7a57eb3156
Signed-off-by: Jouni Malinen <j@w1.fi>
209 lines
6.3 KiB
Text
209 lines
6.3 KiB
Text
<!doctype refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
|
|
|
|
<refentry>
|
|
<refentryinfo>
|
|
<date>07 August 2019</date>
|
|
</refentryinfo>
|
|
|
|
<refmeta>
|
|
<refentrytitle>eapol_test</refentrytitle>
|
|
<manvolnum>8</manvolnum>
|
|
</refmeta>
|
|
<refnamediv>
|
|
<refname>eapol_test</refname>
|
|
|
|
<refpurpose>EAP peer and RADIUS client testing</refpurpose>
|
|
</refnamediv>
|
|
|
|
<refsynopsisdiv>
|
|
<cmdsynopsis>
|
|
<command>eapol_test</command>
|
|
<arg>-nWS</arg>
|
|
<arg>-c<replaceable>config file</replaceable></arg>
|
|
<arg>-a<replaceable>server IP address</replaceable></arg>
|
|
<arg>-A<replaceable>client IP address</replaceable></arg>
|
|
<arg>-p<replaceable>UDP port</replaceable></arg>
|
|
<arg>-s<replaceable>shared secret</replaceable></arg>
|
|
<arg>-r<replaceable>re-authentications</replaceable></arg>
|
|
<arg>-t<replaceable>timeout</replaceable></arg>
|
|
<arg>-C<replaceable>Connect-Info</replaceable></arg>
|
|
<arg>-M<replaceable>MAC address</replaceable></arg>
|
|
<arg>-o<replaceable>file</replaceable></arg>
|
|
<arg>-N<replaceable>attr spec</replaceable></arg>
|
|
</cmdsynopsis>
|
|
<cmdsynopsis>
|
|
<command>eapol_test scard</command>
|
|
</cmdsynopsis>
|
|
<cmdsynopsis>
|
|
<command>eapol_test sim</command>
|
|
<arg>PIN</arg>
|
|
<arg>num triplets</arg>
|
|
</cmdsynopsis>
|
|
</refsynopsisdiv>
|
|
|
|
<refsect1>
|
|
<title>Overview</title>
|
|
|
|
<para>eapol_test is a program that links together the same EAP
|
|
peer implementation that wpa_supplicant is using and the RADIUS
|
|
authentication client code from hostapd. In addition, it has
|
|
minimal glue code to combine these two components in similar
|
|
ways to IEEE 802.1X/EAPOL Authenticator state machines. In other
|
|
words, it integrates IEEE 802.1X Authenticator (normally, an
|
|
access point) and IEEE 802.1X Supplicant (normally, a wireless
|
|
client) together to generate a single program that can be used to
|
|
test EAP methods without having to setup an access point and a
|
|
wireless client.</para>
|
|
|
|
<para>The main uses for eapol_test are in interoperability testing
|
|
of EAP methods against RADIUS servers and in development testing
|
|
for new EAP methods. It can be easily used to automate EAP testing
|
|
for interoperability and regression since the program can be run
|
|
from shell scripts without require additional test components apart
|
|
from a RADIUS server. For example, the automated EAP tests described
|
|
in eap_testing.txt are implemented with eapol_test. Similarly,
|
|
eapol_test could be used to implement an automated regression
|
|
test suite for a RADIUS authentication server.</para>
|
|
|
|
|
|
<para>As an example:</para>
|
|
|
|
<blockquote><programlisting>
|
|
eapol_test -ctest.conf -a127.0.0.1 -p1812 -ssecret -r1
|
|
</programlisting></blockquote>
|
|
|
|
<para>tries to complete EAP authentication based on the network
|
|
configuration from test.conf against the RADIUS server running
|
|
on the local host. A re-authentication is triggered to test fast
|
|
re-authentication. The configuration file uses the same format for
|
|
network blocks as wpa_supplicant.</para>
|
|
|
|
</refsect1>
|
|
<refsect1>
|
|
<title>Command Arguments</title>
|
|
<variablelist>
|
|
<varlistentry>
|
|
<term>-c configuration file path</term>
|
|
|
|
<listitem><para>A configuration to use. The configuration should
|
|
use the same format for network blocks as wpa_supplicant.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>-a AS address</term>
|
|
|
|
<listitem><para>IP address of the authentication server. The
|
|
default is '127.0.0.1'.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>-A client address</term>
|
|
|
|
<listitem><para>IP address of the client. The default is to
|
|
select an address automatically.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>-p AS port</term>
|
|
|
|
<listitem><para>UDP port of the authentication server. The
|
|
default is '1812'.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>-s AS secret</term>
|
|
|
|
<listitem><para>Shared secret with the authentication server.
|
|
The default is 'radius'.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>-r count</term>
|
|
|
|
<listitem><para>Number of reauthentications.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>-t timeout</term>
|
|
|
|
<listitem><para>Timeout in seconds. The default is 30.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>-C info</term>
|
|
|
|
<listitem><para>RADIUS Connect-Info. The default is
|
|
'CONNECT 11Mbps 802.11b'.</para></listitem>
|
|
</varlistentry>
|
|
|
|
|
|
<varlistentry>
|
|
<term>-M mac address</term>
|
|
|
|
<listitem><para>Client MAC address (Calling-Station-Id). The
|
|
default is '02:00:00:00:00:01'.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>-o file</term>
|
|
|
|
<listitem><para>Location to write out server certificate.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>-N attr spec</term>
|
|
|
|
<listitem><para>Send arbitrary attribute specific by
|
|
attr_id:syntax:value, or attr_id alone. attr_id should be the numeric
|
|
ID of the attribute, and syntax should be one of 's' (string),
|
|
'd' (integer), or 'x' (octet string). The value is the attribute value
|
|
to send. When attr_id is given alone, NULL is used as the attribute
|
|
value. Multiple attributes can be specified by using the option
|
|
several times.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>-n</term>
|
|
|
|
<listitem><para>Indicates that no MPPE keys are expected.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>-W</term>
|
|
|
|
<listitem><para>Wait for a control interface monitor before starting.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>-S</term>
|
|
|
|
<listitem><para>Save configuration after authentication.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
</variablelist>
|
|
</refsect1>
|
|
<refsect1>
|
|
<title>See Also</title>
|
|
<para>
|
|
<citerefentry>
|
|
<refentrytitle>wpa_supplicant</refentrytitle>
|
|
<manvolnum>8</manvolnum>
|
|
</citerefentry>
|
|
</para>
|
|
</refsect1>
|
|
<refsect1>
|
|
<title>Legal</title>
|
|
<para>wpa_supplicant is copyright (c) 2003-2022,
|
|
Jouni Malinen <email>j@w1.fi</email> and
|
|
contributors.
|
|
All Rights Reserved.</para>
|
|
|
|
<para>This program is licensed under the BSD license (the one with
|
|
advertisement clause removed).</para>
|
|
</refsect1>
|
|
</refentry>
|