NAMEradiusd - RADIUS authentication/accounting server
SYNOPSISradiusd [-a DIR] [-b] [-d DIR] [-h] [-f FILE] [-i IP_ADDRESS] [-l FILE] [-o] [-p NUM] [-q NUM] [-s] [-t NUM] [-v] [-w NUM] [-x]
DESCRIPTIONradiusd is the RADIUS authentication and accounting server.
OPTIONS-a DIR Set the directory for RADIUS accounting logs to DIR. The default location is /var/log/radiusd-livingston. -b Use users DB database file /etc/radiusd-livingston/users.db rather than the flat text file /etc/radiusd-livingston/users. builddbm(8) may be used to create this database file. -d DIR Set the database directory to DIR, rather than the default /etc/radiusd-livingston. -f FILE Use FILE as a password file instead of using getpwnam(3) calls for "System" type authentication. -h Show summary of options. -i IP_ADDR Bind the RADIUS server to IP_ADDR address, rather than accepting for all IP addresses on the local machine. -l FILE Log to FILE rather than the default behaviour of logging through syslog. If debugging is set, the default behaviour is to log to /dev/tty and setting -l syslog in this case only will log through syslog. -p NUM Sets the listening port of radiusd to NUM for access requests, NUM+1 for accounting requests, NUM+5 and NUM+6 for handling proxy requests. The default is to use the entries radius, radacct, radius-proxy, and radacct-proxy in /etc/services or 1645, 1646, 1815 and 1816 respectively. (Debian's /etc/services has radius as 1812 and radacct as 1813 in accordance with the RFCs, but has no entries for proxy services.) Most RADIUS clients default to 1645 and 1646, even though that is at variance with the RFCs. -o Accept all-zero accounting request authenticators. The -o flag is provided for backwards compatibility with non- compliant RADIUS clients. If radiusd is run with the -o flag, it logs unsigned accounting records, and flags them with "Request- Authenticator = None". If radiusd is run without the -o flag, it does not log unsigned accounting records. -q NUM Set the maximum number of outstanding requests (default 100), setting a limit on the number of child processes radiusd will spawn off to handle authentication. -s Single process mode. When set radiusd does not fork off a separate accounting server, and does not fork off separate authentication responders for each authentication request. This mode is needed if you wish to use the Virtual Ports feature. -t NUM Set the maximum time in seconds for a child authentication responder to live to NUM. This catches responders that have become unresponsive. The default is 30 seconds. -v Print version number of radiusd on standard error. -w NUM Sets the maximum time in seconds for the proxy server to wait for a response before discarding the request to NUM. The default is 30 seconds. -x Debug mode.
SIGNALSSIGUSR1 Increment debugging level. SIGUSR2 Disables debugging. SIGHUP is ignored. Changes to the clients and proxy files are automatically noticed and acted upon. There is no need to tell radiusd to reread them.
FILES/etc/radiusd-livingston/dictionary RADIUS dictionary. /etc/radiusd-livingston/clients List of RADIUS clients and their shared secrets. /etc/radiusd-livingston/proxy Proxy configuration. /etc/radiusd-livingston/users RADIUS users database (plain ASCII format) /etc/radiusd-livingston/users.db RADIUS users database (Berkeley DB 2.x format), made by builddbm /var/log/radiusd-livingston/CLIENT/details RADIUS accounting logs for CLIENT.
AUTHORradiusd is copyright 1999 Lucent Technologies Inc. All rights reserved. This manual page was written by Paul Martin <firstname.lastname@example.org>, for the Debian GNU/Linux system (but may be used by others).
SEE ALSObuilddbm(8), db_intro(3) RADIUSD(8)