Table of Contents
Testing tools
The main tool used for end-to-end RADIUS testing is eapol_test. This emulates a full 802.1x authentication from the client. There are other tools but they just emulate a simple RADIUS authentication.
We strongly recommend using this approach when doing initial RADIUS testing; there are too many idiosyncrasies with actual clients and wireless systems to be confident that you're testing properly.
Start by installing eapol_test on the same machine at your ORPS is running on and configuring your ORPS to accept authentication requests from localhost.
Downloads
Windows
Download the binary from here: eapol_test git repo. This is a command line tool so there's no point in double clicking on it.
Debian Linux
Either
- Install the eapoltest package from the appropriate repo ('testing' at the current time).
- Follow these instructions to compile it
Centos Linux
Install the 'eapol_test' package from the repos.
Configuration
Firstly create a configuration file that contains the relevant authentication information:
network={ eap=PEAP eapol_flags=0 key_mgmt=IEEE8021X identity="testaccount@some.realm" password="password" #ca_cert="/root/Radius/cacert.pem" phase2="auth=MSCHAPV2" anonymous_identity="@some.realm" }
The above users PEAP/MS-CHAP-V2 to authenticate the user testaccount at the realm some.realm. The identity
and anonymous_identity
should have the same realm.
The ca_cert
line can be commented out if you don't want to compare the server certificate with the Root CA.
Testing
The simpliest test command:
eapol_test -c file.txt -a 1.1.1.1 -s secret
-c
specifies the file created above.
-a
is the IP address of the RADIUS server.
-s
is the shared secret with the server.
The RADIUS server must be configured to accept request from the machine that eapol_test is being run on.
This should generate a rather long output ending in either SUCCESS or FAILURE. This output is notoriously hard to decipher so using the RADIUS server logs is generally the best approach.