Radwho displays the list of users currently logged in by the
Radius server.
Default output information is made compatible with that of the standard @UNIX{} finger(1) utility. For each user the following information is displayed: login name, name, connection protocol, NAS port, login date, NAS name, assigned IP address or corresponding network name.
When used with -l option, the long output format is used. In
this format the following information is output:
The following command line options can be used to modify the behavior of the program:
-A
--all
-c
--calling-id
-d NAME
--directory NAME
-D {short|abbr|full}
--date-formap {short|abbr|full}
DOW HH:MM, where DOW means the day of week abbreviation,
HH and MM mean hours and minutes respectively. This corresponds to
option -D short. Other available formats are:
Mon Dec 18 12:29:38 EET 2000
-e STRING
--empty STRING
radwho is fed to some analyzing program, as it helps to keep
the same number of columns on each line of output.
-F
--finger
radwho emulates the
behavior of fingerd(8) utility. Use this option if starting
radwho from the /etc/inetd.conf line like this:
finger stream tcp nowait nobody /usr/sbin/radwho radwho -fL
This mode is also enabled by default if radwho notices that its
name (argv[0]) is `fingerd' or `in.fingerd'.
-H
--no-header
-i
--session-id
-I {smart|ip|nodomain}
--ip-format {smart|ip|nodomain}
-u
--local-also
radwho as a finger daemon.
-n
--no-resolve
-o FORMAT
--format FORMAT
RADWHO_FORMAT.
The format string is a comma-separated list of format specifications
in one of the following forms:
login
orig
port
sid
nas
ip
proto
date
delay
type
ptype
| Type | Meaning |
| `L' | Local connection |
| `R' | Rlogin connection |
| `S' | SLIP connection |
| `C' | CSLIP connection |
| `P' | PPP connection |
| `A' | Auto PPP connection |
| `E' | Telnet session |
| `T' | "Clear TCP" connection |
| `U' | TCP login service |
| `!' | Console session |
| `X' | Shell |
time
clid
uname
-s
--secure
The radlast utility lists sessions of specified users, NASes,
NAS ports and hosts, in reverse time order. By default, each line of output
contains the login name, NAS short name and port number from where the
session was conducted, host IP address or name, the start and stop
times for the session, and the duration of the session. If the session
is still continuing, radlast will so indicate.
When specified the -l option, radlast produces long
output. It includes following fields:
Use following command line options to control the behavior of
radlast utility:
-number
-c number
--count number
radlast will output at most this many
lines of information.
-f
--file name
-h hostname
--host hostname
-n shortname
--nas shortname
-l
--long-format
-p number
--port number
radlast -p 3 or radlast -p S03.
-s
--show-seconds
-t
-p. This flag is provided for compatibility with last(1).
-w
--wide
If multiple arguments are given, the logical OR operation between them
is assumed, i.e. the information selected by each argument
is printed. This, however, does not apply to -c option. This option is
always combined with the rest of command line by logical AND.
The pseudo-user `~reboot' logs in on every reboot of network access server.
If radlast is interrupted, it indicates to what date the search
was progressed.
The raduse utility shows the usage of dialup lines in the
realtime.
At the top of output the summary information is displayed. It consists of two lines. First line shows the statistic collection uptime and current date/time. Second line shows total number of lines, number of active lines, number of idle (inactive) lines and load percentage.
The dialup statistics is displayed in the area below. For each dialup line three lines of data are shown.
First line shows the network access server name, port number on that server, number of logins registered on this line, status of the line, amount of time the line keeps the current status, and date and time where the line has switched to the current status.
If the line is currently active, the status field displays login name of the user logged in on this line. If the line is inactive, the word `[Idle]' is displayed.
Second and third lines display active and idle usage summary. They show following data: total time the line is in the given state, maximum amount of time in this state, and starting date and time when maximum duration was perceived.
The example of default display:
uptime 90+20:35 Sun Dec 17 12:21
235 lines, 71 active, 164 idle. Pool load 0.30
max 001 2796 [idle] 00:05 Sun Dec 17 12:16
43+00:17 1+22:39 Fri Sep 22 18:04 - 16:44
47+20:22 06:25 Thu Oct 05 02:24 - 08:50
max 002 2877 [idle] 00:09 Sun Dec 17 12:11
41+06:56 10:55 Sat Oct 28 21:20 - 07:15
49+13:35 05:32 Mon Oct 02 00:33 - 06:05
max 003 3000 [idle] 00:08 Sun Dec 17 12:12
39+14:42 19:44 Thu Nov 02 14:52 - 10:36
50+11:22 07:29 Wed Oct 11 23:30 - 06:59
max 004 2829 jsmith 00:05 Sun Dec 17 12:15
41+21:11 1+00:04 Sun Sep 24 12:17 - 12:21
48+23:28 04:51 Sat Oct 07 03:42 - 08:33
max 005 2913 gray 00:41 Sun Dec 17 11:40
40+12:01 15:24 Mon Dec 11 19:18 - 10:43
50+08:03 11:58 Wed Nov 29 13:43 - 01:41
max 006 3014 roland 00:39 Sun Dec 17 11:41
42+02:10 22:28 Sun Sep 24 13:46 - 12:15
48+17:39 05:30 Fri Nov 24 01:57 - 07:28
max 007 2937 [idle] 00:06 Sun Dec 17 12:15
This default display can be altered using command line options or interactive commands
The following options modify the behavior of raduse:
-b
--brief
-d count
--display count
-D
--dump
-I
--no-idle-lines
raduse displays all dialup
lines.
-i
--interactive
-n
--no-interactive
-s num
--delay num
-w
--widen
-l
--list-nas
-h
--help
The following commands are understood when raduse is in
interactive mode. Some commands require an argument. Such commands
are followed by the word arg. When raduse gets such command
it displays a prompt and waits for user to enter the necessary data.
After processing each command the screen is updated immediately, no matter was the command understood or not.
radzap searches the Radius accounting database for matching login
records and closes them.
At least one of -n, -p options or username must be
specified. If they are used in conjunction, they are taken as if
joined by logical AND operation.
`radzap' operates in two modes: silent and confirm. The silent mode is enabled by default. When run in this mode, radzap deletes every record that matched the search conditions given.
In confirm mode `radzap' will ask for a confirmation before zapping each matching record. Every line beginning with a `y' is taken as positive response, otherwise it is taken as negative response.
The confirm mode is toggled by the command line option -c.
radzap [options] [username]
Options are:
-c
--confirm
-q
--quiet
-h
--help
-n NAME
--nas NAME
-p PORT
--port PORT
radzap -p S02 or in
its short form, like radzap -p 2.
This utility allows to quickly lookup the user in the radius accounting database using a regular expression match.
radgrep scans the output of radwho utility and outputs
only the lines that match given regular expressions.
radgrep accepts two sets of options separated by `--'
(double-dash) sign. First subset is passed as command line to
radwho utility. The second one is passed to grep.
This utility is a shell program that determines the user's
framed IP address and runs ping on that address.
radping username
radping -c calling-station-id
The second way of invoking the program allows to use calling station ID in order to indicate the user.
The radauth utility sends the Radius server Access-Request
packet and displays the result it gets. It can be used to test the
configuration files. The usage is:
raduse [-v] username password
The -v or --verbose option forces radauth to be
verbose on output.
If you enter `.' (dot) instead of the password, the program will disable echoing on the screen, prompt you to enter the password, and turn the echoing on again, thus preventing the password from being compromised.
The program determines which Radius server to use, the authentication port number and shared secret following the procedure common for all client scripts (see section Client Configuration).
Radctl is a control interface to radiusd daemon. It allows
user running it to query radiusd about various aspects of its
work and issue administrative commands to it.
radctl -s command [args]
Where command is a command telling radctl which actions to
take, and args are optional arguments to the command. Only one
command can be specified per invocation.
The valid commands are as follows:
start [args]
radiusd is not running already, it is started. When
present, args are passed as the command line to the
server.
stop
radiusd.
restart [args]
reload
radiusd server to re-read its configuration files.
dumpdb
radiusd to dump its user hash table into the file
`radlog/radius.parse'. This can be used for debugging
configuration files.
status
radiusd reports its memory usage statistics. The information is
logged under Info log level.
which
radiusd.
Builddbm converts the plaintext Radius users database into
DBM files. Some versions of Radius daemon have used this to
speed up the access to the users database.
However, with GNU Radius things go the other way around. The server reads entire plaintext database, converts it into internal form and stores into hash table which provides for fast access. Actually, using DBM version of the users database slows down the access unless the machine which runs Radius daemon is short of address space for the daemon to store the users database into.
When used without arguments, builddbm utility attempts to
convert file `raddb/users' into `raddb/users.db' or
`raddb/users.pag', `raddb/users.dir' pair, depending on the
version of DBM library used.
If used with one argument, the argument is taken as the name of the plaintext database file to operate upon.
Use the following command line options to modify the operation of
buildbm:
-d dir
-h
Radscm is a Scheme interpreter based on Guile with the addition
of special functions and variables for communicating with
radiusd. This chapter concentrates on the special features
provided by radscm. Please refer to Guile documentation for
information about Scheme and Guile See section `Overview' in The Guile Reference Manual.
(list ID-STR HOST-STR SECRET-STR AUTH-NUM ACCT-NUM CNTL-NUM)
where:
| ID-STR | Server ID, |
| HOST-STR | Server hostname or IP address, |
| SECRET-STR | Shared secret key to use, |
| AUTH-NUM | Authentication port number, |
| ACCT-NUM | Accounting port number, |
| CNTL-NUM | Control channel port number. |
Thus, each entry can be used as an argument to rad-client-set-server or rad-client-add-server.
| 0 | Authentication port, |
| 1 | Accounting port, |
| 2 | Control port. |
(cons ATTR-NAME-STR VALUE)
or
(cons ATTR-NUMBER VALUE)
Return:
On success
(list RETURN-CODE-NUMBER PAIR-LIST)
On failure:
'()
(list ID-STR HOST-STR SECRET-STR AUTH-NUM ACCT-NUM CNTL-NUM)
where:
| ID-STR | Server ID, |
| HOST-STR | Server hostname or IP address, |
| SECRET-STR | Shared secret key to use, |
| AUTH-NUM | Authentication port number, |
| ACCT-NUM | Accounting port number, |
| CNTL-NUM | Control channel port number. |
(list ID-STR HOST-STR SECRET-STR AUTH-NUM ACCT-NUM CNTL-NUM)
where:
| ID-STR | Server ID, |
| HOST-STR | Server hostname or IP address, |
| SECRET-STR | Shared secret key to use, |
| AUTH-NUM | Authentication port number, |
| ACCT-NUM | Accounting port number, |
| CNTL-NUM | Control channel port number. |
(cons NAME-STR VALUE)
or
(cons ATTR-NUMBER VALUE)
where VALUE may be of any type appropriate for the given attribute.
(cons NAME-STR VALUE)
or
(cons ATTR-NUMBER VALUE)
where VALUE may be of any type appropriate for the given attribute.
All "Reply-Message" pairs from the list are concatenated and displayed as one.
rad-server-list print its ID and hostname
or IP address.
Go to the first, previous, next, last section, table of contents.