[root@webadm1 conf]# netstat -tulpn | grep rad
tcp 0 0 0.0.0.0:1812 0.0.0.0:* LISTEN 304771/rcdevs-radiu
tcp 0 0 0.0.0.0:1813 0.0.0.0:* LISTEN 304771/rcdevs-radiu
tcp 0 0 0.0.0.0:18120 0.0.0.0:* LISTEN 304771/rcdevs-radiu
udp 0 0 0.0.0.0:18120 0.0.0.0:* 304771/rcdevs-radiu
udp 0 0 0.0.0.0:1812 0.0.0.0:* 304771/rcdevs-radiu
udp 0 0 0.0.0.0:1813 0.0.0.0:* 304771/rcdevs-radiu
Our radtest client is just a small script which is using the radclient package located in /opt/radiusd/libexec/radclient :
[root@webadm1 bin]# ../libexec/radclient
radclient: Insufficient arguments
Usage: radclient [options] server[:port] <command> [<secret>]
<command> One of auth, acct, status, coa, disconnect or auto.
-4 Use IPv4 address of server
-6 Use IPv6 address of server.
-c <count> Send each packet 'count' times.
-d <raddb> Set user dictionary directory (defaults to /opt/radiusd/conf).
-D <dictdir> Set main dictionary directory (defaults to /opt/radiusd/lib/dictionaries).
-f <file>[:<file>] Read packets from file, not stdin.
If a second file is provided, it will be used to verify responses
-F Print the file name, packet number and reply code.
-h Print usage help information.
-n <num> Send N requests/s
-p <num> Send 'num' packets from a file in parallel.
-q Do not print anything out.
-r <retries> If timeout, retry sending the packet 'retries' times.
-s Print out summary information of auth results.
-S <file> read secret from file, not command line.
-t <timeout> Wait 'timeout' seconds before retrying (may be a floating point number).
-v Show program version information.
-x Debugging mode.
-P <proto> Use proto (tcp or udp) for transport.
# OpenOTP authentication support
# You may set to 'no' if you want RadiusBridge to support EAP-TLS (ie. cert_support) only.
# OpenOTP authentication is the default RadiusBridge operating mode and is enabled by default.
auth_support = yes
# EAP-TLS Wifi support
# Enable cert_support if you want to use EAP-TLS authentication for Enterprise Wifi.
# With EAP-TLS, the user authentication uses a user certificate only (no username, password or OTP).
# The user certificates are generated in WebADM or the self-services. You need to enable the OCSP
# service URL below with EAP-TLS.
cert_support = yes
# EAP-TLS with machine certificates
# Allows WebADM client certificates to be used for EAP-TLS Wifi authentication.
# By default, 'cert_support' allows login with user-registered certificates only.
machine_cert = yes