1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
.\" $OpenBSD: radiusctl.8,v 1.9 2024/07/24 08:27:20 yasuoka Exp $
.\"
.\" Copyright (c) YASUOKA Masahiko <yasuoka@yasuoka.net>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\"
.Dd $Mdocdate: July 24 2024 $
.Dt RADIUSCTL 8
.Os
.Sh NAME
.Nm radiusctl
.Nd control the RADIUS protocol daemon
.Sh SYNOPSIS
.Nm
.Ar command
.Op Ar argument ...
.Sh DESCRIPTION
The
.Nm
utility controls the
.Xr radiusd 8
daemon.
.Pp
The following commands are available:
.Bl -tag -width Ds
.It Xo
.Cm test
.Ar hostname
.Ar radius_secret
.Ar user_name
.Op options
.Xc
Sends a RADIUS authentication request packet and shows the result.
The request is for the user specified by
.Ar user_name
and sent to the RADIUS server specified by
.Ar hostname .
.Ar radius_secret
is the shared secret with the server.
The options are as follows:
.Bl -tag -width Ds
.It Cm interval Ar seconds
Specifies how many seconds to wait before resending a packet.
The default is 2.
.It Cm maxwait Ar seconds
Specifies the maximum amount of time to wait for a valid reply packet.
The default is 8.
.It Cm method Ar method
Use
.Ar method
for authentication.
It can be either
.Cm pap ,
.Cm chap ,
or
.Cm mschapv2 .
If this option is omitted,
.Cm pap
is used.
.It Cm nas-port Ar nas-port
Specify an integer value for the NAS-Port attribute in the packet.
If this option is omitted, 0 is used.
.It Cm password Ar password
Use
.Ar password
for
.Ar user_name .
.It Cm port Ar port
Use
.Ar port
when sending a packet to
.Ar hostname .
If the port is omitted,
the default port number 1812 is used.
.It Cm tries Ar number
Specifies the number of packets to try sending.
The default is 3.
.It Cm msgauth Ar yes | no
Specifies if Message-Authenticator is given for the access request packet.
The default is yes.
.El
.It Cm ipcp show
Show all ipcp sessions in the database of
.Xr radiusd_ipcp 8
briefly.
.It Cm ipcp dump Op Cm -json
Dump all ipcp sessions in the database of
.Xr radiusd_ipcp 8 .
When
.Cm -json
is specified,
.Nm
shows the sessions in JSON format.
.It Cm ipcp monitor Op Cm -json
Monitor the database of
.Xr radiusd_ipcp 8 ,
show newly created sessions and deleted sessions.
When
.Cm -json
is specified,
.Nm
shows the sessions in JSON format.
.It Cm ipcp disconnect Ar sequence
Request to disconnect the session specified by the
.Ar sequence .
.El
.Sh EXAMPLES
.Bd -literal -offset indent
(show all sessions)
$ doas radiusctl ipcp show
Seq Assigned Username Start Tunnel From
--- --------------- ---------------------- -------- -------------------------
21 192.168.1.99 mifune@example.jp 11:35AM 203.0.113.32:34859
22 192.168.1.103 nakadai@example.jp 11:56AM 192.0.2.4:61794
$
(disconnect Nakadai's session)
$ doas radiusctl ipcp disconnect 22
$
.Ed
.Sh SEE ALSO
.Xr radiusd 8 ,
.Xr radiusd_ipcp 8
|
