.IP \-u\ \fIuser\fP
+Zap the entries which match the given username (case insensitive).
+.IP \-U\ \fIuser\fP
+Zap the entries which match the given username (case sensitive).
+.IP \-x
+Enable debugging output.
+.IP server[:port]
+The hostname or IP address of the remote server. Optionally a UDP port
+can be specified. If no UDP port is specified, it is looked up in
+\fI/etc/services\fP. The service name looked for is \fBradacct\fP for
+accounting packets, and \fBradius\fP for all other requests. If a
+service is not found in \fI/etc/services\fP, 1813 and 1812 are used
+respectively.
+.IP secret
+The shared secret for this client. It needs to be defined on the
+radius server side too, for the IP address you are sending the radius
+packets from.
+.SH SEE ALSO
+radwho(1),
+radclient(1),
+radiusd(8),
+radiusd.conf(5).
+.SH AUTHOR
+Alan DeKok <aland@ox.org>
diff --git a/man/man1/smbencrypt.1 b/man/man1/smbencrypt.1
new file mode 100644
index 0000000..19e4d0e
--- /dev/null
+++ b/man/man1/smbencrypt.1
@@ -0,0 +1,22 @@
+.TH SMBENCRYPT 1
+.SH NAME
+smbencrypt - produce LM & NT password hashes from cleartext passwords
+.SH SYNOPSIS
+.B smbencrypt \fIpassword\fP [\fIpassword ...\fP]
+
+.SH DESCRIPTION
+\fBsmbencrypt\fP For each cleartext password passed on the command line
+emit the LM-Password and NT-Password hashes for that password.
+
+.SH EXAMPLE
+.nf
+$ smbencrypt foo bar
+LM Hash NT Hash
+-------------------------------- --------------------------------
+5BFAFBEBFB6A0942AAD3B435B51404EE AC8E657F83DF82BEEA5D43BDAF7800CC
+A6428F2551EDEE1BAAD3B435B51404EE 86C156FC198B358CCCF6278D8BD49B6A
+.fi
+
+.SH SEE ALSO
+radiusd(8)
+.SH AUTHORS