raddebug(8) [centos man page]
RADDEBUG(8) FreeRADIUS Daemon RADDEBUG(8) NAME
raddebug - Display debugging output from a running server. SYNOPSIS
raddebug [-c condition] [-d config_directory] [-i ipv4-address] [-I ipv6-address] [-f socket_file] [-t timeout] [-u user-name] DESCRIPTION
raddebug is a shell script wrapper around radmin that automates the process of obtaining debugging output from a running server. It does this without impacting service availability, unlike using radiusd -X. There are a number of prerequisites that are required for its proper operation: * radmin must be available in the PATH. * The user running raddebug must have permission to connect to the server control socket. * The control socket must be configured. For instructions, see raddb/sites-available/control-socket * The control socket must be marked as "mode = rw". * The user running raddebug must have permission to read and write files in the "logdir" directory. This is usually /var/log/radiusd. For a number of reasons, the debugging output is placed in an intermediate file, rather than being sent directly to standard output. In order to prevent this file from growing too large, the raddebug program is automatically terminated after 10 seconds. This timeout can be changed via the "-t" parameter. When the script exits, debug mode in the server is disabled, and the intermediate file is deleted. Debug output from a live server can be redirected to only one location. If a second instance of raddebug is started while the first one is still running, the later one will over-ride the first one, and the first will stop producing output. OPTIONS
-c condition Set a specific debug condition. The format of the condition is as specified in the CONDITIONS section of the unlang manual page. -f socket_file The path to the control socket. See the radmin manual page for more description of this option. -i ipv4-address Show debug output for the client having the given IPv4 address. This option is equivalent to using: -c '(Packet-Src-IP-Address == ipv4-address)' -d config directory The radius configuration directory, usually /etc/raddb. See the radmin manual page for more description of this option. -I ipv6-address Show debug output for the client having the given IPv6 address. This option is equivalent to using: -c '(Packet-Src-IPv6-Address == ipv6-address)' -t timeout Stop printing debug output after "timeout" seconds. The default timeout is sixty (60) seconds. Use "-t 0" to print debugging out- put forever, or until the script exits. -u name Show debug output for users having the given name. This option is equivalent to using: -c '(User-Name == name)' SEE ALSO
radmin(8), raddb/sites-available/control-socket, unlang(5), radiusd.conf(5) AUTHORS
Alan DeKok <aland@freeradius.org> 1 September 2010 RADDEBUG(8)
Check Out this Related Man Page
RADMIN(8) FreeRADIUS Server Administration Tool RADMIN(8) NAME
radmin - FreeRADIUS Administration tool SYNOPSIS
radmin [-d config_directory] [-e command] [-E] [-f socket_file] [-h] [-i input_file] [-n name] [-o output_file] [-q] DESCRIPTION
FreeRADIUS Server administration tool that connects to the control socket of a running server, and gives a command-line interface to it. At this time, only a few commands are supported. Please type "help" at the command prompt for detailed information about the supported commands. WARNING
The security protections offered by this command are limited to the permissions on the Unix domain socket, and the server configuration. If someone can connect to the Unix domain socket, they have a substantial amount of control over the server. OPTIONS
The following command-line options are accepted by the program. -d config directory Defaults to /etc/raddb. radmin looks here for the server configuration files to find the "listen" section that defines the control socket filename. -e command Run command and exit. -E Echo commands as they are being executed. -f socket_file Specify the socket filename directly. The radiusd.conf file is not read. -h Print usage help information. -i input_file Reads input from the specified file. If not specified, stdin is used. This also sets "-q". -n mname Read raddb/name.conf instead of raddb/radiusd.conf. -o output_file Write output to the specified file. If not specified, stdout is used. This also sets "-q". -q Quiet mode. COMMANDS
The commands implemented by the command-line interface are almost completely controlled by the server. There are a few commands inter- preted locally by radmin: reconnect Reconnect to the server. quit Exit from radmin. exit Exit from radmin. The other commands are implemented by the server. Type "help" at the prompt for more information. EXAMPLES
debug file /var/log/radius/bob.log Set debug logs to /var/log/radius/bob.log. There is very little checking of this filename. Rogue administrators may be able use this command to over-write almost any file on the system. If those administrators have write access to "radius.conf", they can do the same thing without radmin, too. debug condition '(User-Name == "bob")' Enable debugging output for all requests that match the condition. Any "unlang" condition is valid here. The condition is parsed as a string, so it must be enclosed in single or double quotes. Strings enclosed in double-quotes must have back-slashes and the quotation marks escaped inside of the string. Only one debug condition can be active at a time. debug condition '((User-Name == "bob") || (Packet-Src-IP-Address == 192.0.2.22))' A more complex condition that enables debugging output for requests containing User-Name "bob", or requests that originate from source IP address 192.0.2.22. debug condition Disable debug conditionals. FULL LIST OF COMMANDS
add <command> do sub-command of add add client <command> Add client configuration commands add client file <filename> Add new client definition from <filename> debug <command> debugging commands debug condition [condition] Enable debugging for requests matching [condition] debug level <number> Set debug level to <number>. Higher is more debugging. debug file [filename] Send all debugging output to [filename] del <command> do sub-command of del del client <command> Delete client configuration commands del client ipaddr <ipaddr> Delete a dynamically created client hup [module] sends a HUP signal to the server, or optionally to one module inject <command> commands to inject packets into a running server inject to <ipaddr> <port> Inject packets to the destination IP and port. inject from <ipaddr> Inject packets as if they came from <ipaddr> inject file <input-file> <output-file> Inject packet from input-file>, with results sent to <output-file> reconnect reconnect to a running server terminate terminates the server, and cause it to exit set <command> do sub-command of set set module <command> set module commands set module config <module> variable value set configuration for <module> set module status [alive|dead] set the module to be alive or dead (always return "fail") set home_server <command> set home server commands set home_server state <ipaddr> <port> [alive|dead] set state for given home server show <command> do sub-command of show show client <command> do sub-command of client show client config <ipaddr> show configuration for given client show client list shows list of global clients show debug <command> show debug properties show debug condition Shows current debugging condition. show debug level Shows current debugging level. show debug file Shows current debugging file. show home_server <command> do sub-command of home_server show home_server config <ipaddr> <port> show configuration for given home server show home_server list shows list of home servers show home_server state <ipaddr> <port> shows state of given home server show module <command> do sub-command of module show module config <module> show configuration for given module show module flags <module> show other module properties show module list shows list of loaded modules show module methods <module> show sections where <module> may be used show uptime shows time at which server started show version Prints version of the running server show xml <reference> Prints out configuration as XML stats <command> do sub-command of stats stats client [auth/acct] <ipaddr> show statistics for given client, or for all clients (auth or acct) stats home_server [<ipaddr>/auth/acct] <port> show statistics for given home server (ipaddr and port), or for all home servers (auth or acct) stats detail <filename> show statistics for the given detail file SEE ALSO
unlang(5), radiusd.conf(5), raddb/sites-available/control-socket AUTHOR
Alan DeKok <aland@freeradius.org> 14 Mar 2011 RADMIN(8)