radiusd - RADIUS authentication/accounting server
[-a DIR] [-b] [-d DIR] [-h]
[-f FILE] [-i IP_ADDRESS] [-l FILE]
[-o] [-p NUM] [-q NUM] [-s]
[-t NUM] [-v] [-w NUM] [-x]
is the RADIUS authentication and accounting server.
- -a DIR
- Set the directory for RADIUS accounting logs to DIR.
The default location is /var/log/radiusd-livingston.
- Use users DB database file
/etc/radiusd-livingston/users.db rather than the flat text file
/etc/radiusd-livingston/users. builddbm(8) may be used to
create this database file.
- -d DIR
- Set the database directory to DIR, rather than the default
- -f FILE
- Use FILE as a password file instead of using
getpwnam(3) calls for "System" type authentication.
- Show summary of options.
- -i IP_ADDR
- Bind the RADIUS server to IP_ADDR address, rather
than accepting for all IP addresses on the local machine.
- -l FILE
- Log to FILE rather than the default behaviour of
logging through syslog.
If debugging is set, the default behaviour is to log to /dev/tty and
setting -l syslog in this case only will log through syslog.
- -p NUM
- Sets the listening port of radiusd to NUM for
access requests, NUM+1 for accounting requests, NUM+5 and
NUM+6 for handling proxy requests. The default is to use the
entries radius, radacct, radius-proxy, and
radacct-proxy in /etc/services or 1645, 1646, 1815 and 1816
respectively. (Debian's /etc/services has radius as 1812 and radacct as
1813 in accordance with the RFCs, but has no entries for proxy services.)
Most RADIUS clients default to 1645 and 1646, even though that is at
variance with the RFCs.
- Accept all-zero accounting request authenticators.
The -o flag is provided for backwards compatibility with
non-compliant RADIUS clients. If radiusd is run with the -o
flag, it logs unsigned accounting records, and flags them with
"Request-Authenticator = None". If radiusd is run without
the -o flag, it does not log unsigned accounting records.
- -q NUM
- Set the maximum number of outstanding requests (default
100), setting a limit on the number of child processes radiusd will
spawn off to handle authentication.
- Single process mode. When set radiusd does not fork
off a separate accounting server, and does not fork off separate
authentication responders for each authentication request. This mode is
needed if you wish to use the Virtual Ports feature.
- -t NUM
- Set the maximum time in seconds for a child authentication
responder to live to NUM. This catches responders that have become
unresponsive. The default is 30 seconds.
- Print version number of radiusd on standard
- -w NUM
- Sets the maximum time in seconds for the proxy server to
wait for a response before discarding the request to NUM. The default is
- Debug mode.
- Increment debugging level.
- Disables debugging.
- is ignored. Changes to the clients and proxy files are
automatically noticed and acted upon. There is no need to tell
radiusd to reread them.
- RADIUS dictionary. /etc/radiusd-livingston/clients
List of RADIUS clients and their shared secrets.
- Proxy configuration.
- RADIUS users database (plain ASCII format)
- RADIUS users database (Berkeley DB 2.x format), made by
- RADIUS accounting logs for CLIENT.
radiusd is copyright 1999 Lucent Technologies Inc. All rights reserved.
This manual page was written by Paul Martin <firstname.lastname@example.org>, for the
Debian GNU/Linux system (but may be used by others).