.TH RADMIN 8 "10 Sept 2008" "" "FreeRADIUS Server Administration Tool" .SH NAME radmin - FreeRADIUS Administration tool .SH SYNOPSIS .B radmin .RB [ \-d .IR config_directory ] .RB [ \-e .IR command ] .RB [ \-f .IR socket_file ] .RB [ \-i .IR input_file ] .RB [ \-n .IR name ] .RB [ \-o .IR output_file ] .RB [ \-q ] .SH DESCRIPTION FreeRADIUS Server administration tool that connects to the control socket of a running server, and gives a command-line interface to it. At this time, only a few commands are supported. Please type "help" at the command prompt for detailed information about the supported commands. .SH WARNING This tool is experimental and should not be used in production environments. Changes may be made at any time to the commands accepted by the server, and/or to the resulting output. The security protections offered by this command are pretty minimal. If someone has permission to connect to the server, they can do almost anything, from stopping the server, to changing it's configuration. Please exercise caution when using this command! .SH OPTIONS The following command-line options are accepted by the program. .IP "\-d \fIconfig directory\fP" Defaults to \fI/etc/raddb\fP. \fBradmin\fP looks here for the server configuration files to find the "listen" section that defines the control socket filename. .IP "\-e \fIcommand\fP" Run \fIcommand\fP and exit. .IP "\-f \fIsocket_file\fP" Specify the socket filename directly. The radiusd.conf file is not read. .IP "\-i \fIinput_file\fP" Reads input from the specified file. If not specified, stdin is used. This also sets "-q". .IP "\-n \fImname\fP" Read \fIraddb/name.conf\fP instead of \fIraddb/radiusd.conf\fP. .IP "\-o \fIoutput_file\fP" Write output to the specified file. If not specified, stdout is used. This also sets "-q". .IP \-q Quiet mode. .SH COMMANDS The commands implemented by the command-line interface are almost completely controlled by the server. There are a few commands interpreted locally by radmin: .IP reconnect Reconnect to the server. .IP quit Exit from radmin. .IP exit Exit from radmin. .PP The other commands are implemented by the server. Type "help" at the prompt for more information. .SH EXAMPLES .IP debug\ file\ /var/log/radius/bob.log Set debug logs to /var/log/radius/bob.log. There is very little checking of this filename. Rogue administrators may be able use this command to over-write almost any file on the system. If those administrators have write access to "radius.conf", they can do the same thing without radmin, too. .IP debug\ condition\ '(User-Name\ ==\ "bob")' Enable debugging output for all requests that match the condition. Any "unlang" condition is valid here. The condition is parsed as a string, so it must be enclosed in single or double quotes. Strings enclosed in double-quotes must have back-slashes and the quotation marks escaped inside of the string. Only one debug condition can be active at a time. .IP debug\ condition\ '((User-Name\ ==\ "bob")\ ||\ (Packet-Src-IP-Address\ ==\ 192.0.2.22))' A more complex condition that enables debugging output for requests containing User-Name "bob", or requests that originate from source IP address 192.0.2.22. .IP debug\ condition Disable debug conditionals. .SH SEE ALSO unlang(5), radiusd.conf(5), raddb/sites-available/control .SH AUTHOR Alan DeKok <aland@freeradius.org>