EAP Testing

While FreeRADIUS comes with a command-line tool called radeapclient, by far and away the best EAP testing tool is the eapol_test program from wpa_supplicant.

The default build of wpa_supplicant does not build the eapol_test program, so you will have to do that yourself.

Building eapol_test

Download the latest version of wpa_supplicant, and un-tar it, then follow these instructions to build it:

$ cd wpa_supplicant-version
$ cp defconfig .config
$ vi .config

Find the line containing

#CONFIG_EAPOL_TEST=y

and change it to

CONFIG_EAPOL_TEST=y

Then, type

$ make eapol_test

Once it is done, copy the file to some where in your PATH. e.g. /usr/local/bin, or ~/bin. The following tests assume that the eapol_test file has been installed, such as via the following command:

$ cp eapol_test /usr/local/bin

Testing

Run the eapol_test program from the command-line, with one of the following configuration files.

$ eapol_test -c file -s testing123

Where file is one of the configuration files below. We are also assuming that the RADIUS server is on localhost, and that the shared secret is testing123.

These configuration files assume that you are using the test user bob, with password hello, as given in the PAP howto.

If the production certificates have been created, then the ca_cert entry in each configuration file can be un-commented. The eapol_test program will then verify the server certificate.