1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
|
.TH RADMIN 8 "11 Mar 2019" "" "FreeRADIUS Server Administration Tool"
.SH NAME
radmin - FreeRADIUS Administration tool
.SH SYNOPSIS
.B radmin
.RB [ \-d
.IR config_directory ]
.RB [ \-D
.IR dictionary_directory ]
.RB [ \-e
.IR command ]
.RB [ \-E ]
.RB [ \-f
.IR socket_file ]
.RB [ \-h ]
.RB [ \-i
.IR input_file ]
.RB [ \-n
.IR name ]
.RB [ \-q ]
.SH DESCRIPTION
FreeRADIUS Server administration tool that connects to the control
socket of a running server, and gives a command-line interface to it.
At this time, only a few commands are supported. Please type "help"
at the command prompt for detailed information about the supported
commands.
.SH WARNING
The security protections offered by this command are limited to the
permissions on the Unix domain socket, and the server
configuration. If someone can connect to the Unix domain socket, they
have a substantial amount of control over the server.
.SH OPTIONS
The following command-line options are accepted by the program.
.IP "\-d \fIconfig directory\fP"
Defaults to \fI/etc/raddb\fP. \fBradmin\fP looks here for the server
configuration files to find the "listen" section that defines the
control socket filename.
.IP "\-D \fIdictionary directory\fP"
Set main dictionary directory. Defaults to \fI/usr/share/freeradius\fP.
.IP "\-e \fIcommand\fP"
Run \fIcommand\fP and exit.
.IP \-E
Echo commands as they are being executed.
.IP "\-f \fIsocket_file\fP"
Specify the socket filename directly. The radiusd.conf file is not read.
.IP \-h
Print usage help information.
.IP "\-i \fIinput_file\fP"
Reads input from the specified file. If not specified, stdin is used.
This also sets "-q".
.IP "\-n \fImname\fP"
Read \fIraddb/name.conf\fP instead of \fIraddb/radiusd.conf\fP.
.IP \-q
Quiet mode.
.SH COMMANDS
The commands implemented by the command-line interface are almost
completely controlled by the server. There are a few commands
interpreted locally by radmin:
.IP reconnect
Reconnect to the server.
.IP quit
Exit from radmin.
.IP exit
Exit from radmin.
.PP
The other commands are implemented by the server. Type "help" at the
prompt for more information.
.SH EXAMPLES
.IP debug\ file\ /var/log/radius/bob.log
Set debug logs to /var/log/radius/bob.log. There is very little
checking of this filename. Rogue administrators may be able use this
command to over-write almost any file on the system. If those
administrators have write access to "radius.conf", they can do the
same thing without radmin, too.
.IP debug\ condition\ '(User-Name\ ==\ "bob")'
Enable debugging output for all requests that match the condition.
Any "unlang" condition is valid here. The condition is parsed as a
string, so it must be enclosed in single or double quotes. Strings
enclosed in double-quotes must have back-slashes and the quotation
marks escaped inside of the string.
Only one debug condition can be active at a time.
.IP "debug condition '((User-Name == ""bob"") || (Packet-Src-IP-Address == 192.0.2.22))'"
A more complex condition that enables debugging output for requests
containing User-Name "bob", or requests that originate from source IP
address 192.0.2.22.
.IP debug\ condition
Disable debug conditionals.
.SH FULL LIST OF COMMANDS
.IP add\ <command>
do sub-command of add
.IP add\ client\ <command>
Add client configuration commands
.IP add\ client\ file\ <filename>
Add new client definition from <filename>
.IP debug\ <command>
debugging commands
.IP debug\ condition\ [condition]
Enable debugging for requests matching [condition]
.IP debug\ level\ <number>
Set debug level to <number>. Higher is more debugging.
.IP debug\ file\ [filename]
Send all debugging output to [filename]
.IP del\ <command>
do sub-command of del
.IP del\ client\ <command>
Delete client configuration commands
.IP del\ client\ ipaddr\ <ipaddr>
Delete a dynamically created client
.IP hup\ [module]
sends a HUP signal to the server, or optionally to one module
.IP inject\ <command>
commands to inject packets into a running server
.IP inject\ to\ <ipaddr>\ <port>
Inject packets to the destination IP and port.
.IP inject\ from\ <ipaddr>
Inject packets as if they came from <ipaddr>
.IP inject\ file\ <input-file>\ <output-file>
Inject packet from input-file>, with results sent to <output-file>
.IP reconnect
reconnect to a running server
.IP terminate
terminates the server, and cause it to exit
.IP set\ <command>
do sub-command of set
.IP set\ module\ <command>
set module commands
.IP set\ module\ config\ <module>\ variable\ value
set configuration for <module>
.IP set\ module\ status\ [alive|dead]
set the module to be alive or dead (always return "fail")
.IP set\ home_server\ <command>
set home server commands
.IP set\ home_server\ state\ <ipaddr>\ <port>\ [alive|dead]
set state for given home server
.IP show\ <command>
do sub-command of show
.IP show\ client\ <command>
do sub-command of client
.IP show\ client\ config\ <ipaddr>\ [udp|tcp]
shows configuration for a given client.
.IP show\ client\ list
shows list of global clients
.IP show\ debug\ <command>
show debug properties
.IP show\ debug\ condition
Shows current debugging condition.
.IP show\ debug\ level
Shows current debugging level.
.IP show\ debug\ file
Shows current debugging file.
.IP show\ home_server\ <command>
do sub-command of home_server
.IP show\ home_server\ config\ <ipaddr>\ <port>
show configuration for given home server
.IP show\ home_server\ list
shows list of home servers
.IP show\ home_server\ state\ <ipaddr>\ <port>
shows state of given home server
.IP show\ module\ <command>
do sub-command of module
.IP show\ module\ config\ <module>
show configuration for given module
.IP show\ module\ flags\ <module>
show other module properties
.IP show\ module\ list
shows list of loaded modules
.IP show\ module\ methods\ <module>
show sections where <module> may be used
.IP show\ uptime
shows time at which server started
.IP show\ version
Prints version of the running server
.IP show\ xml\ <reference>
Prints out configuration as XML
.IP stats\ <command>
do sub-command of stats
.IP stats\ client\ [auth/acct]\ <ipaddr>
show statistics for given client, or for all clients (auth or acct)
.IP stats\ home_server\ [<ipaddr>|auth|acct]\ <port>
show statistics for given home server (ipaddr and port), or for all home servers (auth or acct)
.IP stats\ detail\ <filename>
show statistics for the given detail file
.SH SEE ALSO
unlang(5), radiusd.conf(5), raddb/sites-available/control-socket
.SH AUTHOR
Alan DeKok <aland@freeradius.org>
|
