On 05/06/2010 06:29 PM, Huckle Berry wrote:
Hello again,
I have a few questions that may or may not be related to each other.
First, I know radtest works fine for testing the basic functions of
freeradius (i.e. it will authenticate with no encryption) but I would
like to know if radtest can be used to test authentication using one of
the various types of encryptions and protocols.

No. You'll probably also need eapol_test (http://deployingradius.com/scripts/eapol_test). I'm not sure how much coverage epol_test gives or if there are better test clients, Alan might know.

Question two has to do with said protocols. Is there a clear and concise
page that will define all of the protocols (PEAP, EAP, TLS, TTLS,
MSCHAP, MSCHAPv2, LEAP, WPA(1/2)-PSK, etc) how they differ from each
other and what exactly happens during the authentication process.
Illustrations would be nice.

Not that I'm aware of. I've often thought it would be a nice thing to do. If I ever have free time I might, but considering I never have free time, oh well ...

You might want to consult:

http://deployingradius.com/documents/protocols/compatibility.html
http://en.wikipedia.org/wiki/Extensible_Authentication_Protocol

for starters

Question three: I have come to conclude that some protocols are the same
thing with different names, can anyone clarify which protocols are the
same or are at least compatible, and which are different?

There are no redundant overlaps that I'm aware of. It would be kind of pointless. What is true is some protocols encapsulate others, e.g. they "wrap" them, although after unwrapping the mechanism is the same, at the top level the protocol is different.

Lastly, what does a successful authentication look like for each type of
protocol. What should I be looking for in my freeradius output, and what
can I compare it too. Possibly if I saw where stuff was going haywire I
could determine for myself what the issue is.

seeing Access-Accept sent from the server in the debug output.

While debugging you might want to try Alan's most excellent public debugging tool for radius debug output whose link I'm sorry to say I've misplaced :-(



--
John Dennis <[email protected]>

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to