Compliance testing of Free Radius Client
Hi All, Please help!!! Query #1: *I want to perform RFC compliance testing of FreeRadius client (not server) available with freeradius package.* In other words, i want to perform compliance testing on radclient and radeapclient binaries available with freeradius package. On investigation, i found that the manpage of radclient states: radclient is a radius client program. It can send arbitrary radius packets to a radius server, then shows the reply. It can be used to test changes you made in the configuration of the radius server, or it can be used to monitor if a radius server is up. Does it mean that freeradius client is just a dummy client and there is no point in performing compliance testing on it? I tried to run the “radclient” binary. I executed the following command for this *./radclient server-ip auth secret-key* Once the above command is executed, the control waits for the attributes entry. After the attributes are written, radclient sends radius request packet and receives response from the server and then it exits. To again send any authentication or authorization request, radclient binary needs to be executed again. As per my understanding, the binary should not have exited. As radius client sends the Access-request itself once it receives a request for any service from the user. Also, if the server does not respond, radius client shall send the request to an alternate server. This means that the radius client can handle the user requests at runtime also. So it should not exit. *Please let me know if I need some extra configuration to achieve the above functionality.* Query #2: In RFC 2131, it is mentioned that there are three entities in any freeradius setup: USER, RADIUS CLIENT, RADIUS SERVER. Does freeradius package provide a separate binary/module for USER application? If not, can we consider RADIUS CLIENT as our USER as well? Thanks, Arpit - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Compliance testing of Free Radius Client
On 10/17/2012 08:26 AM, Arpit Jain wrote: Does it mean that freeradius client is just a dummy client and there is no point in performing compliance testing on it? radclient and radeapclient are not NASes. They don't provide service to users, and they don't run as daemons. They're for server administrators to test FreeRADIUS. You could in theory build a NAS on top of radclient, using it to send the packets, but that's not the usual approach. To again send any authentication or authorization request, radclient binary needs to be executed again. As per my understanding, the binary should not have exited. As above your understanding is wrong, it's a program for testing the RADIUS server. Once you've sent the test packet(s), it exits. *Please let me know if I need some extra configuration to achieve the above functionality.* You need to go away and do some basic reading around the subject. Try the current version of the RADIUS RFCs for starters, instead of obsoleted ones. It sounds like you want a NAS, which is the component that provides network service to the user, and authenticates it using an embedded radius client. NASes are specific to the network layer - modem, ADSL, ethernet/802.1x, wifi/802.11, webauth, VPN, etc. See: pppd, chillispot, hostapd, and so on. Does freeradius package provide a separate binary/module for USER application? If not, can we consider RADIUS CLIENT as our USER as well? No. A user is a user. As in, a human being. As in, the person doing the using? This isn't really the place to be asking RADIUS 101 questions. There are books on the topic, though I don't have any specific recommendations. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Compliance testing of Free Radius Client
Hey Arpit, You wont be able to interact with the user using radclient. Please have a proper understanding first. Freeradius clearly mentions that radclient and radeapclient are just for testing the freeradius server. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Compliance testing of Free Radius Client
Arpit, As mentioned by other users radclient is not designed to be used in embedded applications. If you require an RFC compliant RADIUS client library, one is available from NetworkRADIUS (http://networkradius.com/clientapi.html). -Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html