1.\" $OpenBSD: radiusctl.8,v 1.10 2024/09/15 05:26:05 yasuoka Exp $ 2.\" 3.\" Copyright (c) YASUOKA Masahiko <yasuoka@yasuoka.net> 4.\" 5.\" Permission to use, copy, modify, and distribute this software for any 6.\" purpose with or without fee is hereby granted, provided that the above 7.\" copyright notice and this permission notice appear in all copies. 8.\" 9.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16.\" 17.\" 18.Dd $Mdocdate: September 15 2024 $ 19.Dt RADIUSCTL 8 20.Os 21.Sh NAME 22.Nm radiusctl 23.Nd control the RADIUS protocol daemon 24.Sh SYNOPSIS 25.Nm 26.Ar command 27.Op Ar argument ... 28.Sh DESCRIPTION 29The 30.Nm 31utility controls the 32.Xr radiusd 8 33daemon. 34.Pp 35The following commands are available: 36.Bl -tag -width Ds 37.It Xo 38.Cm test 39.Ar hostname 40.Ar radius_secret 41.Ar user_name 42.Op options 43.Xc 44Sends a RADIUS authentication request packet and shows the result. 45The request is for the user specified by 46.Ar user_name 47and sent to the RADIUS server specified by 48.Ar hostname . 49.Ar radius_secret 50is the shared secret with the server. 51The options are as follows: 52.Bl -tag -width Ds 53.It Cm interval Ar seconds 54Specifies how many seconds to wait before resending a packet. 55The default is 2. 56.It Cm maxwait Ar seconds 57Specifies the maximum amount of time to wait for a valid reply packet. 58The default is 8. 59.It Cm method Ar method 60Use 61.Ar method 62for authentication. 63It can be either 64.Cm pap , 65.Cm chap , 66or 67.Cm mschapv2 . 68If this option is omitted, 69.Cm pap 70is used. 71.It Cm nas-port Ar nas-port 72Specify an integer value for the NAS-Port attribute in the packet. 73If this option is omitted, 0 is used. 74.It Cm password Ar password 75Use 76.Ar password 77for 78.Ar user_name . 79.It Cm port Ar port 80Use 81.Ar port 82when sending a packet to 83.Ar hostname . 84If the port is omitted, 85the default port number 1812 is used. 86.It Cm tries Ar number 87Specifies the number of packets to try sending. 88The default is 3. 89.It Cm msgauth Ar yes | no 90Specifies if Message-Authenticator is given for the access request packet. 91The default is yes. 92.El 93.It Cm ipcp show 94Show all ipcp sessions in the database of 95.Xr radiusd_ipcp 8 96briefly. 97.It Cm ipcp dump Op Cm -json 98Dump all ipcp sessions in the database of 99.Xr radiusd_ipcp 8 . 100When 101.Cm -json 102is specified, 103.Nm 104shows the sessions in JSON format. 105.It Cm ipcp monitor Op Cm -json 106Monitor the database of 107.Xr radiusd_ipcp 8 , 108show newly created sessions and deleted sessions. 109When 110.Cm -json 111is specified, 112.Nm 113shows the sessions in JSON format. 114.It Cm ipcp disconnect Ar sequence 115Request to disconnect the session specified by the 116.Ar sequence . 117.It Cm ipcp delete Ar sequence 118Request to delete the session specified by the 119.Ar sequence 120without requesting disconnection. 121.El 122.Sh EXAMPLES 123.Bd -literal -offset indent 124(show all sessions) 125$ doas radiusctl ipcp show 126Seq Assigned Username Start Tunnel From 127--- --------------- ---------------------- -------- ------------------------- 128 21 192.168.1.99 mifune@example.jp 11:35AM 203.0.113.32:34859 129 22 192.168.1.103 nakadai@example.jp 11:56AM 192.0.2.4:61794 130$ 131 132(disconnect Nakadai's session) 133$ doas radiusctl ipcp disconnect 22 134$ 135.Ed 136.Sh SEE ALSO 137.Xr radiusd 8 , 138.Xr radiusd_ipcp 8 139