Hi, > I have a few questions that may or may not be related to each other. First, I > know radtest works fine for testing the basic functions of freeradius (i.e. > it will authenticate with no encryption) but I would like to know if radtest > can be used to test authentication using one of the various types of > encryptions and protocols.
eapol_test from the wpa_supplicant package is a good tool....as is a real client. > Question two has to do with said protocols. Is there a clear and concise page > that will define all of the protocols (PEAP, EAP, TLS, TTLS, MSCHAP, > MSCHAPv2, LEAP, WPA(1/2)-PSK, etc) how they differ from each other and what > exactly happens during the authentication process. Illustrations would be > nice. www.google.com there are hundreds of reosurces out there that explain what each of these are, how they work etc...i dont know why FreeRADIUS should have to reinvent the documentation wheel > Question three: I have come to conclude that some protocols are the same > thing with different names, can anyone clarify which protocols are the same > or are at least compatible, and which are different? all of them are different. some are inner-types that get tunnelled in the EAP tunnel... EAP = framework PEAP, EAP-TLS, LEAP, EAP-TTLS are all forms of EAP MSCHAP, PAP, MSCHAPv2 are all methods that can be inside the EAP tunnel WPA-PSK/WPA2-PSK/WPA-Enterprise/WPA2-Enterprise etc are forms of AP to client communication TKIP or AES being method of encryption/cipher-stream handling for the AP to client > Lastly, what does a successful authentication look like for each type of > protocol. What should I be looking for in my freeradius output, and what can > I compare it too. Possibly if I saw where stuff was going haywire I could > determine for myself what the issue is. what does it look like? the client gets online and can eg DHCP for an address. usually a supplicant will have a pretty green button, tick or such. using a tool such as eapol_test the last line of output will say SUCCESS freeradius output will say things like [ok] or [reject] - in debug mode you'll get so much more ...and its something that will depend on what modules and ocnfig you have - just get some successful auths and some unsuccessful and compare/contrast alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
