radeapclient(1) send EAP packets to a RADIUS server, calculate responses


radeapclient [-4] [-6] [-c count] [-d raddb_directory] [-f file] [-h] [-i source_ip] [-q] [-s] [-r retries] [-S file] [-t timeout] [-v] [-x] server {acct|auth} secret


radeapclient is a radius client program. It can send arbitrary radius packets to a radius server, then shows the reply. Radeapclient differs from radclient in that if there is an EAP-MD5 challenge, then it will be responded to.

radeapclient is otherwise identical to radclient.

The EAP-Identity attribute, if present is used to construct an EAP Identity message.

The EAP-MD5-Password attribute, if present is used to respond to an MD5 challenge.

No other EAP types are currently supported.


Use IPv4 (default)
Use IPv6
-c count
Send each packet count times.
-d raddb
Set dictionary directory.
-f file
Read packets from file, not stdin.
-r retries
If timeout, retry sending the packet retries times.
-t timeout
Wait timeout seconds before retrying (may be a floating point number).
Print usage help information.
-i id
Set request id to 'id'. Values may be 0..255
-S file
Read secret from file, not command line.
Quiet, do not print anything out.
Print out summary information of auth results.
Show program version information.
Enable debugging mode.


A sample session that queries the remote server with an EAP-MD5 challenge.

( echo 'User-Name = "bob"';
  echo 'EAP-MD5-Password = "hello"';
  echo 'NAS-IP-Address = marajade.sandelman.ottawa.on.c';
  echo 'EAP-Code = Response';
  echo 'EAP-Id = 210';
  echo 'EAP-Type-Identity = "bob";
  echo 'Message-Authenticator = 0x00';
  echo 'NAS-Port = 0' ) >req.txt
radeapclient -x localhost auth testing123 <req.txt


Michael Richardson, <[email protected]>