]>
Commit | Line | Data |
---|---|---|
b948e78b DW |
1 | <!doctype refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> |
2 | ||
3 | <refentry> | |
4 | <refmeta> | |
5 | <refentrytitle>eapol_test</refentrytitle> | |
6 | <manvolnum>8</manvolnum> | |
7 | </refmeta> | |
8 | <refnamediv> | |
9 | <refname>eapol_test</refname> | |
10 | ||
11 | <refpurpose>EAP peer and RADIUS client testing</refpurpose> | |
12 | </refnamediv> | |
13 | ||
14 | <refsynopsisdiv> | |
15 | <cmdsynopsis> | |
16 | <command>eapol_test</command> | |
17 | <arg>-nWS</arg> | |
18 | <arg>-c<replaceable>config file</replaceable></arg> | |
19 | <arg>-a<replaceable>server IP address</replaceable></arg> | |
20 | <arg>-A<replaceable>client IP address</replaceable></arg> | |
21 | <arg>-p<replaceable>UDP port</replaceable></arg> | |
22 | <arg>-s<replaceable>shared secret</replaceable></arg> | |
23 | <arg>-r<replaceable>re-authentications</replaceable></arg> | |
24 | <arg>-t<replaceable>timeout</replaceable></arg> | |
25 | <arg>-C<replaceable>Connect-Info</replaceable></arg> | |
26 | <arg>-M<replaceable>MAC address</replaceable></arg> | |
27 | <arg>-o<replaceable>file</replaceable></arg> | |
28 | <arg>-N<replaceable>attr spec</replaceable></arg> | |
29 | </cmdsynopsis> | |
30 | <cmdsynopsis> | |
31 | <command>eapol_test scard</command> | |
32 | </cmdsynopsis> | |
33 | <cmdsynopsis> | |
34 | <command>eapol_test sim</command> | |
35 | <arg>PIN</arg> | |
36 | <arg>num triplets</arg> | |
37 | </cmdsynopsis> | |
38 | </refsynopsisdiv> | |
39 | ||
40 | <refsect1> | |
41 | <title>Overview</title> | |
42 | ||
43 | <para>eapol_test is a program that links together the same EAP | |
44 | peer implementation that wpa_supplicant is using and the RADIUS | |
45 | authentication client code from hostapd. In addition, it has | |
46 | minimal glue code to combine these two components in similar | |
47 | ways to IEEE 802.1X/EAPOL Authenticator state machines. In other | |
48 | words, it integrates IEEE 802.1X Authenticator (normally, an | |
49 | access point) and IEEE 802.1X Supplicant (normally, a wireless | |
50 | client) together to generate a single program that can be used to | |
51 | test EAP methods without having to setup an access point and a | |
52 | wireless client.</para> | |
53 | ||
54 | <para>The main uses for eapol_test are in interoperability testing | |
55 | of EAP methods against RADIUS servers and in development testing | |
56 | for new EAP methods. It can be easily used to automate EAP testing | |
57 | for interoperability and regression since the program can be run | |
58 | from shell scripts without require additional test components apart | |
59 | from a RADIUS server. For example, the automated EAP tests described | |
60 | in eap_testing.txt are implemented with eapol_test. Similarly, | |
61 | eapol_test could be used to implement an automated regression | |
62 | test suite for a RADIUS authentication server.</para> | |
63 | ||
64 | ||
65 | <para>As an example:</para> | |
66 | ||
67 | <blockquote><programlisting> | |
68 | eapol_test -ctest.conf -a127.0.0.1 -p1812 -ssecret -r1 | |
69 | </programlisting></blockquote> | |
70 | ||
71 | <para>tries to complete EAP authentication based on the network | |
72 | configuration from test.conf against the RADIUS server running | |
73 | on the local host. A re-authentication is triggered to test fast | |
74 | re-authentication. The configuration file uses the same format for | |
75 | network blocks as wpa_supplicant.</para> | |
76 | ||
77 | </refsect1> | |
78 | <refsect1> | |
79 | <title>Command Arguments</title> | |
80 | <variablelist> | |
81 | <varlistentry> | |
82 | <term>-c configuration file path</term> | |
83 | ||
84 | <listitem><para>A configuration to use. The configuration should | |
85 | use the same format for network blocks as wpa_supplicant. | |
86 | </para></listitem> | |
87 | </varlistentry> | |
88 | ||
89 | <varlistentry> | |
90 | <term>-a AS address</term> | |
91 | ||
92 | <listitem><para>IP address of the authentication server. The | |
93 | default is '127.0.0.1'.</para></listitem> | |
94 | </varlistentry> | |
95 | ||
96 | <varlistentry> | |
97 | <term>-A client address</term> | |
98 | ||
99 | <listitem><para>IP address of the client. The default is to | |
100 | select an address automatically.</para></listitem> | |
101 | </varlistentry> | |
102 | ||
103 | <varlistentry> | |
104 | <term>-p AS port</term> | |
105 | ||
106 | <listitem><para>UDP port of the authentication server. The | |
107 | default is '1812'.</para></listitem> | |
108 | </varlistentry> | |
109 | ||
110 | <varlistentry> | |
111 | <term>-s AS secret</term> | |
112 | ||
113 | <listitem><para>Shared secret with the authentication server. | |
114 | The default is 'radius'.</para></listitem> | |
115 | </varlistentry> | |
116 | ||
117 | <varlistentry> | |
118 | <term>-r count</term> | |
119 | ||
120 | <listitem><para>Number of reauthentications.</para></listitem> | |
121 | </varlistentry> | |
122 | ||
123 | <varlistentry> | |
124 | <term>-t timeout</term> | |
125 | ||
126 | <listitem><para>Timeout in seconds. The default is 30.</para></listitem> | |
127 | </varlistentry> | |
128 | ||
129 | <varlistentry> | |
130 | <term>-C info</term> | |
131 | ||
132 | <listitem><para>RADIUS Connect-Info. The default is | |
133 | 'CONNECT 11Mbps 802.11b'.</para></listitem> | |
134 | </varlistentry> | |
135 | ||
136 | ||
137 | <varlistentry> | |
138 | <term>-M mac address</term> | |
139 | ||
140 | <listitem><para>Client MAC address (Calling-Station-Id). The | |
141 | default is '02:00:00:00:00:01'.</para></listitem> | |
142 | </varlistentry> | |
143 | ||
144 | <varlistentry> | |
145 | <term>-o file</term> | |
146 | ||
147 | <listitem><para>Location to write out server certificate. | |
148 | </para></listitem> | |
149 | </varlistentry> | |
150 | ||
151 | <varlistentry> | |
152 | <term>-N attr spec</term> | |
153 | ||
154 | <listitem><para>Send arbitrary attribute specific by | |
155 | attr_id:syntax:value, or attr_id alone. attr_id should be the numeric | |
156 | ID of the attribute, and syntax should be one of 's' (string), | |
157 | 'd' (integer), or 'x' (octet string). The value is the attribute value | |
158 | to send. When attr_id is given alone, NULL is used as the attribute | |
159 | value. Multiple attributes can be specified by using the option | |
160 | several times.</para></listitem> | |
161 | </varlistentry> | |
162 | ||
163 | <varlistentry> | |
164 | <term>-n</term> | |
165 | ||
166 | <listitem><para>Indicates that no MPPE keys are expected. | |
167 | </para></listitem> | |
168 | </varlistentry> | |
169 | ||
170 | <varlistentry> | |
171 | <term>-W</term> | |
172 | ||
173 | <listitem><para>Wait for a control interface monitor before starting. | |
174 | </para></listitem> | |
175 | </varlistentry> | |
176 | ||
177 | <varlistentry> | |
178 | <term>-S</term> | |
179 | ||
180 | <listitem><para>Save configuration after authentication. | |
181 | </para></listitem> | |
182 | </varlistentry> | |
183 | ||
184 | </variablelist> | |
185 | </refsect1> | |
186 | <refsect1> | |
187 | <title>See Also</title> | |
188 | <para> | |
189 | <citerefentry> | |
190 | <refentrytitle>wpa_supplicant</refentrytitle> | |
191 | <manvolnum>8</manvolnum> | |
192 | </citerefentry> | |
193 | </para> | |
194 | </refsect1> | |
195 | <refsect1> | |
196 | <title>Legal</title> | |
937403b5 | 197 | <para>wpa_supplicant is copyright (c) 2003-2015, |
b948e78b DW |
198 | Jouni Malinen <email>j@w1.fi</email> and |
199 | contributors. | |
200 | All Rights Reserved.</para> | |
201 | ||
202 | <para>This program is licensed under the BSD license (the one with | |
203 | advertisement clause removed).</para> | |
204 | </refsect1> | |
205 | </refentry> |