radiusd(8) RADIUS authentication/accounting server

SYNOPSIS

radiusd [-a DIR] [-b] [-d DIR] [-h] [-f FILE] [-i IP_ADDRESS] [-l FILE] [-o] [-p NUM] [-q NUM] [-s] [-t NUM] [-v] [-w NUM] [-x]

DESCRIPTION

radiusd
is the RADIUS authentication and accounting server.

OPTIONS

-a DIR
Set the directory for RADIUS accounting logs to DIR. The default location is /var/log/radiusd-livingston.
-b
Use users DB database file /etc/radiusd-livingston/users.db rather than the flat text file /etc/radiusd-livingston/users. builddbm(8) may be used to create this database file.
-d DIR
Set the database directory to DIR, rather than the default /etc/radiusd-livingston.
-f FILE
Use FILE as a password file instead of using getpwnam(3) calls for "System" type authentication.
-h
Show summary of options.
-i IP_ADDR
Bind the RADIUS server to IP_ADDR address, rather than accepting for all IP addresses on the local machine.
-l FILE
Log to FILE rather than the default behaviour of logging through syslog.

If debugging is set, the default behaviour is to log to /dev/tty and setting -l syslog in this case only will log through syslog.

-p NUM
Sets the listening port of radiusd to NUM for access requests, NUM+1 for accounting requests, NUM+5 and NUM+6 for handling proxy requests. The default is to use the entries radius, radacct, radius-proxy, and radacct-proxy in /etc/services or 1645, 1646, 1815 and 1816 respectively. (Debian's /etc/services has radius as 1812 and radacct as 1813 in accordance with the RFCs, but has no entries for proxy services.) Most RADIUS clients default to 1645 and 1646, even though that is at variance with the RFCs.
-o
Accept all-zero accounting request authenticators.

The -o flag is provided for backwards compatibility with non-compliant RADIUS clients. If radiusd is run with the -o flag, it logs unsigned accounting records, and flags them with "Request-Authenticator = None". If radiusd is run without the -o flag, it does not log unsigned accounting records.

-q NUM
Set the maximum number of outstanding requests (default 100), setting a limit on the number of child processes radiusd will spawn off to handle authentication.
-s
Single process mode. When set radiusd does not fork off a separate accounting server, and does not fork off separate authentication responders for each authentication request. This mode is needed if you wish to use the Virtual Ports feature.
-t NUM
Set the maximum time in seconds for a child authentication responder to live to NUM. This catches responders that have become unresponsive. The default is 30 seconds.
-v
Print version number of radiusd on standard error.
-w NUM
Sets the maximum time in seconds for the proxy server to wait for a response before discarding the request to NUM. The default is 30 seconds.
-x
Debug mode.

SIGNALS

SIGUSR1
Increment debugging level.
SIGUSR2
Disables debugging.
SIGHUP
is ignored. Changes to the clients and proxy files are automatically noticed and acted upon. There is no need to tell radiusd to reread them.

FILES

/etc/radiusd-livingston/dictionary
RADIUS dictionary. /etc/radiusd-livingston/clients List of RADIUS clients and their shared secrets.
/etc/radiusd-livingston/proxy
Proxy configuration.
/etc/radiusd-livingston/users
RADIUS users database (plain ASCII format)
/etc/radiusd-livingston/users.db
RADIUS users database (Berkeley DB 2.x format), made by builddbm
/var/log/radiusd-livingston/CLIENT/details
RADIUS accounting logs for CLIENT.

AUTHOR

radiusd is copyright 1999 Lucent Technologies Inc. All rights reserved.

This manual page was written by Paul Martin <[email protected]>, for the Debian GNU/Linux system (but may be used by others).