radiusd

Start RADIUS server

$ radiusd

$ radiusd -X

$ radiusd -C

$ radiusd -f -X

$ radiusd -d [/etc/raddb]

radiusd [options]

radiusd is the FreeRADIUS server daemon implementing the RADIUS (Remote Authentication Dial-In User Service) protocol for centralized authentication, authorization, and accounting of network access. It handles login requests from network devices such as VPN gateways, wireless access points, and switches, verifying credentials against backends like LDAP, SQL databases, or local files.
The server supports multiple authentication methods including PAP, CHAP, MS-CHAP, EAP-TLS, and PEAP. It processes authorization policies to determine what network resources an authenticated user may access, and records accounting data for session tracking and billing. The -X debug mode provides detailed request processing output essential for troubleshooting authentication flows, while -C validates configuration syntax without starting the server.

-X

Debug mode (verbose output).

Check configuration only.

Run in foreground.

Configuration directory.

Server name.

Log file.

/etc/raddb/radiusd.conf

Main server configuration controlling logging, thread pools, module loading, and virtual server definitions. On Debian-based systems, this is at /etc/freeradius/radiusd.conf.

Defines RADIUS clients (network devices) with their IP addresses and shared secrets for authenticating requests.

Local user definitions and authorization rules for simple deployments without an external authentication backend.

Symlinks to enabled module configurations controlling authentication backends, LDAP connections, SQL databases, and policy processing.

Complex configuration. Requires careful security setup. Debug mode outputs secrets - use only for testing.

FreeRADIUS is the most widely deployed RADIUS server, started in 1999 by Alan DeKok and Miquel van Smoorenburg.

radtest(1), radclient(1), radwho(1)