diff options
Diffstat (limited to 'man/man8/radmin.8')
-rw-r--r-- | man/man8/radmin.8 | 188 |
1 files changed, 188 insertions, 0 deletions
diff --git a/man/man8/radmin.8 b/man/man8/radmin.8 new file mode 100644 index 0000000..b58a2e3 --- /dev/null +++ b/man/man8/radmin.8 @@ -0,0 +1,188 @@ +.TH RADMIN 8 "11 Mar 2019" "" "FreeRADIUS Server Administration Tool" +.SH NAME +radmin - FreeRADIUS Administration tool +.SH SYNOPSIS +.B radmin +.RB [ \-d +.IR config_directory ] +.RB [ \-D +.IR dictionary_directory ] +.RB [ \-e +.IR command ] +.RB [ \-E ] +.RB [ \-f +.IR socket_file ] +.RB [ \-h ] +.RB [ \-i +.IR input_file ] +.RB [ \-n +.IR name ] +.RB [ \-q ] +.SH DESCRIPTION +FreeRADIUS Server administration tool that connects to the control +socket of a running server, and gives a command-line interface to it. + +At this time, only a few commands are supported. Please type "help" +at the command prompt for detailed information about the supported +commands. +.SH WARNING +The security protections offered by this command are limited to the +permissions on the Unix domain socket, and the server +configuration. If someone can connect to the Unix domain socket, they +have a substantial amount of control over the server. +.SH OPTIONS +The following command-line options are accepted by the program. +.IP "\-d \fIconfig directory\fP" +Defaults to \fI/etc/raddb\fP. \fBradmin\fP looks here for the server +configuration files to find the "listen" section that defines the +control socket filename. +.IP "\-D \fIdictionary directory\fP" +Set main dictionary directory. Defaults to \fI/usr/share/freeradius\fP. +.IP "\-e \fIcommand\fP" +Run \fIcommand\fP and exit. +.IP \-E +Echo commands as they are being executed. +.IP "\-f \fIsocket_file\fP" +Specify the socket filename directly. The radiusd.conf file is not read. +.IP \-h +Print usage help information. +.IP "\-i \fIinput_file\fP" +Reads input from the specified file. If not specified, stdin is used. +This also sets "-q". +.IP "\-n \fImname\fP" +Read \fIraddb/name.conf\fP instead of \fIraddb/radiusd.conf\fP. +.IP \-q +Quiet mode. +.SH COMMANDS +The commands implemented by the command-line interface are almost +completely controlled by the server. There are a few commands +interpreted locally by radmin: +.IP reconnect +Reconnect to the server. +.IP quit +Exit from radmin. +.IP exit +Exit from radmin. +.PP +The other commands are implemented by the server. Type "help" at the +prompt for more information. +.SH EXAMPLES +.IP debug\ file\ /var/log/radius/bob.log +Set debug logs to /var/log/radius/bob.log. There is very little +checking of this filename. Rogue administrators may be able use this +command to over-write almost any file on the system. If those +administrators have write access to "radius.conf", they can do the +same thing without radmin, too. +.IP debug\ condition\ '(User-Name\ ==\ "bob")' +Enable debugging output for all requests that match the condition. +Any "unlang" condition is valid here. The condition is parsed as a +string, so it must be enclosed in single or double quotes. Strings +enclosed in double-quotes must have back-slashes and the quotation +marks escaped inside of the string. + +Only one debug condition can be active at a time. +.IP "debug condition '((User-Name == ""bob"") || (Packet-Src-IP-Address == 192.0.2.22))'" +A more complex condition that enables debugging output for requests +containing User-Name "bob", or requests that originate from source IP +address 192.0.2.22. +.IP debug\ condition +Disable debug conditionals. +.SH FULL LIST OF COMMANDS +.IP add\ <command> +do sub-command of add +.IP add\ client\ <command> +Add client configuration commands +.IP add\ client\ file\ <filename> +Add new client definition from <filename> +.IP debug\ <command> +debugging commands +.IP debug\ condition\ [condition] +Enable debugging for requests matching [condition] +.IP debug\ level\ <number> +Set debug level to <number>. Higher is more debugging. +.IP debug\ file\ [filename] +Send all debugging output to [filename] +.IP del\ <command> +do sub-command of del +.IP del\ client\ <command> +Delete client configuration commands +.IP del\ client\ ipaddr\ <ipaddr> +Delete a dynamically created client +.IP hup\ [module] +sends a HUP signal to the server, or optionally to one module +.IP inject\ <command> +commands to inject packets into a running server +.IP inject\ to\ <ipaddr>\ <port> +Inject packets to the destination IP and port. +.IP inject\ from\ <ipaddr> +Inject packets as if they came from <ipaddr> +.IP inject\ file\ <input-file>\ <output-file> +Inject packet from input-file>, with results sent to <output-file> +.IP reconnect +reconnect to a running server +.IP terminate +terminates the server, and cause it to exit +.IP set\ <command> +do sub-command of set +.IP set\ module\ <command> +set module commands +.IP set\ module\ config\ <module>\ variable\ value +set configuration for <module> +.IP set\ module\ status\ [alive|dead] +set the module to be alive or dead (always return "fail") +.IP set\ home_server\ <command> +set home server commands +.IP set\ home_server\ state\ <ipaddr>\ <port>\ [alive|dead] +set state for given home server +.IP show\ <command> +do sub-command of show +.IP show\ client\ <command> +do sub-command of client +.IP show\ client\ config\ <ipaddr>\ [udp|tcp] +shows configuration for a given client. +.IP show\ client\ list +shows list of global clients +.IP show\ debug\ <command> +show debug properties +.IP show\ debug\ condition +Shows current debugging condition. +.IP show\ debug\ level +Shows current debugging level. +.IP show\ debug\ file +Shows current debugging file. +.IP show\ home_server\ <command> +do sub-command of home_server +.IP show\ home_server\ config\ <ipaddr>\ <port> +show configuration for given home server +.IP show\ home_server\ list +shows list of home servers +.IP show\ home_server\ state\ <ipaddr>\ <port> +shows state of given home server +.IP show\ module\ <command> +do sub-command of module +.IP show\ module\ config\ <module> +show configuration for given module +.IP show\ module\ flags\ <module> +show other module properties +.IP show\ module\ list +shows list of loaded modules +.IP show\ module\ methods\ <module> +show sections where <module> may be used +.IP show\ uptime +shows time at which server started +.IP show\ version +Prints version of the running server +.IP show\ xml\ <reference> +Prints out configuration as XML +.IP stats\ <command> +do sub-command of stats +.IP stats\ client\ [auth/acct]\ <ipaddr> +show statistics for given client, or for all clients (auth or acct) +.IP stats\ home_server\ [<ipaddr>|auth|acct]\ <port> +show statistics for given home server (ipaddr and port), or for all home servers (auth or acct) +.IP stats\ detail\ <filename> +show statistics for the given detail file +.SH SEE ALSO +unlang(5), radiusd.conf(5), raddb/sites-available/control-socket +.SH AUTHOR +Alan DeKok <aland@freeradius.org> |