The main tool used for end-to-end RADIUS testing is eapol_test. This emulates a full 802.1x authentication from the client. There are other tools but they just emulate a simple RADIUS authentication.
We strongly recommend using this approach when doing initial RADIUS testing; there are too many idiosyncrasies with actual clients and wireless systems to be confident that you're testing properly.
Start by installing eapol_test on the same machine at your ORPS is running on and configuring your ORPS to accept authentication requests from localhost.
Download the binary from here: eapol_test git repo. This is a command line tool so there's no point in double clicking on it.
Either
Install the 'eapol_test' package from the repos.
Firstly create a configuration file that contains the relevant authentication information:
network={
eap=PEAP
eapol_flags=0
key_mgmt=IEEE8021X
identity="testaccount@some.realm"
password="password"
#ca_cert="/root/Radius/cacert.pem"
phase2="auth=MSCHAPV2"
anonymous_identity="@some.realm"
}
The above users PEAP/MS-CHAP-V2 to authenticate the user testaccount at the realm some.realm. The identity and anonymous_identity should have the same realm.
The ca_cert line can be commented out if you don't want to compare the server certificate with the Root CA.
The simpliest test command:
eapol_test -c file.txt -a 1.1.1.1 -s secret
-c specifies the file created above.
-a is the IP address of the RADIUS server.
-s is the shared secret with the server.
The RADIUS server must be configured to accept request from the machine that eapol_test is being run on.
This should generate a rather long output ending in either SUCCESS or FAILURE. This output is notoriously hard to decipher so using the RADIUS server logs is generally the best approach.