radclient

RADCLIENT(1)                   FreeRADIUS Daemon                  RADCLIENT(1)

NAME

       radclient - send packets to a RADIUS server, show reply

SYNOPSIS

       radclient  [-d  raddb_directory]  [-c  count]  [-f  file]  [-i  id] [-r
       num_retries] [-s] [-S shared_secret_file] [-t  timeout]  [-qvx]  server
       {acct|auth|status|disconnect} secret

DESCRIPTION

       radclient  is  a  radius  client  program. It can send arbitrary radius
       packets to a radius server, then shows the reply. It  can  be  used  to
       test  changes you made in the configuration of the radius server, or it
       can be used to monitor if a radius server is up.

       radclient reads radius attribute/value pairs from it standard input, or
       from  a  file  specified  on  the  command  line. It then encodes these
       attribute/value pairs using the  dictionary,  and  sends  them  to  the
       remote server.

       The User-Password attribute is automatically encrypted by radclient.

OPTIONS

       -c count
              Send each packet count times.  /etc/raddb.


       -d raddb_directory
              The   directory  that  contains  the  RADIUS  dictionary  files.
              Defaults to /etc/raddb.


       -f file
              File to read the attribute/value pairs  from.  If  this  is  not
              specified, they are read from stdin.


       -i id  Use id as the RADIUS request Id.


       -q     Go to quiet mode, and do not print out anything.


       -r num_retries
              Try  to  send each packet num_retries times, before giving up on
              it.  The default is 10.


       -sPrint


       -S shared_secret_file
              Rather than reading the  shared  secret  from  the  command-line
              (where  it  can  be seen by others on the local system), read it
              instead from shared_secret_file.


       -t timeout
              Wait timeout seconds  before  deciding  that  the  NAS  has  not
              responded  to a request, and re-sending the packet.  The default
              timeout is 3.


       -v     Print out version information.


       -x     Print out extra debugging information.


       server[:port]
              The hostname or IP address of the remote  server.  Optionally  a
              UDP  port  can  be specified. If no UDP port is specified, it is
              looked up in /etc/services.  The  service  name  looked  for  is
              radacct  for  accounting  packets,  and  radius  for  all  other
              requests. If a service is not found in /etc/services,  1813  and
              1812 are used respectively.


       acct | auth
              Use auth to send an authentication packet (Access-Request), acct
              to send an accounting  packet  (Accounting-Request),  status  to
              send  an  status packet (Status-Server), or disconnect to send a
              disconnection request. Instead of these values, you can also use
              a decimal code here. For example, code 12 is also Status-Server.


       secret The shared secret for this client.  It needs to  be  defined  on
              the  radius  server side too, for the IP address you are sending
              the radius packets from.

EXAMPLE

       A sample session that queries the remote server for Status-Server  (not
       all servers support this.  Cistron-radiusd does since version 1.6.5):


              $ echo "User-Name = fnord" | radclient 192.168.1.42 12 s3cr3t
              Sending request to server 192.168.1.42, port 1812.
              radrecv: Packet from host 192.168.1.42 code=2, id=140, length=54
                  Reply-Message = "FreeRADIUS up 21 days, 02:05"

SEE ALSO

       radiusd(8), radtest(1).

AUTHORS

       Miquel  van Smoorenburg, miquels@cistron.nl.  Alan DeKok <aland@freera-
       dius.org>



                                 22 June 2004                     RADCLIENT(1)