======Testing tools======

The main tool used for end-to-end RADIUS testing is **eapol_test**. This emulates a full 802.1x authentication from the client. There are other tools but they just emulate a simple RADIUS authentication.

We strongly recommend using this approach when doing initial RADIUS testing; there are too many idiosyncrasies with actual clients and wireless systems to be confident that you're testing properly. 

Start by installing eapol_test on the same machine at your ORPS is running on and configuring your ORPS to accept authentication requests from localhost.

=====Downloads=====

====Windows====

Download the binary from here: [[https://github.com/janetuk/eapol_test/releases/|eapol_test git repo]]. This is a command line tool so there's no point in double clicking on it.

====Debian Linux====

Either 

  * Install the eapoltest package from the appropriate repo ('testing' at the current time).
  * Follow [[http://deployingradius.com/scripts/eapol_test/|these instructions]] to compile it

====Centos Linux====

Install the 'eapol_test' package from the repos.

=====Configuration=====

Firstly create a configuration file that contains the relevant authentication information:

<code>
network={
eap=PEAP
eapol_flags=0
key_mgmt=IEEE8021X
identity="testaccount@some.realm"
password="password"
#ca_cert="/root/Radius/cacert.pem"
phase2="auth=MSCHAPV2"
anonymous_identity="@some.realm"
}
</code>

The above users PEAP/MS-CHAP-V2 to authenticate the user **testaccount** at the realm **some.realm**. The ''identity'' and ''anonymous_identity'' should have the same realm.

The ''ca_cert'' line can be commented out if you don't want to compare the server certificate with the Root CA.

=====Testing=====

The simpliest test command:

<code>
eapol_test -c file.txt -a 1.1.1.1 -s secret
</code>

''-c'' specifies the file created above.

''-a'' is the IP address of the RADIUS server.

''-s'' is the shared secret with the server.

The RADIUS server must be configured to accept request from the machine that eapol_test is being run on.

This should generate a rather long output ending in either SUCCESS or FAILURE. This output is notoriously hard to decipher so using the RADIUS server logs is generally the best approach.