Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
RADMIN(8)	     FreeRADIUS	Server Administration Tool	     RADMIN(8)

       radmin -	FreeRADIUS Administration tool

       radmin  [-d  config_directory]  [-D  dictionary_directory] [-e command]
       [-E] [-f	socket_file] [-h] [-i input_file] [-n name] [-q]

       FreeRADIUS Server administration	tool  that  connects  to  the  control
       socket of a running server, and gives a command-line interface to it.

       At this time, only a few	commands are supported.	 Please	type "help" at
       the command prompt for detailed information about  the  supported  com-

       The  security  protections  offered  by this command are	limited	to the
       permissions on the Unix domain socket, and  the	server	configuration.
       If  someone can connect to the Unix domain socket, they have a substan-
       tial amount of control over the server.

       The following command-line options are accepted by the program.

       -d config directory
	      Defaults to  /usr/local/share/examples/freeradius/raddb.	radmin
	      looks  here for the server configuration files to	find the "lis-
	      ten" section that	defines	the control socket filename.

       -D dictionary directory
	      Set main dictionary directory.  Defaults	to  /usr/share/freera-

       -e command
	      Run command and exit.

       -E     Echo commands as they are	being executed.

       -f socket_file
	      Specify  the socket filename directly.  The radiusd.conf file is
	      not read.

       -h     Print usage help information.

       -i input_file
	      Reads input from the specified file.  If not specified, stdin is
	      used.  This also sets "-q".

       -n mname
	      Read raddb/name.conf instead of raddb/radiusd.conf.

       -q     Quiet mode.

       The  commands implemented by the	command-line interface are almost com-
       pletely controlled by the server.  There	are a few commands interpreted
       locally by radmin:

	      Reconnect	to the server.

       quit   Exit from	radmin.

       exit   Exit from	radmin.

       The  other  commands are	implemented by the server.  Type "help"	at the
       prompt for more information.

       debug file /var/log/radius/bob.log
	      Set debug	logs to	/var/log/radius/bob.log.  There	is very	little
	      checking of this filename.  Rogue	administrators may be able use
	      this command to over-write almost	any file on  the  system.   If
	      those  administrators  have  write access	to "radius.conf", they
	      can do the same thing without radmin, too.

       debug condition '(User-Name == "bob")'
	      Enable debugging output for all requests that match  the	condi-
	      tion.   Any  "unlang" condition is valid here.  The condition is
	      parsed as	a string, so it	must be	enclosed in single  or	double
	      quotes.	Strings	 enclosed  in  double-quotes  must  have back-
	      slashes and the quotation	marks escaped inside of	the string.

	      Only one debug condition can be active at	a time.

       debug condition '((User-Name ==	"bob")	||  (Packet-Src-IP-Address  =='
	      A	 more  complex condition that enables debugging	output for re-
	      quests containing	User-Name "bob", or  requests  that  originate
	      from source IP address

       debug condition
	      Disable debug conditionals.

       add <command>
	      do sub-command of	add

       add client <command>
	      Add client configuration commands

       add client file <filename>
	      Add new client definition	from <filename>

       debug <command>
	      debugging	commands

       debug condition [condition]
	      Enable debugging for requests matching [condition]

       debug level <number>
	      Set debug	level to <number>.  Higher is more debugging.

       debug file [filename]
	      Send all debugging output	to [filename]

       del <command>
	      do sub-command of	del

       del client <command>
	      Delete client configuration commands

       del client ipaddr <ipaddr>
	      Delete a dynamically created client

       hup [module]
	      sends a HUP signal to the	server,	or optionally to one module

       inject <command>
	      commands to inject packets into a	running	server

       inject to <ipaddr> <port>
	      Inject packets to	the destination	IP and port.

       inject from <ipaddr>
	      Inject packets as	if they	came from <ipaddr>

       inject file <input-file>	<output-file>
	      Inject  packet  from  input-file>, with results sent to <output-

	      reconnect	to a running server

	      terminates the server, and cause it to exit

       set <command>
	      do sub-command of	set

       set module <command>
	      set module commands

       set module config <module> variable value
	      set configuration	for <module>

       set module status [alive|dead]
	      set the module to	be alive or dead (always return	"fail")

       set home_server <command>
	      set home server commands

       set home_server state <ipaddr> <port> [alive|dead]
	      set state	for given home server

       show <command>
	      do sub-command of	show

       show client <command>
	      do sub-command of	client

       show client config <ipaddr> [udp|tcp]
	      shows configuration for a	given client.

       show client list
	      shows list of global clients

       show debug <command>
	      show debug properties

       show debug condition
	      Shows current debugging condition.

       show debug level
	      Shows current debugging level.

       show debug file
	      Shows current debugging file.

       show home_server	<command>
	      do sub-command of	home_server

       show home_server	config <ipaddr>	<port>
	      show configuration for given home	server

       show home_server	list
	      shows list of home servers

       show home_server	state <ipaddr> <port>
	      shows state of given home	server

       show module <command>
	      do sub-command of	module

       show module config <module>
	      show configuration for given module

       show module flags <module>
	      show other module	properties

       show module list
	      shows list of loaded modules

       show module methods <module>
	      show sections where <module> may be used

       show uptime
	      shows time at which server started

       show version
	      Prints version of	the running server

       show xml	<reference>
	      Prints out configuration as XML

       stats <command>
	      do sub-command of	stats

       stats client [auth/acct]	<ipaddr>
	      show statistics for given	client,	or for all  clients  (auth  or

       stats home_server [<ipaddr>|auth|acct] <port>
	      show  statistics for given home server (ipaddr and port),	or for
	      all home servers (auth or	acct)

       stats detail <filename>
	      show statistics for the given detail file

       unlang(5), radiusd.conf(5), raddb/sites-available/control-socket

       Alan DeKok <>

				  11 Mar 2019			     RADMIN(8)


Want to link to this manual page? Use this URL:

home | help