Man Linux: Main Page and Category List


       radmin - FreeRADIUS Administration tool


       radmin   [-d   config_directory]  [-e  command]  [-f  socket_file]  [-i
       input_file] [-n name] [-o output_file] [-q]


       FreeRADIUS Server administration tool  that  connects  to  the  control
       socket of a running server, and gives a command-line interface to it.

       At this time, only a few commands are supported.  Please type "help" at
       the  command  prompt  for  detailed  information  about  the  supported


       This  tool  is  experimental  and  should  not  be  used  in production
       environments.  Changes may be made at any time to the commands accepted
       by the server, and/or to the resulting output.

       The  security  protections  offered by this command are pretty minimal.
       If someone has permission to connect to the server, they can do  almost
       anything, from stopping the server, to changing its configuration.

       Please exercise caution when using this command!


       The following command-line options are accepted by the program.

       -d config directory
              Defaults  to  /etc/raddb.  radmin  looks  here  for  the  server
              configuration files to find the "listen"  section  that  defines
              the control socket filename.

       -e command
              Run command and exit.

       -f socket_file
              Specify  the socket filename directly.  The radiusd.conf file is
              not read.

       -i input_file
              Reads input from the specified file.  If not specified, stdin is
              used.  This also sets "-q".

       -n mname
              Read raddb/name.conf instead of raddb/radiusd.conf.

       -o output_file
              Write output to the specified file.  If not specified, stdout is
              used.  This also sets "-q".

       -q     Quiet mode.


       The commands implemented  by  the  command-line  interface  are  almost
       completely  controlled  by  the  server.   There  are  a  few  commands
       interpreted locally by radmin:

              Reconnect to the server.

       quit   Exit from radmin.

       exit   Exit from radmin.

       The other commands are implemented by the server.  Type "help"  at  the
       prompt for more information.


       debug file /var/log/radius/bob.log
              Set debug logs to /var/log/radius/bob.log.  There is very little
              checking of this filename.  Rogue administrators may be able use
              this  command  to  over-write almost any file on the system.  If
              those administrators have write access  to  "radius.conf",  they
              can do the same thing without radmin, too.

       debug condition ’(User-Name == "bob")’
              Enable   debugging  output  for  all  requests  that  match  the
              condition.  Any "unlang" condition is valid here.  The condition
              is  parsed  as  a  string,  so  it must be enclosed in single or
              double quotes.  Strings  enclosed  in  double-quotes  must  have
              back-slashes  and  the  quotation  marks  escaped  inside of the

              Only one debug condition can be active at a time.

       debug condition ’((User-Name == "bob") || (Packet-Src-IP-
       Address ==’
              A more complex  condition  that  enables  debugging  output  for
              requests  containing User-Name "bob", or requests that originate
              from source IP address

       debug condition
              Disable debug conditionals.


       add <command>
              do sub-command of add

       add client <command>
              Add client configuration commands

       add client file <filename>
              Add new client definition from <filename>

       debug <command>
              debugging commands

       debug condition [condition]
              Enable debugging for requests matching [condition]

       debug level <number>
              Set debug level to <number>.  Higher is more debugging.

       debug file [filename]
              Send all debugging output to [filename]

       hup [module]
              sends a HUP signal to the server, or optionally to one module

              reconnect to a running server

              terminates the server, and cause it to exit

       set <command>
              do sub-command of set

       set module <command>
              set module commands

       set module config <module> variable value
              set configuration for <module>

       set home_server <command>
              set home server commands

       set home_server state <ipaddr> <port> [alive|dead]
              set state for given home server

       show <command>
              do sub-command of show

       show client <command>
              do sub-command of client

       show client config <ipaddr>
              show configuration for given client

       show client list
              shows list of global clients

       show debug <command>
              show debug properties

       show debug condition
              Shows current debugging condition.

       show debug level
              Shows current debugging level.

       show debug file
              Shows current debugging file.

       show home_server <command>
              do sub-command of home_server

       show home_server config <ipaddr> <port>
              show configuration for given home server

       show home_server list
              shows list of home servers

       show home_server state <ipaddr> <port>
              shows state of given home server

       show module <command>
              do sub-command of module

       show module config <module>
              show configuration for given module

       show module flags <module>
              show other module properties

       show module list
              shows list of loaded modules

       show module methods <module>
              show sections where <module> may be used

       show uptime
              shows time at which server started

       show version
              Prints version of the running server

       show xml <reference>
              Prints out configuration as XML

       stats <command>
              do sub-command of stats

       stats client [auth/acct] <ipaddr>
              show statistics for client

       stats home_server <ipaddr> <port>
              show statistics for home server


       unlang(5), radiusd.conf(5), raddb/sites-available/control-socket


       Alan DeKok <>

                                  15 Feb 2009