Hi, I am trying to understand EAP-TLS. I have googled a lot, and found many information about EAP-TLS. So I well aware of, how EAP-TLS works, its benefits etc etc. Now I want to practically test EAP-TLS with freeradius on REDHAT 5. I have configured eap.confg to use EAP-TLS. But i don't know , how to send requests to freeradius server, so that he can authenticate the user using TLS (with digital certificate). Can anyone help me, thanks in advance..
Hello Muhammad, On 18.02.2013 07:17, Muhammad Nadeem wrote:
Now I want to practically test EAP-TLS with freeradius on REDHAT 5. I have configured eap.confg to use EAP-TLS. But i don't know , how to send requests to freeradius server, so that he can authenticate the user using TLS (with digital certificate). Can anyone help me, thanks in advance..
You will need a RADIUS Client, e.g. - wireless access point - lan switch which acts as the RADIUS Client (Authenticator in 802.1X terminology). Both have to support 802.1X and RADIUS. Without you won't be able to test EAP-TLS. I am not aware of a simulator client program. Regards, Tobias
On 02/18/2013 06:31 AM, Tobias Hachmer wrote:
Hello Muhammad,
On 18.02.2013 07:17, Muhammad Nadeem wrote:
Now I want to practically test EAP-TLS with freeradius on REDHAT 5. I have configured eap.confg to use EAP-TLS. But i don't know , how to send requests to freeradius server, so that he can authenticate the user using TLS (with digital certificate). Can anyone help me, thanks in advance..
You will need a RADIUS Client, e.g. - wireless access point - lan switch
which acts as the RADIUS Client (Authenticator in 802.1X terminology). Both have to support 802.1X and RADIUS. Without you won't be able to test EAP-TLS. I am not aware of a simulator client program.
Thankfully, this isn't correct. You can use "eapol_test" which comes with the "wpa_supplicant" source to test pretty much every EAP type there is, including EAP-TLS. To the OP - download wpa_supplicant sources and build eapol_test.
Hi,
Thankfully, this isn't correct. You can use "eapol_test" which comes with the "wpa_supplicant" source to test pretty much every EAP type there is, including EAP-TLS.
To the OP - download wpa_supplicant sources and build eapol_test.
eapol_test is VERY powerful.....and there are even little test scripts provided in the FreeRADIUS source however, if you want clicky GUI then also look at JRadius Simulator: http://www.coova.org/JRadius/Simulator (but this mailing list isnt a support forum for either of those tools!) alan
On 2/18/13, A.L.M.Buxey@lboro.ac.uk <A.L.M.Buxey@lboro.ac.uk> wrote:
Hi,
Thankfully, this isn't correct. You can use "eapol_test" which comes with the "wpa_supplicant" source to test pretty much every EAP type there is, including EAP-TLS.
To the OP - download wpa_supplicant sources and build eapol_test.
eapol_test is VERY powerful.....and there are even little test scripts provided in the FreeRADIUS source
however, if you want clicky GUI then also look at JRadius Simulator:
http://www.coova.org/JRadius/Simulator
(but this mailing list isnt a support forum for either of those tools!)
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
thanx A.L.M,,, but actually I am not aware of what to send in request of EAP-TLS. I have followed the README in /raddb/certs/ and make the CA, CLIENT and SERVER certificate. Now I request to the server with eapol_test, with following parameter netwrok={ eap=TLS eapol_flags=0 key_mgmt=IEEE8021X identity="bob" ca_cert="/usr/local/etc/raddb/certs/ca.pem" client_cert="/usr/local/etc/raddb/certs/client.pem" private_kry="/usr/local/etc/raddb/certs/server.key" private_key_passwd="whatever" } but this request give me a FAILURE response. I have googled a lot to find my appropriate answer, ( what need to send in client request etc etc).
On 18/02/13 10:57, Muhammad Nadeem wrote:
ca_cert="/usr/local/etc/raddb/certs/ca.pem" client_cert="/usr/local/etc/raddb/certs/client.pem" private_kry="/usr/local/etc/raddb/certs/server.key"
^^^ typo - should be "client.key" This is basic stuff; please read the docs for wpa_supplicant/eapol_test more carefully, and your own configs, before posting questions, particularly as others have pointed out, this is not the eapol_test support list...
On 2/18/13, Phil Mayers <p.mayers@imperial.ac.uk> wrote:
On 02/18/2013 06:31 AM, Tobias Hachmer wrote:
Hello Muhammad,
On 18.02.2013 07:17, Muhammad Nadeem wrote:
Now I want to practically test EAP-TLS with freeradius on REDHAT 5. I have configured eap.confg to use EAP-TLS. But i don't know , how to send requests to freeradius server, so that he can authenticate the user using TLS (with digital certificate). Can anyone help me, thanks in advance..
You will need a RADIUS Client, e.g. - wireless access point - lan switch
which acts as the RADIUS Client (Authenticator in 802.1X terminology). Both have to support 802.1X and RADIUS. Without you won't be able to test EAP-TLS. I am not aware of a simulator client program.
Thankfully, this isn't correct. You can use "eapol_test" which comes with the "wpa_supplicant" source to test pretty much every EAP type there is, including EAP-TLS.
To the OP - download wpa_supplicant sources and build eapol_test. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
thanks phill, eapol_test really working . thanks a lot
participants (4)
-
A.L.M.Buxey@lboro.ac.uk -
Muhammad Nadeem -
Phil Mayers -
Tobias Hachmer