1*eff8f878Syasuoka.\" $OpenBSD: radiusctl.8,v 1.10 2024/09/15 05:26:05 yasuoka Exp $ 2530b2689Syasuoka.\" 3530b2689Syasuoka.\" Copyright (c) YASUOKA Masahiko <yasuoka@yasuoka.net> 4530b2689Syasuoka.\" 5530b2689Syasuoka.\" Permission to use, copy, modify, and distribute this software for any 6530b2689Syasuoka.\" purpose with or without fee is hereby granted, provided that the above 7530b2689Syasuoka.\" copyright notice and this permission notice appear in all copies. 8530b2689Syasuoka.\" 9530b2689Syasuoka.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10530b2689Syasuoka.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11530b2689Syasuoka.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12530b2689Syasuoka.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13530b2689Syasuoka.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14530b2689Syasuoka.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15530b2689Syasuoka.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16530b2689Syasuoka.\" 17530b2689Syasuoka.\" 18*eff8f878Syasuoka.Dd $Mdocdate: September 15 2024 $ 19530b2689Syasuoka.Dt RADIUSCTL 8 20530b2689Syasuoka.Os 21530b2689Syasuoka.Sh NAME 22530b2689Syasuoka.Nm radiusctl 23530b2689Syasuoka.Nd control the RADIUS protocol daemon 24530b2689Syasuoka.Sh SYNOPSIS 25530b2689Syasuoka.Nm 26530b2689Syasuoka.Ar command 27530b2689Syasuoka.Op Ar argument ... 28530b2689Syasuoka.Sh DESCRIPTION 29530b2689SyasuokaThe 30530b2689Syasuoka.Nm 31530b2689Syasuokautility controls the 32530b2689Syasuoka.Xr radiusd 8 33530b2689Syasuokadaemon. 34530b2689Syasuoka.Pp 35530b2689SyasuokaThe following commands are available: 36530b2689Syasuoka.Bl -tag -width Ds 37530b2689Syasuoka.It Xo 38530b2689Syasuoka.Cm test 39530b2689Syasuoka.Ar hostname 40530b2689Syasuoka.Ar radius_secret 41530b2689Syasuoka.Ar user_name 42530b2689Syasuoka.Op options 43530b2689Syasuoka.Xc 44530b2689SyasuokaSends a RADIUS authentication request packet and shows the result. 450d345664SjmcThe request is for the user specified by 46530b2689Syasuoka.Ar user_name 470d345664Sjmcand sent to the RADIUS server specified by 48530b2689Syasuoka.Ar hostname . 49530b2689Syasuoka.Ar radius_secret 50530b2689Syasuokais the shared secret with the server. 51530b2689SyasuokaThe options are as follows: 52530b2689Syasuoka.Bl -tag -width Ds 5396fd820dSjmc.It Cm interval Ar seconds 5496fd820dSjmcSpecifies how many seconds to wait before resending a packet. 5596fd820dSjmcThe default is 2. 5696fd820dSjmc.It Cm maxwait Ar seconds 5796fd820dSjmcSpecifies the maximum amount of time to wait for a valid reply packet. 5896fd820dSjmcThe default is 8. 59530b2689Syasuoka.It Cm method Ar method 600d345664SjmcUse 61530b2689Syasuoka.Ar method 620d345664Sjmcfor authentication. 630d345664SjmcIt can be either 64530b2689Syasuoka.Cm pap , 650d345664Sjmc.Cm chap , 66530b2689Syasuokaor 67530b2689Syasuoka.Cm mschapv2 . 68530b2689SyasuokaIf this option is omitted, 69530b2689Syasuoka.Cm pap 70530b2689Syasuokais used. 71530b2689Syasuoka.It Cm nas-port Ar nas-port 72530b2689SyasuokaSpecify an integer value for the NAS-Port attribute in the packet. 73530b2689SyasuokaIf this option is omitted, 0 is used. 740d345664Sjmc.It Cm password Ar password 750d345664SjmcUse 760d345664Sjmc.Ar password 770d345664Sjmcfor 780d345664Sjmc.Ar user_name . 790d345664Sjmc.It Cm port Ar port 800d345664SjmcUse 810d345664Sjmc.Ar port 820d345664Sjmcwhen sending a packet to 830d345664Sjmc.Ar hostname . 840d345664SjmcIf the port is omitted, 850d345664Sjmcthe default port number 1812 is used. 865d013a5eSdlg.It Cm tries Ar number 875d013a5eSdlgSpecifies the number of packets to try sending. 8896fd820dSjmcThe default is 3. 89a852e27aSyasuoka.It Cm msgauth Ar yes | no 90a852e27aSyasuokaSpecifies if Message-Authenticator is given for the access request packet. 91a852e27aSyasuokaThe default is yes. 92530b2689Syasuoka.El 93842565f2Syasuoka.It Cm ipcp show 94842565f2SyasuokaShow all ipcp sessions in the database of 95842565f2Syasuoka.Xr radiusd_ipcp 8 96842565f2Syasuokabriefly. 97842565f2Syasuoka.It Cm ipcp dump Op Cm -json 98842565f2SyasuokaDump all ipcp sessions in the database of 99842565f2Syasuoka.Xr radiusd_ipcp 8 . 100842565f2SyasuokaWhen 101842565f2Syasuoka.Cm -json 102842565f2Syasuokais specified, 103842565f2Syasuoka.Nm 104842565f2Syasuokashows the sessions in JSON format. 105842565f2Syasuoka.It Cm ipcp monitor Op Cm -json 106842565f2SyasuokaMonitor the database of 107842565f2Syasuoka.Xr radiusd_ipcp 8 , 108842565f2Syasuokashow newly created sessions and deleted sessions. 109842565f2SyasuokaWhen 110842565f2Syasuoka.Cm -json 111842565f2Syasuokais specified, 112842565f2Syasuoka.Nm 113842565f2Syasuokashows the sessions in JSON format. 114842565f2Syasuoka.It Cm ipcp disconnect Ar sequence 115a6de02d9SjsgRequest to disconnect the session specified by the 116842565f2Syasuoka.Ar sequence . 117*eff8f878Syasuoka.It Cm ipcp delete Ar sequence 118*eff8f878SyasuokaRequest to delete the session specified by the 119*eff8f878Syasuoka.Ar sequence 120*eff8f878Syasuokawithout requesting disconnection. 121530b2689Syasuoka.El 122842565f2Syasuoka.Sh EXAMPLES 123842565f2Syasuoka.Bd -literal -offset indent 124842565f2Syasuoka(show all sessions) 125842565f2Syasuoka$ doas radiusctl ipcp show 126842565f2SyasuokaSeq Assigned Username Start Tunnel From 127842565f2Syasuoka--- --------------- ---------------------- -------- ------------------------- 128842565f2Syasuoka 21 192.168.1.99 mifune@example.jp 11:35AM 203.0.113.32:34859 129842565f2Syasuoka 22 192.168.1.103 nakadai@example.jp 11:56AM 192.0.2.4:61794 130842565f2Syasuoka$ 131842565f2Syasuoka 132842565f2Syasuoka(disconnect Nakadai's session) 133842565f2Syasuoka$ doas radiusctl ipcp disconnect 22 134842565f2Syasuoka$ 135842565f2Syasuoka.Ed 136530b2689Syasuoka.Sh SEE ALSO 137842565f2Syasuoka.Xr radiusd 8 , 138842565f2Syasuoka.Xr radiusd_ipcp 8 139