What does a good example look like

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Fri May 7 00:56:50 CEST 2010 

Hi,

> I have a few questions that may or may not be related to each other. First, I know radtest works fine for testing the basic functions of freeradius (i.e. it will authenticate with no encryption) but I would like to know if radtest can be used to test authentication using one of the various types of encryptions and protocols.

eapol_test from the wpa_supplicant package is a good tool....as is a real client.

> Question two has to do with said protocols. Is there a clear and concise page that will define all of the protocols (PEAP, EAP, TLS, TTLS, MSCHAP, MSCHAPv2, LEAP, WPA(1/2)-PSK, etc) how they differ from each other and what exactly happens during the authentication process. Illustrations would be nice.

www.google.com

there are hundreds of reosurces out there that explain what each of these
are, how they work etc...i dont know why FreeRADIUS should have to reinvent
the documentation wheel

> Question three: I have come to conclude that some protocols are the same thing with different names, can anyone clarify which protocols are the same or are at least compatible, and which are different?

all of them are different. some are inner-types that get tunnelled in the
EAP tunnel... 

EAP = framework

PEAP, EAP-TLS, LEAP, EAP-TTLS are all forms of EAP

MSCHAP, PAP, MSCHAPv2 are all methods that can be inside the EAP tunnel

WPA-PSK/WPA2-PSK/WPA-Enterprise/WPA2-Enterprise etc are forms of AP 
to client communication

TKIP or AES being method of encryption/cipher-stream handling
for the AP to client 

> Lastly, what does a successful authentication look like for each type of protocol. What should I be looking for in my freeradius output, and what can I compare it too. Possibly if I saw where stuff was going haywire I could determine for myself what the issue is.

what does it look like?  the client gets online and can eg DHCP for an address. usually
a supplicant will have a pretty green button, tick or such.  using a tool such as eapol_test
the last line of output will say SUCCESS


freeradius output will say things like [ok] or [reject] - in debug mode you'll
get so much more ...and its something that will depend on what modules
and ocnfig you have - just get some successful auths and some unsuccessful
and compare/contrast

alan

More information about the Freeradius-Users mailing list