What else should radmin do?

Arran Cudbard-Bell a.cudbardb at freeradius.org
Wed Feb 4 18:08:12 CET 2015


> On 4 Feb 2015, at 22:36, Alan DeKok <aland at deployingradius.com> wrote:
> 
>  I’ve pushed some changes to radmin, which will be in the 3.0.7 release.  The changes make radmin work a little better, in that it now makes a distinction between STDOUT and STDERR.  Also, when a command fails, radmin will exit with an error:
> 
> $ radmin -e “help”
>> $ echo $?
> 0
> 
>  Versus:
> 
> $ radmin -e “no such command”
>> $ echo $?
> 1
> 
> 
>  These changes were made possible by updating the underlying framework used by radmin and the server.  The result of these framework changes is that we can now exchange *anything* safely between the server and radmin.
> 
>  So… what would be useful to exchange?  We can’t do configuration changes, as the server can’t write to /etc/raddb.
> 
>  But we could do test packets, for example. 
> 
> $ radmin “send packet X pretending to be from NAS 192.0.2.1”
> 
>  And get a response.  This means it would be possible to perform better tests on live systems.

Injecting packets good. It's hard to test policies with many different kinds of NAS. For this it'd be nice to accept piped input into radmin (like is currently possible with radclient), instead of introducing new command syntax.
* Multiline input for certain commands (like packet injection)

* Persistent command history via readline.

* Connection pool status 'ping'. Time execution of the status callback. Probably want to do this asynchronously.

* Injecting outbound packets (is this already there)? Start with CoA/DM.
* Triggering home-server status checks as FreeRADIUS isn't allowed to do keepalives. 
* Connection pool stats.
* Forcing rolling re-establishment of connection pool connections.
* Forcing connection pools to return no connection available - now they're shared we need a way of disabling all modules which use a given pool.

* Toggle whether listeners respond to new requests (graceful removal from proxy or load balance group)
* Dynamic discard filters. Firewalls generally can't filter on RADIUS attributes.


> 
>  Any other ideas?
> 
>  Alan DeKok.
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2



More information about the Freeradius-Users mailing list