Provided by: freeradius-common_2.1.12+dfsg-1.2ubuntu8.2_all bug

NAME

       radmin - FreeRADIUS Administration tool

SYNOPSIS

       radmin  [-d  config_directory] [-e command] [-E] [-f socket_file] [-h] [-i input_file] [-n
       name] [-o output_file] [-q]

DESCRIPTION

       FreeRADIUS Server administration tool that connects to the control  socket  of  a  running
       server, and gives a command-line interface to it.

       At this time, only a few commands are supported.  Please type "help" at the command prompt
       for detailed information about the supported commands.

WARNING

       The security protections offered by this command are limited to  the  permissions  on  the
       Unix  domain  socket,  and  the  server configuration.  If someone can connect to the Unix
       domain socket, they have a substantial amount of control over the server.

OPTIONS

       The following command-line options are accepted by the program.

       -d config directory
              Defaults to /etc/raddb. radmin looks here for the  server  configuration  files  to
              find the "listen" section that defines the control socket filename.

       -e command
              Run command and exit.

       -E     Echo commands as they are being executed.

       -f socket_file
              Specify the socket filename directly.  The radiusd.conf file is not read.

       -h     Print usage help information.

       -i input_file
              Reads  input  from the specified file.  If not specified, stdin is used.  This also
              sets "-q".

       -n mname
              Read raddb/name.conf instead of raddb/radiusd.conf.

       -o output_file
              Write output to the specified file.  If not specified, stdout is used.   This  also
              sets "-q".

       -q     Quiet mode.

COMMANDS

       The commands implemented by the command-line interface are almost completely controlled by
       the server.  There are a few commands interpreted locally by radmin:

       reconnect
              Reconnect to the server.

       quit   Exit from radmin.

       exit   Exit from radmin.

       The other commands are implemented by the server.  Type "help"  at  the  prompt  for  more
       information.

EXAMPLES

       debug file /var/log/radius/bob.log
              Set  debug  logs to /var/log/radius/bob.log.  There is very little checking of this
              filename.  Rogue administrators may be able use this command to  over-write  almost
              any   file   on   the  system.   If  those  administrators  have  write  access  to
              "radius.conf", they can do the same thing without radmin, too.

       debug condition '(User-Name == "bob")'
              Enable debugging output for all requests that match the  condition.   Any  "unlang"
              condition  is  valid  here.   The  condition  is  parsed as a string, so it must be
              enclosed in single or double quotes.  Strings enclosed in double-quotes  must  have
              back-slashes and the quotation marks escaped inside of the string.

              Only one debug condition can be active at a time.

       debug condition '((User-Name == "bob") || (Packet-Src-IP-Address == 192.0.2.22))'
              A  more  complex  condition  that  enables debugging output for requests containing
              User-Name "bob", or requests that originate from source IP address 192.0.2.22.

       debug condition
              Disable debug conditionals.

FULL LIST OF COMMANDS

       add <command>
              do sub-command of add

       add client <command>
              Add client configuration commands

       add client file <filename>
              Add new client definition from <filename>

       debug <command>
              debugging commands

       debug condition [condition]
              Enable debugging for requests matching [condition]

       debug level <number>
              Set debug level to <number>.  Higher is more debugging.

       debug file [filename]
              Send all debugging output to [filename]

       del <command>
              do sub-command of del

       del client <command>
              Delete client configuration commands

       del client ipaddr <ipaddr>
              Delete a dynamically created client

       hup [module]
              sends a HUP signal to the server, or optionally to one module

       inject <command>
              commands to inject packets into a running server

       inject to <ipaddr> <port>
              Inject packets to the destination IP and port.

       inject from <ipaddr>
              Inject packets as if they came from <ipaddr>

       inject file <input-file> <output-file>
              Inject packet from input-file>, with results sent to <output-file>

       reconnect
              reconnect to a running server

       terminate
              terminates the server, and cause it to exit

       set <command>
              do sub-command of set

       set module <command>
              set module commands

       set module config <module> variable value
              set configuration for <module>

       set module status [alive|dead]
              set the module to be alive or dead (always return "fail")

       set home_server <command>
              set home server commands

       set home_server state <ipaddr> <port> [alive|dead]
              set state for given home server

       show <command>
              do sub-command of show

       show client <command>
              do sub-command of client

       show client config <ipaddr>
              show configuration for given client

       show client list
              shows list of global clients

       show debug <command>
              show debug properties

       show debug condition
              Shows current debugging condition.

       show debug level
              Shows current debugging level.

       show debug file
              Shows current debugging file.

       show home_server <command>
              do sub-command of home_server

       show home_server config <ipaddr> <port>
              show configuration for given home server

       show home_server list
              shows list of home servers

       show home_server state <ipaddr> <port>
              shows state of given home server

       show module <command>
              do sub-command of module

       show module config <module>
              show configuration for given module

       show module flags <module>
              show other module properties

       show module list
              shows list of loaded modules

       show module methods <module>
              show sections where <module> may be used

       show uptime
              shows time at which server started

       show version
              Prints version of the running server

       show xml <reference>
              Prints out configuration as XML

       stats <command>
              do sub-command of stats

       stats client [auth/acct] <ipaddr>
              show statistics for given client, or for all clients (auth or acct)

       stats home_server [<ipaddr>/auth/acct] <port>
              show statistics for given home server (ipaddr and port), or for  all  home  servers
              (auth or acct)

       stats detail <filename>
              show statistics for the given detail file

SEE ALSO

       unlang(5), radiusd.conf(5), raddb/sites-available/control-socket

AUTHOR

       Alan DeKok <aland@freeradius.org>

                                           14 Mar 2011                                  RADMIN(8)