radeapclient(1) [debian man page]
RADEAPCLIENT(1) FreeRADIUS Daemon RADEAPCLIENT(1) NAME
radeapclient - send EAP packets to a RADIUS server, calculate responses SYNOPSIS
radeapclient [-c count] [-d raddb_directory] [-f file] [-h] [-i source_ip] [-q] [-s] [-r retries] [-S file] [-t timeout] [-v] [-x] server {acct|auth} secret DESCRIPTION
radeapclient is a radius client program. It can send arbitrary radius packets to a radius server, then shows the reply. Radeapclient dif- fers from radclient in that if there is an EAP-MD5 challenge, then it will be responded to. radeapclient is otherwise identical to radclient. The EAP-Identity attribute, if present is used to construct an EAP Identity message. The EAP-MD5-Password attribute, if present is used to respond to an MD5 challenge. No other EAP types are currently supported. OPTIONS
-c count Send each packet count times. -d raddb Set dictionary directory. -f file Read packets from file, not stdin. -r retries If timeout, retry sending the packet retries times. -t timeout Wait timeout seconds before retrying (may be a floating point number). -h Print usage help information. -i id Set request id to 'id'. Values may be 0..255 -S file Read secret from file, not command line. -q Quiet, do not print anything out. -s Print out summary information of auth results. -v Show program version information. -x Enable debugging mode. EXAMPLE
A sample session that queries the remote server with an EAP-MD5 challenge. ( echo 'User-Name = "bob"'; echo 'EAP-MD5-Password = "hello"'; echo 'NAS-IP-Address = marajade.sandelman.ottawa.on.c'; echo 'EAP-Code = Response'; echo 'EAP-Id = 210'; echo 'EAP-Type-Identity = "bob"; echo 'Message-Authenticator = 0x00'; echo 'NAS-Port = 0' ) >req.txt radeapclient -x localhost auth testing123 <req.txt SEE ALSO
radclient(1) AUTHOR
Michael Richardson, <mcr@sandelman.ottawa.on.ca> 08 September 2003 RADEAPCLIENT(1)
Check Out this Related Man Page
RADZAP(1) FreeRadius Daemon RADZAP(1) NAME
radzap - remove rogue entries from the active sessions database SYNOPSIS
radzap [-d raddb_directory] [-h] [-N nas_ip_address] [-P nas_port] [-u user] [-U user] [-x] server[:port] secret DESCRIPTION
The FreeRadius server can be configured to maintain an active session database in a file called radutmp. Commands like radwho(1) use this database. Sometimes that database can get out of sync, and then it might contain rogue entries. radzap can clean up this database. As of FreeRADIUS 1.1.0, radzap is a simple shell-script wrapper around radwho(1) and radclient(1). The sessions are "zapped" by sending an Accounting-Request packet which contains the information necessary for the server to delete the session record. radzap sends a packet to the server, rather than writing to radutmp directly, because session records may also be main- tained in SQL. OPTIONS
-d raddb_directory The directory that contains the RADIUS configuration files. radzap reads radiusd.conf to determine the location of the radutmp file. -h Print usage help information. -N nas_ip_address Zap the entries which match the given NAS IP address. -P nas_port Zap the entries which match the given NAS port. -u user Zap the entries which match the given username (case insensitive). -U user Zap the entries which match the given username (case sensitive). -x Enable debugging output. server[:port] The hostname or IP address of the remote server. Optionally a UDP port can be specified. If no UDP port is specified, it is looked up in /etc/services. The service name looked for is radacct for accounting packets, and radius for all other requests. If a service is not found in /etc/services, 1813 and 1812 are used respectively. secret The shared secret for this client. It needs to be defined on the radius server side too, for the IP address you are sending the radius packets from. SEE ALSO
radwho(1), radclient(1), radiusd(8), radiusd.conf(5). AUTHOR
Alan DeKok <aland@ox.org> 8 April 2005 RADZAP(1)