RADCHECK(8)RADCHECK(8)NAME
radcheck - determines whether a Merit AAA server is opera-
tional.
SYNOPSIS
radcheck [ -ddirectory ] [ -pport ] [ -rretries ]
[ -ttimeout ] [ -ghuntgroup_name ] [ -ssubgroup_name
]
[ -x ] [ -v ] [ -n ] servername
DESCRIPTION
Radcheck determines whether a given Merit AAA server is
operational. The servername is required on the command
line. This is the DNS name of a machine running a Merit
AAA server. See authfile(5) for more information. Rad-
check may be executed on any host, not just one registered
in the clients file, however, in those cases, all lines
but the last line of the radcheck output (the "servername
(port-number) ..." line, see below) are omitted.
If the server is found to be operational, radcheck dis-
plays
auth queue: a/b(a/b), acct queue: c/d(c/d), max-
time: t (date)
authfile: x, clients: y, users: z, fsmid: f, date
cleanup_delay: u, avg-delay v, (of w)
Version version config codes
"servername (port-number)" is responding
on standard output. If the number of retries is greater
than zero, radcheck will additionally display
(n retries)
otherwise, radcheck displays
"servername (port-number)" some message
where some message may be one of the following (amongst
others):
No reply from RADIUS server "<hostname>(port)"
Received non-matching id in server response
Received invalid reply digest from server
No such server: "<hostname>"
25 August 1997 1
RADCHECK(8)RADCHECK(8)
For the enhanced Merit AAA server the above output is pre-
ceded by the following information:
Status: g authen, h unconfirmed, i connected, j
suspended, k unknown
Status: l disconn, m reject, n no-token, o cancel,
p collision
and if any token pools are configured there will be one
line for each such pool and the total number of pools dis-
played in the following manner:
some-pool-name: q/r/s-date/t-timestamp
number of pools: n
where q is the total number of tokens configured in some-
pool-name, r is the current number of tokens in use, s is
the token high-water-mark recorded at date and t is the
high-water-mark recorded at timestamp, some time since the
previous midnight.
The above discussion of tokens and token pools does not
apply to the enhanced Merit AAA server per se, but are
features of the full Merit AAA server as operated within
MichNet.
OPTIONS-d directory
allows the user to specify an alternate directory
which is different from the default choices
../raddb or /usr/private/etc/raddb.
-p port
allows the user to specify an alternate port number
instead of the default port 1645.
-r retries
allows the user to specify a number of retries dif-
ferent from the default 10.
-t timeout
allows the user to specify a maximum timeout dif-
ferent from the default 3 seconds.
-g huntgroup_name
allows the user to query a MichNet huntgroup server
about the named huntgroup.
-s subgroup_name
allows the user to query a MichNet huntgroup server
about the named subgroup.
25 August 1997 2
RADCHECK(8)RADCHECK(8)-x allows the user to turn on debugging output.
-v prints the version of the Merit AAA distribution
used in building the program.
-n specifies that the RADIUS packet type Status-Server
should be used.
EXIT STATUS
Normal successful completion returns zero to the system.
If the response from the Merit AAA server had errors, rad-
check returns -2, local errors return -1, and timeout
errors return 1 as status.
SEE ALSOradpwtst(8), radiusd(8), authfile(5), clients(5), dictio-
nary(5), users(5)AUTHOR
Allan C. Rubens, Merit Network, Incorporated.
25 August 1997 3