RADCLIENT(1) FreeRADIUS Daemon RADCLIENT(1)
NAME
radclient - send(2,n) packets to a RADIUS server, show reply
SYNOPSIS
radclient [-d raddb_directory] [-c count] [-f file(1,n)] [-i id] [-r
num_retries] [-s] [-S shared_secret_file] [-t timeout(1,3x,3x cbreak)] [-qvx] server
{acct(2,5)|auth|status|disconnect} secret
DESCRIPTION
radclient is a radius client program. It can send(2,n) arbitrary radius
packets to a radius server, then shows the reply. It can be used to
test changes you made in(1,8) the configuration of the radius server, or it
can be used to monitor if(3,n) a radius server is up.
radclient reads radius attribute/value pairs from it standard input, or
from a file(1,n) specified on the command line. It then encodes these
attribute/value pairs using the dictionary, and sends them to the
remote server.
The User-Password attribute is automatically encrypted by radclient.
OPTIONS
-c count
Send each packet count times. /etc/raddb.
-d raddb_directory
The directory that contains the RADIUS dictionary files.
Defaults to /etc/raddb.
-f file(1,n)
File to read(2,n,1 builtins) the attribute/value pairs from. If this is not
specified, they are read(2,n,1 builtins) from stdin.
-i id Use id as the RADIUS request Id.
-q Go to quiet mode, and do not print out anything.
-r num_retries
Try to send(2,n) each packet num_retries times, before giving up on
it. The default is 10.
-sPrint
-S shared_secret_file
Rather than reading the shared secret from the command-line
(where it can be seen by others on the local system), read(2,n,1 builtins) it
instead from shared_secret_file.
-t timeout(1,3x,3x cbreak)
Wait timeout(1,3x,3x cbreak) seconds before deciding that the NAS has not
responded to a request, and re-sending the packet. The default
timeout(1,3x,3x cbreak) is 3.
-v Print out version(1,3,5) information.
-x Print out extra debugging information.
server[:port]
The hostname or IP address of the remote server. Optionally a
UDP port can be specified. If no UDP port is specified, it is
looked up in(1,8) /etc/services. The service name looked for is
radacct for accounting packets, and radius for all other
requests. If a service is not found in(1,8) /etc/services, 1813 and
1812 are used respectively.
acct(2,5) | auth
Use auth to send(2,n) an authentication packet (Access-Request), acct(2,5)
to send(2,n) an accounting packet (Accounting-Request), status to
send(2,n) an status packet (Status-Server), or disconnect to send(2,n) a
disconnection request. Instead of these values, you can also use
a decimal code here. For example, code 12 is also Status-Server.
secret The shared secret for this client. It needs to be defined on
the radius server side too, for the IP address you are sending
the radius packets from.
EXAMPLE
A sample session that queries the remote server for Status-Server (not
all servers support this. Cistron-radiusd does since version(1,3,5) 1.6.5):
$ echo(1,3x,1 builtins) "User-Name = fnord" | radclient 192.168.1.42 12 s3cr3t
Sending request to server 192.168.1.42, port 1812.
radrecv: Packet from host(1,5) 192.168.1.42 code=2, id=140, length=54
Reply-Message = "FreeRADIUS up 21 days, 02:05"
SEE ALSO
radiusd(5,8)(8), radtest(1).
AUTHORS
Miquel van Smoorenburg, miquels@cistron.nl. Alan DeKok <aland@freera-
dius.org>
22 June 2004 RADCLIENT(1)