RAD-CLIENT(1) User Contributed Perl Documentation RAD-CLIENT(1)NAMErad-client - A command line RADIUS client
SYNOPSISrad-client--secret secret --server server --dictionary dictfile ...
[--attempts n] [--timeout t] [--port port] [--code packet-code]
[--authenticator packet-authenticator] [--identifier id] [--prompt]
[--attributes file] [--nowait] [--dump-request] [--quiet] [--help]
attributes...
DESCRIPTION
"rad-client" is a command-line RADIUS client that is expected to be
flexible enough so as to allow for testing of servers and automating
monitoring scripts. This script ships as part of
Net::Radius::Server(3).
Basically, this script will craft a RADIUS packet, send it to the
specified server and wait for a response (unless --nowait is specified,
see below).
The following options are supported (Options can be shortened - See
Getopt::Long(3)):
--attempts n
Specify the number of attempts to send the RADIUS packet to the
server. This defaults to the magical number, 3. Retransmissions are
reported to "STDERR" unless --quiet is specified.
--timeout t
How much to wait for an answer before retrying, in seconds.
Defaults to 3 seconds. Timeouts are reported to "STDERR" unless
--quiet is specified.
--nowait
Causes "rad-client" to forego waiting for the response. This may be
useful for some test scenarios. No retransmissions occur when this
option is specified, so only one packet is sent.
--server server
Surprisingly, the server address to which to send the RADIUS
packets.
--port port
Correct. This is the server port where RADIUS packets should be
sent. Defaults to 1812.
--secret secret
The RADIUS shared secret used for packet authentication.
--prompt [attribute]
Prompt the user and add a password-encoded RADIUS attribute to the
request. By default, this works in the RADIUS attribute 2.
--dictionary dictfile...
Specifies one or more dictionary files to use for crafting the
RADIUS packet and for decoding the eventual response. Multiple
files can be specified, causing the dictionaries to be loaded in
order.
--code code
The RADIUS packet code. Defaults to 'Access-Request'.
--authenticator auth
Specifies the RADIUS packet authenticator. The authenticator
defaults to a semi-random string composed of printable characters,
which seems nice in the packet dumps.
Note that a great deal of the (limited) security of RADIUS depends
on the use of strong authenticator strings, which should be random
and unrelated to the request they're protecting. The implementation
used in this script is NOT secure, as there is little randomness.
--identifier id
Specifies the RADIUS packet identifier. This defaults to a random
number between 1 and 255.
--attributes file
Parse attributes from the given file, where they must be specified
one per line. Comments following Perl syntax are allowed in said
file. Additional attributes can be specified in the command line.
The special file "-" means, as expected, to read "STDIN".
--dump-request
Causes the packet that "rad-client" crafted to be dumped to
"STDOUT" before sending it.
--quiet
Supress warnings and indications.
--help
Shows this documentation, then exits.
RADIUS attributes are specified either in the command line or in the
file specified with the --attributes option, as follows:
[vendor.]attribute=value
Where vendor and attribute are the labels specified in the dictionary.
If the packet code is 'Access-Request' (or another packet code
requiring a password attribute), the special attributes 'Password' and
'User-Password' (with no vendor), will be encoded with the shared
secret before sending the packet, as expected.
Any received packets will be dumped to "STDOUT" using
"Net::Radius::Packet->dump".
HISTORY
$Log$
Revision 1.3 2006/11/15 00:08:46 lem
rad-client can now prompt for attribute values...
Revision 1.2 2006/11/09 16:24:05 lem
Only encode User-Password on packet codes other than Access-Request
Revision 1.1 2006/11/09 10:28:47 lem
Added rad-client to the distribution
LICENSE AND WARRANTY
This code and all accompanying software comes with NO WARRANTY. You use
it at your own risk.
This code and all accompanying software can be used freely under the
same terms as Perl version 5.8.6 itself.
AUTHOR
Luis E. Mun~oz <luismunoz@cpan.org>
SEE ALSOperl(1), Getopt::Long(3), Net::Radius::Server(3).
POD ERRORS
Hey! The above document had some coding errors, which are explained
below:
Around line 403:
Non-ASCII character seen before =encoding in 'Mun~oz'. Assuming
UTF-8
perl v5.20.2 2009-09-20 RAD-CLIENT(1)