6.3. radpwtst Previous topic Parent topic Child topic Next topic

radpwtst is a testing tool that sends requests to a RADIUS server, such as Radiator, and waits for a reply. Use it to send Access-Request, Accounting-Request (Stop and Start), and Status-Server requests. radpwtst checks that your Radiator server, or any other RADIUS server, is configured and behaving correctly, and also for checking if user's password is correct.
By default, radpwtst sends an Access-Request, waits up to 5 seconds for a reply, sends an Accounting-Request (Start), waits for a reply, then sends an Accounting-Request (Stop), and waits for a reply. You can change this behaviour with the command line flags.
When radpwtst is run with -interactive flag, it queries the password without local echo. This allows you to specify the password without the command line -password option.
If a Framed-IP-Address is received in an Access Accept, then radpwtst uses the address in subsequent Accounting Starts and Stops, unless the -framed_ip_address flag has been set. This allows simple testing of address allocation modules and such.
A fundamental requirement of the RADIUS protocol is that the RADIUS Client (in this case radpwtst) and the RADIUS Server (in this case Radiator) must use the same shared secret. If Radiator keeps rejecting your request with a “Bad Password” message, even though you are sure the password is correct, it may be because the shared secrets are not correct. Check the "Secret" line in your Radiator config file, and perhaps use the -secret command line argument to radpwtst. If you do not specify a -secret argument to radpwtst, it uses mysecret by default
The arguments to radpwtst are:
radpwtst  [-h] [-time] [-iterations n] [-timestamps]
          [-log_microseconds] [-trace [level]] [-notrace] [-onlyfailed] [-print_stats]
          [-user username] [-password password]
          [-s server] [-secret secret] [-auth_port port] [-acct_port port]
          [-noauth] [-noacct] [-nostart] [-nostop] [-alive] [-status]
          [-chap] [-chap_nc] [-mschap] [-mschapv2] [-sip]
          [-eapmd5] [-eapotp] [-eapgtc] [-eapfastgtc] [-leap]
          [-motp_secret xxxxxxxxxxxxxxxx] [-eaphex xxxxxxxxxxxxx]
          [-interactive] [-code requestcode] [-accton] [-acctoff]
          [-identifier n] [-framed_ip_address address]
          [-state state] [-useoldascendpasswords] [-incrementuser]
          [-nas_ip_address address] [-nas_identifier string]
          [-nas_port port] [-nas_port_type type] [-service_type service]
          [-calling_station_id string] [-called_station_id string]
          [-session_id string] [-session_time n]
          [-delay_time n] [-input_octets n] [-output_octets n]
          [-timeout n] [-noreply] [-retries n] [-dictionary file,file]
          [-class string] [-message_authenticator]
          [-raw data] [-rawfile filename] [-rawfileseq filename]
          [-outport port] [-bind_address address]
          [-options optionfile] [-gui]