Home | History | Annotate | Line # | Download | only in docbook 
      1 <!doctype refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
      2 
      3 <refentry>
      4   <refentryinfo>
      5     <date>07 August 2019</date>
      6   </refentryinfo>
      7 
      8   <refmeta>
      9     <refentrytitle>eapol_test</refentrytitle>
     10     <manvolnum>8</manvolnum>
     11   </refmeta>
     12   <refnamediv>
     13     <refname>eapol_test</refname>
     14 
     15     <refpurpose>EAP peer and RADIUS client testing</refpurpose>
     16   </refnamediv>
     17 
     18   <refsynopsisdiv>
     19     <cmdsynopsis>
     20       <command>eapol_test</command>
     21       <arg>-nWS</arg>
     22       <arg>-c<replaceable>config file</replaceable></arg>
     23       <arg>-a<replaceable>server IP address</replaceable></arg>
     24       <arg>-A<replaceable>client IP address</replaceable></arg>
     25       <arg>-p<replaceable>UDP port</replaceable></arg>
     26       <arg>-s<replaceable>shared secret</replaceable></arg>
     27       <arg>-r<replaceable>re-authentications</replaceable></arg>
     28       <arg>-t<replaceable>timeout</replaceable></arg>
     29       <arg>-C<replaceable>Connect-Info</replaceable></arg>
     30       <arg>-M<replaceable>MAC address</replaceable></arg>
     31       <arg>-o<replaceable>file</replaceable></arg>
     32       <arg>-N<replaceable>attr spec</replaceable></arg>
     33     </cmdsynopsis>
     34     <cmdsynopsis>
     35       <command>eapol_test scard</command>
     36     </cmdsynopsis>
     37     <cmdsynopsis>
     38       <command>eapol_test sim</command>
     39       <arg>PIN</arg>
     40       <arg>num triplets</arg>
     41     </cmdsynopsis>
     42   </refsynopsisdiv>
     43 
     44   <refsect1>
     45     <title>Overview</title>
     46 
     47     <para>eapol_test is a program that links together the same EAP
     48     peer implementation that wpa_supplicant is using and the RADIUS
     49     authentication client code from hostapd. In addition, it has
     50     minimal glue code to combine these two components in similar
     51     ways to IEEE 802.1X/EAPOL Authenticator state machines. In other
     52     words, it integrates IEEE 802.1X Authenticator (normally, an
     53     access point) and IEEE 802.1X Supplicant (normally, a wireless
     54     client) together to generate a single program that can be used to
     55     test EAP methods without having to setup an access point and a
     56     wireless client.</para>
     57 
     58     <para>The main uses for eapol_test are in interoperability testing
     59     of EAP methods against RADIUS servers and in development testing
     60     for new EAP methods. It can be easily used to automate EAP testing
     61     for interoperability and regression since the program can be run
     62     from shell scripts without require additional test components apart
     63     from a RADIUS server. For example, the automated EAP tests described
     64     in eap_testing.txt are implemented with eapol_test. Similarly,
     65     eapol_test could be used to implement an automated regression
     66     test suite for a RADIUS authentication server.</para>
     67 
     68 
     69     <para>As an example:</para>
     70 
     71 <blockquote><programlisting>
     72 eapol_test -ctest.conf -a127.0.0.1 -p1812 -ssecret -r1
     73 </programlisting></blockquote>
     74 
     75     <para>tries to complete EAP authentication based on the network
     76     configuration from test.conf against the RADIUS server running
     77     on the local host. A re-authentication is triggered to test fast
     78     re-authentication. The configuration file uses the same format for
     79     network blocks as wpa_supplicant.</para>
     80 
     81   </refsect1>
     82   <refsect1>
     83     <title>Command Arguments</title>
     84     <variablelist>
     85       <varlistentry>
     86 	<term>-c configuration file path</term>
     87 
     88 	<listitem><para>A configuration to use.  The configuration should
     89 	use the same format for network blocks as wpa_supplicant.
     90 	</para></listitem>
     91       </varlistentry>
     92 
     93       <varlistentry>
     94 	<term>-a AS address</term>
     95 
     96 	<listitem><para>IP address of the authentication server.  The
     97 	default is '127.0.0.1'.</para></listitem>
     98       </varlistentry>
     99 
    100       <varlistentry>
    101 	<term>-A client address</term>
    102 
    103 	<listitem><para>IP address of the client.  The default is to
    104 	select an address automatically.</para></listitem>
    105       </varlistentry>
    106 
    107       <varlistentry>
    108 	<term>-p AS port</term>
    109 
    110 	<listitem><para>UDP port of the authentication server. The
    111 	default is '1812'.</para></listitem>
    112       </varlistentry>
    113 
    114       <varlistentry>
    115 	<term>-s AS secret</term>
    116 
    117 	<listitem><para>Shared secret with the authentication server.
    118 	The default is 'radius'.</para></listitem>
    119       </varlistentry>
    120 
    121       <varlistentry>
    122 	<term>-r count</term>
    123 
    124 	<listitem><para>Number of reauthentications.</para></listitem>
    125       </varlistentry>
    126 
    127       <varlistentry>
    128 	<term>-t timeout</term>
    129 
    130 	<listitem><para>Timeout in seconds. The default is 30.</para></listitem>
    131       </varlistentry>
    132 
    133       <varlistentry>
    134 	<term>-C info</term>
    135 
    136 	<listitem><para>RADIUS Connect-Info.  The default is
    137 	'CONNECT 11Mbps 802.11b'.</para></listitem>
    138       </varlistentry>
    139 
    140 
    141       <varlistentry>
    142 	<term>-M mac address</term>
    143 
    144 	<listitem><para>Client MAC address (Calling-Station-Id).  The
    145 	default is '02:00:00:00:00:01'.</para></listitem>
    146       </varlistentry>
    147 
    148       <varlistentry>
    149 	<term>-o file</term>
    150 
    151 	<listitem><para>Location to write out server certificate.
    152 	</para></listitem>
    153       </varlistentry>
    154 
    155       <varlistentry>
    156 	<term>-N attr spec</term>
    157 
    158 	<listitem><para>Send arbitrary attribute specific by
    159 	attr_id:syntax:value, or attr_id alone.  attr_id should be the numeric
    160 	ID of the attribute, and syntax should be one of 's' (string),
    161 	'd' (integer), or 'x' (octet string). The value is the attribute value
    162 	to send.  When attr_id is given alone, NULL is used as the attribute
    163 	value.  Multiple attributes can be specified by using the option
    164 	several times.</para></listitem>
    165       </varlistentry>
    166 
    167       <varlistentry>
    168 	<term>-n</term>
    169 
    170 	<listitem><para>Indicates that no MPPE keys are expected.
    171 	</para></listitem>
    172       </varlistentry>
    173 
    174       <varlistentry>
    175 	<term>-W</term>
    176 
    177 	<listitem><para>Wait for a control interface monitor before starting.
    178 	</para></listitem>
    179       </varlistentry>
    180 
    181       <varlistentry>
    182 	<term>-S</term>
    183 
    184 	<listitem><para>Save configuration after authentication.
    185 	</para></listitem>
    186       </varlistentry>
    187 
    188     </variablelist>
    189   </refsect1>
    190   <refsect1>
    191     <title>See Also</title>
    192     <para>
    193       <citerefentry>
    194 	<refentrytitle>wpa_supplicant</refentrytitle>
    195 	<manvolnum>8</manvolnum>
    196       </citerefentry>
    197     </para>
    198   </refsect1>
    199   <refsect1>
    200     <title>Legal</title>
    201     <para>wpa_supplicant is copyright (c) 2003-2022,
    202     Jouni Malinen <email>j (a] w1.fi</email> and
    203     contributors.
    204     All Rights Reserved.</para>
    205 
    206     <para>This program is licensed under the BSD license (the one with
    207     advertisement clause removed).</para>
    208   </refsect1>
    209 </refentry>
    210