The main tool used for end-to-end RADIUS testing is eapol_test. This emulates a full 802.1x authentication from the client. There are other tools but they just emulate a simple RADIUS authentication.

We strongly recommend using this approach when doing initial RADIUS testing; there are too many idiosyncrasies with actual clients and wireless systems to be confident that you're testing properly.

Start by installing eapol_test on the same machine at your ORPS is running on and configuring your ORPS to accept authentication requests from localhost.

Download the binary from here: eapol_test git repo. This is a command line tool so there's no point in double clicking on it.

Either

• Install the eapoltest package from the appropriate repo ('testing' at the current time).
• Follow these instructions to compile it

Install the 'eapol_test' package from the repos.

Firstly create a configuration file that contains the relevant authentication information:

network={
eap=PEAP
eapol_flags=0
key_mgmt=IEEE8021X
identity="testaccount@some.realm"
password="password"
#ca_cert="/root/Radius/cacert.pem"
phase2="auth=MSCHAPV2"
anonymous_identity="@some.realm"
}

The above users PEAP/MS-CHAP-V2 to authenticate the user testaccount at the realm some.realm. The identity and anonymous_identity should have the same realm.

The ca_cert line can be commented out if you don't want to compare the server certificate with the Root CA.

The simpliest test command:

eapol_test -c file.txt -a 1.1.1.1 -s secret

-c specifies the file created above.

-a is the IP address of the RADIUS server.

-s is the shared secret with the server.

The RADIUS server must be configured to accept request from the machine that eapol_test is being run on.

This should generate a rather long output ending in either SUCCESS or FAILURE. This output is notoriously hard to decipher so using the RADIUS server logs is generally the best approach.