diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 09:49:46 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 09:49:46 +0000 |
commit | 50b37d4a27d3295a29afca2286f1a5a086142cec (patch) | |
tree | 9212f763934ee090ef72d823f559f52ce387f268 /man/man1 | |
parent | Initial commit. (diff) | |
download | freeradius-50b37d4a27d3295a29afca2286f1a5a086142cec.tar.xz freeradius-50b37d4a27d3295a29afca2286f1a5a086142cec.zip |
Adding upstream version 3.2.1+dfsg.upstream/3.2.1+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | man/man1/dhcpclient.1 | 71 | ||||
-rw-r--r-- | man/man1/rad_counter.1 | 42 | ||||
-rw-r--r-- | man/man1/radclient.1 | 195 | ||||
-rw-r--r-- | man/man1/radeapclient.1 | 100 | ||||
-rw-r--r-- | man/man1/radlast.1 | 21 | ||||
-rw-r--r-- | man/man1/radtest.1 | 81 | ||||
-rw-r--r-- | man/man1/radwho.1 | 99 | ||||
-rw-r--r-- | man/man1/radzap.1 | 68 | ||||
-rw-r--r-- | man/man1/smbencrypt.1 | 22 |
9 files changed, 699 insertions, 0 deletions
diff --git a/man/man1/dhcpclient.1 b/man/man1/dhcpclient.1 new file mode 100644 index 0000000..d6a538e --- /dev/null +++ b/man/man1/dhcpclient.1 @@ -0,0 +1,71 @@ +.TH DHCPCLIENT 1 "19 September 2016" "" "FreeRADIUS Daemon" +.SH NAME +dhcpclient - Send a DHCP request with provided RADIUS attributes and get the output response. +.SH SYNOPSIS +.B dhcpclient +.RB [ \-d +.IR raddb_directory ] +.RB [ \-D +.IR dictionary_directory ] +.RB [ \-f +.IR file ] +.RB [ \-h ] +.RB [ \-i +.IR interface ] +.RB [ \-t +.IR timeout ] +.RB [ \-v ] +.RB [ \-x ] +\fIserver[:port] {discover|request|decline|release|inform|auto}\fP +.SH DESCRIPTION +\fBdhcpclient\fP is a DHCP test client program. It can send arbitrary DHCP +packets to the FreeRADIUS server running as DHCP server, then shows the reply. +It can be used to test changes you made in the configuration of the radius server, +or it can be used to monitor if a radius server is up. +.PP +\fBdhcpclient\fP reads radius attribute/value pairs from its standard +input, or from a file specified on the command line. It then encodes +these attribute/value pairs using the dictionary, and sends them +to the local/remote server. +.PP + +.SH OPTIONS + +.IP \-d\ \fIraddb_directory\fP +The directory that contains the user dictionary file. Defaults to +\fI/etc/raddb\fP. +.IP \-D\ \fIdictionary_directory\fP +The directory that contains the main dictionary file. Defaults to +\fI/usr/share/freeradius\fP. +.IP \-f\ \fIfile[:file]\fP +File to read the attribute/value pairs from. If this is not specified, +they are read from stdin. This option can be specified multiple +times, in which case packets are sent in order by file, and within +each file, by first packet to last packet. A blank line separates +logical packets within a file. +.IP \-h +Print usage help information. +.IP \-i\ \fIinterface\fP +Select which interface to send/receive at packet level on a raw socket. +.IP \-t\ \fItimeout\fP +Wait \fItimeout\fP seconds before deciding that the NAS has not +responded to a request, and re-sending the packet. This may be a floating +point number, e.g. 2.2. +.IP \-v +Print out program version information. +.IP \-x +Print out debugging information. +.IP server[:port] +The hostname or IP address of the remote server. Optionally a UDP port +can be specified. If no UDP port is specified, it is looked up in +\fI/etc/services\fP. The service name looked for is \fBradacct\fP for +accounting packets, and \fBradius\fP for all other requests. If a +service is not found in \fI/etc/services\fP, 1813 and 1812 are used +respectively. +.IP discover\ |\ request\ |\ decline\ |\ release\ |\ inform\ |\ auto +DHCP options - use the type relevant for testing + +.SH SEE ALSO +radiusd(8) +.SH AUTHORS +Alan DeKok <aland@freeradius.org> diff --git a/man/man1/rad_counter.1 b/man/man1/rad_counter.1 new file mode 100644 index 0000000..74e7c73 --- /dev/null +++ b/man/man1/rad_counter.1 @@ -0,0 +1,42 @@ +.TH RAD_COUNTER 1 "19 September 2016" "" "FreeRADIUS Daemon" +.SH NAME +rad_counter - Query and maintain FreeRADIUS rlm_counter DB file. + +This tool is deprecated + +.SH SYNOPSIS +.B rad_counter +.RB [ \--file +.IR counter_filename ] +.RB [ \--user +.IR username ] +.RB [ \--match +.IR <regex> ] +.RB [ \--reset +.IR number] +.RB [ \--help ] +.RB [ \-\-hours | \-\-minutes | \-\-seconds ] + +.SH DESCRIPTION +\fBrad_counter\fP is a tool that can query and maintain FreeRADIUS rlm_counter DB files. +.PP + +.SH OPTIONS + +.IP \--file= +Counter DB filename. +.IP \--user=\ \fIusername\fP +Information for specific user. +.IP \--match=\ \fI<regex>\fP +Information for matching users. +.IP \--reset=\ \fInumber\fP +Reset counter to <number>. If divisor is set use it, else <number> means seconds. +.IP \--help +Show the help screen. +.IP \--(hours\ |\ minutes\ |\ seconds) +Specify information divisor. + +.SH SEE ALSO +radiusd(8) +.SH AUTHORS +Alan DeKok <aland@freeradius.org> diff --git a/man/man1/radclient.1 b/man/man1/radclient.1 new file mode 100644 index 0000000..229dcae --- /dev/null +++ b/man/man1/radclient.1 @@ -0,0 +1,195 @@ +.TH RADCLIENT 1 "22 March 2019" "" "FreeRADIUS Daemon" +.SH NAME +radclient - send packets to a RADIUS server, show reply +.SH SYNOPSIS +.B radclient +.RB [ \-4 ] +.RB [ \-6 ] +.RB [ \-c +.IR count ] +.RB [ \-d +.IR raddb_directory ] +.RB [ \-D +.IR dictionary_directory ] +.RB [ \-f +.IR file ] +.RB [ \-F ] +.RB [ \-h ] +.RB [ \-i +.IR id ] +.RB [ \-n +.IR num_requests_per_second ] +.RB [ \-p +.IR num_requests_in_parallel ] +.RB [ \-q ] +.RB [ \-r +.IR num_retries ] +.RB [ \-s ] +.RB [ \-S +.IR shared_secret_file ] +.RB [ \-t +.IR timeout ] +.RB [ \-v ] +.RB [ \-x ] +\fIserver {acct|auth|status|coa|disconnect|auto} secret\fP +.SH DESCRIPTION +\fBradclient\fP is a radius client program. It can send arbitrary radius +packets to a radius server, then shows the reply. It can be used to +test changes you made in the configuration of the radius server, +or it can be used to monitor if a radius server is up. +.PP +\fBradclient\fP reads radius attribute/value pairs from it standard +input, or from a file specified on the command line. It then encodes +these attribute/value pairs using the dictionary, and sends them +to the remote server. +.PP +The \fIUser-Password\fP and \fICHAP-Password\fP attributes are +automatically encrypted before the packet is sent to the server. + +.SH OPTIONS + +.IP \-4 +Use IPv4 (default) +.IP \-6 +Use IPv6 +.IP \-c\ \fIcount\fP +Send each packet \fIcount\fP times. +.IP \-d\ \fIraddb_directory\fP +The directory that contains the user dictionary file. Defaults to +\fI/etc/raddb\fP. +.IP \-D\ \fIdictionary_directory\fP +The directory that contains the main dictionary file. Defaults to +\fI/usr/share/freeradius\fP. +.IP \-f\ \fIfile[:file]\fP +File to read the attribute/value pairs from. If this is not specified, +they are read from stdin. This option can be specified multiple +times, in which case packets are sent in order by file, and within +each file, by first packet to last packet. A blank line separates +logical packets within a file. If a pair of files separated by a +colon is specified, the second file will be used to filter the +responses to requests from the first. The number of requests and +filters must be the same. A summary of filter results will be displayed +if \-s is passed. +.IP \-F +Print the file name, packet number and reply code. +.IP \-h +Print usage help information. +.IP \-i\ \fIid\fP +Use \fIid\fP as the RADIUS request Id. +.IP \-n\ \fInum_requests_per_second\fP +Try to send \fInum_requests_per_second\fP, evenly spaced. This option +allows you to slow down the rate at which radclient sends requests. +When not using \-n, the default is to send packets as quickly as +possible, with no inter-packet delays. + +Due to limitations in radclient, this option does not accurately send +the requested number of packets per second. +.IP \-p\ \fInum_requests_in_parallel\fP +Send \fInum_requests_in_parallel\fP, without waiting for a response +for each one. By default, radclient sends the first request it has +read, waits for the response, and once the response is received, sends +the second request in its list. This option allows you to send many +requests at simultaneously. Once \fInum_requests_in_parallel\fP are +sent, radclient waits for all of the responses to arrive (or for the +requests to time out), before sending any more packets. + +This option permits you to discover the maximum load accepted by a +RADIUS server. +.IP "\-P\ \fIproto\fP" +Use \fIproto\fP transport protocol ("tcp" or "udp"). +Only available if FreeRADIUS is compiled with TCP transport support. +.IP \-q +Go to quiet mode, and do not print out anything. +.IP \-r\ \fInum_retries\fP +Try to send each packet \fInum_retries\fP times, before giving up on +it. The default is 10. +.IP \-s +Print out some summaries of packets sent and received. +.IP \-S\ \fIshared_secret_file\fP +Rather than reading the shared secret from the command-line (where it +can be seen by others on the local system), read it instead from +\fIshared_secret_file\fP. +.IP \-t\ \fItimeout\fP +Wait \fItimeout\fP seconds before deciding that the NAS has not +responded to a request, and re-sending the packet. The default +timeout is 3. +.IP \-v +Print out version information. +.IP \-x +Print out debugging information. +.IP server[:port] +The hostname or IP address of the remote server. Optionally a UDP port +can be specified. If no UDP port is specified, it is looked up in +\fI/etc/services\fP. The service name looked for is \fBradacct\fP for +accounting packets, and \fBradius\fP for all other requests. If a +service is not found in \fI/etc/services\fP, 1813 and 1812 are used +respectively. For coa and disconnect packets, port 3799 is used. + +If a host name is specified, then radclient will do a DNS lookup, and +use the A record to find the IP address of the RADIUS server. If +there is no A record, then radclient will look for an AAAA record. If +there is no AAAA record, an error will be produced. + +IPv6 addresses may be specified by surrounding it in square brackets. +For example, [2002:c000:0201:0:0:0:0:0], or with a port, +[2002:c000:0201:0:0:0:0:0]:18120. + +The RADIUS attributes read by \fIradclient\fP can contain the special +attribute \fBPacket-Dst-IP-Address\fP. If this attribute exists, then +that IP address is where the packet is sent, and the \fBserver\fP +specified on the command-line is ignored. + +If the RADIUS attribute list always contains the +\fBPacket-Dst-IP-Address\fP attribute, then the \fBserver\fP parameter +can be given as \fB-\fP. + +The RADIUS attributes read by \fIradclient\fP can contain the special +attribute \fBPacket-Dst-Port\fP. If this attribute exists, then that +UDP port is where the packet is sent, and the \fB:port\fP specified +on the command-line is ignored. + +.IP acct\ |\ auth\ |\ status\ |\ coa\ |\ disconnect\ |\ auto +Use \fBauth\fP to send an authentication packet (Access-Request), +\fBacct\fP to send an accounting packet (Accounting-Request), +\fBstatus\fP to send a status packet (Status-Server), or +\fBcoa\fP to send a CoA-Request, or +\fBdisconnect\fP to send a disconnection request. Instead of these +values, you can also use a decimal code here. For example, code 12 is +also \fBStatus-Server\fP. + +The RADIUS attributes read by \fIradclient\fP can contain the special +attribute \fBPacket-Type\fP. If this attribute exists, then that type +of packet is sent, and the \fItype\fP specified on the command-line +is ignored. + +If the RADIUS attribute list always contains the +\fBPacket-Type\fP attribute, then the \fBtype\fP parameter can be +given as \fBauto\fP. + +.IP secret +The shared secret for this client. It needs to be defined on the +radius server side too, for the IP address you are sending the radius +packets from. + +.SH EXAMPLE + +A sample session that queries the remote server for +\fIStatus-Server\fP (not all servers support this, but FreeRADIUS has +configurable support for it). +.RS +.sp +.nf +.ne 3 +$ echo "Message-Authenticator = 0x00" | radclient 192.0.2.42 status s3cr3t +Sending request to server 192.0.2.42, port 1812. +radrecv: Packet from host 192.0.2.42 code=2, id=140, length=54 + Reply-Message = "FreeRADIUS up 21 days, 02:05" +.fi +.sp +.RE + +.SH SEE ALSO +radiusd(8), +.SH AUTHORS +Miquel van Smoorenburg, miquels@cistron.nl. +Alan DeKok <aland@freeradius.org> diff --git a/man/man1/radeapclient.1 b/man/man1/radeapclient.1 new file mode 100644 index 0000000..687ef61 --- /dev/null +++ b/man/man1/radeapclient.1 @@ -0,0 +1,100 @@ +.TH RADEAPCLIENT 1 "08 September 2003" "" "FreeRADIUS Daemon" +.SH NAME +radeapclient - send EAP packets to a RADIUS server, calculate responses +.SH SYNOPSIS +.B radeapclient +.RB [ \-4 ] +.RB [ \-6 ] +.RB [ \-c +.IR count ] +.RB [ \-d +.IR raddb_directory ] +.RB [ \-f +.IR file ] +.RB [ \-h ] +.RB [ \-i +.IR source_ip ] +.RB [ \-q ] +.RB [ \-s ] +.RB [ \-r +.IR retries ] +.RB [ \-S +.IR file ] +.RB [ \-t +.IR timeout ] +.RB [ \-v ] +.RB [ \-x ] +\fIserver {acct|auth} secret\fP +.SH DESCRIPTION +\fBradeapclient\fP is a radius client program. It can send arbitrary radius +packets to a radius server, then shows the reply. Radeapclient differs from +radclient in that if there is an EAP-MD5 challenge, then it will be responded +to. +.PP +\fBradeapclient\fP is otherwise identical to \fBradclient\fP. +.PP +The \fIEAP-Identity\fP attribute, if present is used to construct an +EAP Identity message. +.PP +.PP +The \fIEAP-MD5-Password\fP attribute, if present is used to respond to an +MD5 challenge. +.PP +No other EAP types are currently supported. + +.SH OPTIONS +.IP \-4 +Use IPv4 (default) +.IP \-6 +Use IPv6 +.IP \-c\ \fIcount\fP +Send each packet \fIcount\fP times. +.IP \-d\ \fIraddb\fP +Set dictionary directory. +.IP \-f\ \fIfile\fP +Read packets from \fIfile\fP, not stdin. +.IP \-r\ \fIretries\fP +If timeout, retry sending the packet \fIretries\fP times. +.IP \-t\ \fItimeout\fP +Wait \fItimeout\fP seconds before retrying (may be a floating point number). +.IP \-h +Print usage help information. +.IP \-i\ \fIid\fP +Set request id to '\fIid\fP'. Values may be 0..255 +.IP \-S\ \fIfile\fP +Read secret from \fIfile\fP, not command line. +.IP \-q +Quiet, do not print anything out. +.IP \-s +Print out summary information of auth results. +.IP \-v +Show program version information. +.IP \-x +Enable debugging mode. + +.SH EXAMPLE + +A sample session that queries the remote server with an EAP-MD5 +challenge. +.RS +.sp +.nf +.ne 3 +( echo 'User-Name = "bob"'; + echo 'EAP-MD5-Password = "hello"'; + echo 'NAS-IP-Address = marajade.sandelman.ottawa.on.c'; + echo 'EAP-Code = Response'; + echo 'EAP-Id = 210'; + echo 'EAP-Type-Identity = "bob"; + echo 'Message-Authenticator = 0x00'; + echo 'NAS-Port = 0' ) >req.txt + +radeapclient -x localhost auth testing123 <req.txt +.fi +.sp +.RE + +.SH SEE ALSO +radclient(1) +.SH AUTHOR +Michael Richardson, <mcr@sandelman.ottawa.on.ca> diff --git a/man/man1/radlast.1 b/man/man1/radlast.1 new file mode 100644 index 0000000..ff48f22 --- /dev/null +++ b/man/man1/radlast.1 @@ -0,0 +1,21 @@ +.TH RADLAST 1 "22 February 2001" "" "FreeRADIUS Daemon" +.SH NAME +radlast - show "last" info from the radwtmp file +.SH SYNOPSIS +.B radlast +.IR [ options ] +.SH DESCRIPTION +The FreeRADIUS server can write an accounting log in the +\fIwtmp\fP format of the local system. \fBradlast\fP is a frontend +for the systems \fBlast\fP command - it just calls \fBlast\fP +with the \fI-f path_to_radwtmp_file\fP argument, and passes all +options on the command line to the system \fBlast\fP command. +.SH OPTIONS +See the manpage of the system \fBlast\fP command. +.SH SEE ALSO +radiusd(8), +radiusd.conf(5), +wtmp(5), +last(1). +.SH AUTHOR +Miquel van Smoorenburg, miquels@cistron.nl. diff --git a/man/man1/radtest.1 b/man/man1/radtest.1 new file mode 100644 index 0000000..2bf8997 --- /dev/null +++ b/man/man1/radtest.1 @@ -0,0 +1,81 @@ +.TH RADTEST 1 "5 April 2010" "" "FreeRADIUS Daemon" +.SH NAME +radtest - send packets to a RADIUS server, show reply +.SH SYNOPSIS +.B radtest +.RB [ \-d +.IR raddb_directory ] +.RB [ \-P +.IR tcp/udp ] +.RB [ \-t +.IR pap/chap/mschap/eap-md5 ] +.RB [ \-x +.IR ] +.RB [ \-4 +.IR ] +.RB [ \-6 +.IR ] +.I user password radius-server nas-port-number secret +.RB [ ppphint ] +.RB [ nasname ] +.SH DESCRIPTION +\fBradtest\fP is a frontend to \fBradclient\fP(1). It generates a +list of attribute/value pairs based on the command line arguments, +and feeds these into \fBradclient\fP. It's a fast and convenient +way to test a radius server. + +.SH OPTIONS + +.IP "\-d \fIraddb_directory\fP" +The directory that contains the RADIUS dictionary files. Defaults to +\fI/etc/raddb\fP. + +.IP "\-P\ \fIproto\fP" +Use \fIproto\fP transport protocol ("tcp" or "udp"). +Only available if FreeRADIUS is compiled with TCP transport support. + +.IP "\-t \fIpap/chap/mschap/eap-md5\fP" +Choose the authentication method to use. e.g. "-t pap", "-t chap", "-t +mschap", or "-t eap-md5",. Defaults to "pap". Using EAP-MD5 requires +that the "radeapclient" program is installed. + +.IP "\-x" +Enables debugging output for the RADIUS client. + +.IP "\-4" +Use NAS-IP-Address for the NAS address (default) + +.IP "\-6" +Use NAS-IPv6-Address for the NAS address (default) + +.IP user +Username to send. + +.IP password +Password of the user. + +.IP radius-server +Hostname or IP address of the radius server. Optionally, you may specify a +port by appending :port + +.IP nas-port-number +The value of the NAS-Port attribute. Is an integer between 0 and 2^31, +and it really doesn't matter what you put here. \fI10\fP will do fine. + +.IP secret +The shared secret for this client. + +.IP ppphint +If you put an integer > 0 here, radtest (or actually radclient) will +add the attribute \fIFramed-Protocol = PPP\fP to the request packet. + +.IP nasname +If present, this will be resolved to an IP address and added to +the request packet as the \fINAS-IP-Address\fP attribute. If you +don't specify it, the local hostname of the system will be used. + +.SH SEE ALSO +radiusd(8), +radclient(1). +.SH AUTHOR +Miquel van Smoorenburg, miquels@cistron.nl. diff --git a/man/man1/radwho.1 b/man/man1/radwho.1 new file mode 100644 index 0000000..c131255 --- /dev/null +++ b/man/man1/radwho.1 @@ -0,0 +1,99 @@ +.TH RADWHO 1 "17 Feb 2013" "" "FreeRADIUS Daemon" +.SH NAME +radwho - show online users +.SH SYNOPSIS +.B radwho +.RB [ \-c ] +.RB [ \-d +.IR raddb_directory ] +.RB [ \-F +.IR radutmp_file ] +.RB [ \-i ] +.RB [ \-n ] +.RB [ \-N +.IR nas_ip_address ] +.RB [ \-p ] +.RB [ \-P +.IR nas_port ] +.RB [ \-r ] +.RB [ \-R ] +.RB [ \-s ] +.RB [ \-S ] +.RB [ \-u +.IR user ] +.RB [ \-U +.IR user ] +.RB [ \-Z ] +.SH DESCRIPTION +The FreeRADIUS server can be configured to maintain an active session +database in a file called \fIradutmp\fP. This utility shows the +content of that session database. +.SH OPTIONS +.IP \-c +Shows caller ID (if available) instead of the full name. +.IP \-d\ \fIraddb_directory\fP +The directory that contains the RADIUS configuration files. Defaults to +\fI/etc/raddb\fP. +.IP \-F\ \fIradutmp_file\fP +The file that contains the radutmp file. If this is specified, \-d is +not necessary. +.IP \-i +Shows the session ID instead of the full name. +.IP \-n +Normally radwho looks up the username in the systems password file, +and shows the full username as well. The \fB-n\fP flags prevents this. +.IP \-N\ \fInas_ip_address\fP +Show only those entries which match the given NAS IP address. +.IP \-p +Adds an extra column for the port type - I for ISDN, A for Analog. +.IP \-P\ \fInas_port\fP +Show only those entries which match the given NAS port. +.IP \-r +Outputs all data in \fIraw\fP format - no headers, no formatting, +fields are comma-separated. +.IP \-R +Output all data in RADIUS attribute format. All fields are printed. +.IP \-s +Show full name. +.IP \-S +Hide shell users. Doesn't show the entries for users that do not +have a SLIP or PPP session. +.IP \-u\ \fIuser\fP +Show only those entries which match the given username (case insensitive). +.IP \-U\ \fIuser\fP +Show only those entries which match the given username (case sensitive). +.IP \-Z +When combined with \fI-R\fP, prints out the contents of an +Accounting-Request packet which can be passed to \fIradclient\fP, in +order to "zap" that users session from \fIradutmp\fP. +.PP +For example, +.RS +.sp +.nf +.ne 3 +$ radwho -ZRN 10.0.0.1 | radclient -f - radius.example.net acct testing123 +.fi +.sp +.RE +will result in all an Accounting-Request packet being sent to the +RADIUS server, which tells the server that the NAS rebooted. i.e. It +"zaps" all of the users on that NAS. + +To "zap" one user, specify NAS, username, and NAS port: +.RS +.sp +.nf +.ne 3 +$ radwho -ZRN 10.0.0.1 -u user -P 10 | radclient -f - radius.example.net acct testing123 +.fi +.sp +.RE +Other combinations are also possible. + +.SH SEE ALSO +radiusd(8), +radclient(1), +radiusd.conf(5). +.SH AUTHOR +Miquel van Smoorenburg, miquels@cistron.nl. diff --git a/man/man1/radzap.1 b/man/man1/radzap.1 new file mode 100644 index 0000000..03b9a43 --- /dev/null +++ b/man/man1/radzap.1 @@ -0,0 +1,68 @@ +.TH RADZAP 1 "8 April 2005" "" "FreeRADIUS Daemon" +.SH NAME +radzap - remove rogue entries from the active sessions database +.SH SYNOPSIS +.B radzap +.RB [ \-d +.IR raddb_directory ] +.RB [ \-h ] +.RB [ \-N +.IR nas_ip_address ] +.RB [ \-P +.IR nas_port ] +.RB [ \-u +.IR user ] +.RB [ \-U +.IR user ] +.RB [ \-x ] +\fIserver[:port] secret\fP +.SH DESCRIPTION +The FreeRADIUS server can be configured to maintain an active session +database in a file called \fIradutmp\fP. Commands like \fBradwho\fP(1) +use this database. Sometimes that database can get out of sync, and +then it might contain rogue entries. \fBradzap\fP can clean up this +database. + +As of FreeRADIUS 1.1.0, \fBradzap\fP is a simple shell-script wrapper +around \fBradwho\fP(1) and \fBradclient\fP(1). + +The sessions are "zapped" by sending an Accounting-Request packet +which contains the information necessary for the server to delete the +session record. \fBradzap\fP sends a packet to the server, rather +than writing to \fIradutmp\fP directly, because session records may +also be maintained in SQL. +.SH OPTIONS +.IP \-d\ \fIraddb_directory\fP +The directory that contains the RADIUS configuration files. +\fBradzap\fP reads \fIradiusd.conf\fP to determine the location of the +\fIradutmp\fP file. +.IP \-h +Print usage help information. +.IP \-N\ \fInas_ip_address\fP +Zap the entries which match the given NAS IP address. +.IP \-P\ \fInas_port\fP +Zap the entries which match the given NAS port. +.IP \-u\ \fIuser\fP +Zap the entries which match the given username (case insensitive). +.IP \-U\ \fIuser\fP +Zap the entries which match the given username (case sensitive). +.IP \-x +Enable debugging output. +.IP server[:port] +The hostname or IP address of the remote server. Optionally a UDP port +can be specified. If no UDP port is specified, it is looked up in +\fI/etc/services\fP. The service name looked for is \fBradacct\fP for +accounting packets, and \fBradius\fP for all other requests. If a +service is not found in \fI/etc/services\fP, 1813 and 1812 are used +respectively. +.IP secret +The shared secret for this client. It needs to be defined on the +radius server side too, for the IP address you are sending the radius +packets from. +.SH SEE ALSO +radwho(1), +radclient(1), +radiusd(8), +radiusd.conf(5). +.SH AUTHOR +Alan DeKok <aland@ox.org> diff --git a/man/man1/smbencrypt.1 b/man/man1/smbencrypt.1 new file mode 100644 index 0000000..19e4d0e --- /dev/null +++ b/man/man1/smbencrypt.1 @@ -0,0 +1,22 @@ +.TH SMBENCRYPT 1 +.SH NAME +smbencrypt - produce LM & NT password hashes from cleartext passwords +.SH SYNOPSIS +.B smbencrypt \fIpassword\fP [\fIpassword ...\fP] + +.SH DESCRIPTION +\fBsmbencrypt\fP For each cleartext password passed on the command line +emit the LM-Password and NT-Password hashes for that password. + +.SH EXAMPLE +.nf +$ smbencrypt foo bar +LM Hash NT Hash +-------------------------------- -------------------------------- +5BFAFBEBFB6A0942AAD3B435B51404EE AC8E657F83DF82BEEA5D43BDAF7800CC +A6428F2551EDEE1BAAD3B435B51404EE 86C156FC198B358CCCF6278D8BD49B6A +.fi + +.SH SEE ALSO +radiusd(8) +.SH AUTHORS |