Home | History | Annotate | Download | only in docbook 
      1 <!doctype refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
      2 
      3 <refentry>
      4   <refmeta>
      5     <refentrytitle>eapol_test</refentrytitle>
      6     <manvolnum>8</manvolnum>
      7   </refmeta>
      8   <refnamediv>
      9     <refname>eapol_test</refname>
     10 
     11     <refpurpose>EAP peer and RADIUS client testing</refpurpose>
     12   </refnamediv>
     13 
     14   <refsynopsisdiv>
     15     <cmdsynopsis>
     16       <command>eapol_test</command>
     17       <arg>-nWS</arg>
     18       <arg>-c<replaceable>config file</replaceable></arg>
     19       <arg>-a<replaceable>server IP address</replaceable></arg>
     20       <arg>-A<replaceable>client IP address</replaceable></arg>
     21       <arg>-p<replaceable>UDP port</replaceable></arg>
     22       <arg>-s<replaceable>shared secret</replaceable></arg>
     23       <arg>-r<replaceable>re-authentications</replaceable></arg>
     24       <arg>-t<replaceable>timeout</replaceable></arg>
     25       <arg>-C<replaceable>Connect-Info</replaceable></arg>
     26       <arg>-M<replaceable>MAC address</replaceable></arg>
     27       <arg>-o<replaceable>file</replaceable></arg>
     28       <arg>-N<replaceable>attr spec</replaceable></arg>
     29     </cmdsynopsis>
     30     <cmdsynopsis>
     31       <command>eapol_test scard</command>
     32     </cmdsynopsis>
     33     <cmdsynopsis>
     34       <command>eapol_test sim</command>
     35       <arg>PIN</arg>
     36       <arg>num triplets</arg>
     37     </cmdsynopsis>
     38   </refsynopsisdiv>
     39 
     40   <refsect1>
     41     <title>Overview</title>
     42 
     43     <para>eapol_test is a program that links together the same EAP
     44     peer implementation that wpa_supplicant is using and the RADIUS
     45     authentication client code from hostapd. In addition, it has
     46     minimal glue code to combine these two components in similar
     47     ways to IEEE 802.1X/EAPOL Authenticator state machines. In other
     48     words, it integrates IEEE 802.1X Authenticator (normally, an
     49     access point) and IEEE 802.1X Supplicant (normally, a wireless
     50     client) together to generate a single program that can be used to
     51     test EAP methods without having to setup an access point and a
     52     wireless client.</para>
     53 
     54     <para>The main uses for eapol_test are in interoperability testing
     55     of EAP methods against RADIUS servers and in development testing
     56     for new EAP methods. It can be easily used to automate EAP testing
     57     for interoperability and regression since the program can be run
     58     from shell scripts without require additional test components apart
     59     from a RADIUS server. For example, the automated EAP tests described
     60     in eap_testing.txt are implemented with eapol_test. Similarly,
     61     eapol_test could be used to implement an automated regression
     62     test suite for a RADIUS authentication server.</para>
     63 
     64 
     65     <para>As an example:</para>
     66 
     67 <blockquote><programlisting>
     68 eapol_test -ctest.conf -a127.0.0.1 -p1812 -ssecret -r1
     69 </programlisting></blockquote>
     70 
     71     <para>tries to complete EAP authentication based on the network
     72     configuration from test.conf against the RADIUS server running
     73     on the local host. A re-authentication is triggered to test fast
     74     re-authentication. The configuration file uses the same format for
     75     network blocks as wpa_supplicant.</para>
     76 
     77   </refsect1>
     78   <refsect1>
     79     <title>Command Arguments</title>
     80     <variablelist>
     81       <varlistentry>
     82 	<term>-c configuration file path</term>
     83 
     84 	<listitem><para>A configuration to use.  The configuration should
     85 	use the same format for network blocks as wpa_supplicant.
     86 	</para></listitem>
     87       </varlistentry>
     88 
     89       <varlistentry>
     90 	<term>-a AS address</term>
     91 
     92 	<listitem><para>IP address of the authentication server.  The
     93 	default is '127.0.0.1'.</para></listitem>
     94       </varlistentry>
     95 
     96       <varlistentry>
     97 	<term>-A client address</term>
     98 
     99 	<listitem><para>IP address of the client.  The default is to
    100 	select an address automatically.</para></listitem>
    101       </varlistentry>
    102 
    103       <varlistentry>
    104 	<term>-p AS port</term>
    105 
    106 	<listitem><para>UDP port of the authentication server. The
    107 	default is '1812'.</para></listitem>
    108       </varlistentry>
    109 
    110       <varlistentry>
    111 	<term>-s AS secret</term>
    112 
    113 	<listitem><para>Shared secret with the authentication server.
    114 	The default is 'radius'.</para></listitem>
    115       </varlistentry>
    116 
    117       <varlistentry>
    118 	<term>-r count</term>
    119 
    120 	<listitem><para>Number of reauthentications.</para></listitem>
    121       </varlistentry>
    122 
    123       <varlistentry>
    124 	<term>-t timeout</term>
    125 
    126 	<listitem><para>Timeout in seconds. The default is 30.</para></listitem>
    127       </varlistentry>
    128 
    129       <varlistentry>
    130 	<term>-C info</term>
    131 
    132 	<listitem><para>RADIUS Connect-Info.  The default is
    133 	'CONNECT 11Mbps 802.11b'.</para></listitem>
    134       </varlistentry>
    135 
    136 
    137       <varlistentry>
    138 	<term>-M mac address</term>
    139 
    140 	<listitem><para>Client MAC address (Calling-Station-Id).  The
    141 	default is '02:00:00:00:00:01'.</para></listitem>
    142       </varlistentry>
    143 
    144       <varlistentry>
    145 	<term>-o file</term>
    146 
    147 	<listitem><para>Location to write out server certificate.
    148 	</para></listitem>
    149       </varlistentry>
    150 
    151       <varlistentry>
    152 	<term>-N attr spec</term>
    153 
    154 	<listitem><para>Send arbitrary attribute specific by
    155 	attr_id:syntax:value, or attr_id alone.  attr_id should be the numeric
    156 	ID of the attribute, and syntax should be one of 's' (string),
    157 	'd' (integer), or 'x' (octet string). The value is the attribute value
    158 	to send.  When attr_id is given alone, NULL is used as the attribute
    159 	value.  Multiple attributes can be specified by using the option
    160 	several times.</para></listitem>
    161       </varlistentry>
    162 
    163       <varlistentry>
    164 	<term>-n</term>
    165 
    166 	<listitem><para>Indicates that no MPPE keys are expected.
    167 	</para></listitem>
    168       </varlistentry>
    169 
    170       <varlistentry>
    171 	<term>-W</term>
    172 
    173 	<listitem><para>Wait for a control interface monitor before starting.
    174 	</para></listitem>
    175       </varlistentry>
    176 
    177       <varlistentry>
    178 	<term>-S</term>
    179 
    180 	<listitem><para>Save configuration after authentication.
    181 	</para></listitem>
    182       </varlistentry>
    183 
    184     </variablelist>
    185   </refsect1>
    186   <refsect1>
    187     <title>See Also</title>
    188     <para>
    189       <citerefentry>
    190 	<refentrytitle>wpa_supplicant</refentrytitle>
    191 	<manvolnum>8</manvolnum>
    192       </citerefentry>
    193     </para>
    194   </refsect1>
    195   <refsect1>
    196     <title>Legal</title>
    197     <para>wpa_supplicant is copyright (c) 2003-2015,
    198     Jouni Malinen <email>j (a] w1.fi</email> and
    199     contributors.
    200     All Rights Reserved.</para>
    201 
    202     <para>This program is licensed under the BSD license (the one with
    203     advertisement clause removed).</para>
    204   </refsect1>
    205 </refentry>
    206