Free Radius Test Tool

Posted onby
  1. Test Radius Server
  2. Free Radius Mapping Tool
  3. Radius Test Rig Utility
  4. Free Radius Test Tool Harbor Freight
  5. Radius Test Tool For Windows

This will be used to make modifications for our squareness checkers! Steven Lang's Youtube: https://www.youtube.com/user/rslng52. Test FreeRADIUS performance with jRadius¶ jRadius is a tool to test a FreeRADIUS server. It can perform many different request types, numbers of requests, attributes and authentication methods. It can test how many requests a RADIUS server can answer at a time, to make sure that it will perform well in a specific environment. Free performance testing tools are available as well as free trials for paid platforms. Most testing tools are priced according to the number of virtual users available for a testing scenario. Additionally testing legacy systems or varied and sophisticated systems can increase cost. RADIUS test client. RADIUS test client is an easy to use tool to simulate, debug and monitor most RADIUS and Network Access Servers (NAS). As a test client simulate RADIUS authentication, accounting and CoA/Disconnect requests for multiple devices and usage scenarios. It is a free and open source tool. The FreeRADIUS Suite includes a RADIUS server, a BSD-licensed RADIUS client library, a PAM library, an Apache module, and numerous additional RADIUS related utilities and development libraries. In this article we will show you how you can install and setup the FreeReadius tool in a centOS and Ubuntu systems.

Testing the FreeRADIUS 2.x Package onpfSense

Test the FreeRADIUS configuration¶

FreeRADIUS offers an easy to use command line tool to check if theserver is running and listening to incoming requests. An interface,a NAS/Client and a user must all be configured:

  • Add a User with the following configuration:

    • Username: testuser
    • Password: testpassword
  • Add a Client/NAS with the following configuration:

    • IP-Address: 127.0.0.1
    • Shared Secret: testing123
  • Add an interface with the following configuration:

    • IP-Address: 127.0.0.1
    • Interface-Type: Auth
    • Port: 1812
  • SSH to the pfSense firewall and type in the following on the commandline while FreeRADIUS is running (check before in System Log):

Free Radius Test Tool

Test Radius Server

The following output should appear if everything was setup correctly:

The really necessary thing is Access-Accept. Check the system logfor the following output:

If something was configured wrong (such as an incorrect username) thenthis will be displayed:

The Accesss-Reject packet is visible, and the system log willcontain the following output:

If the steps above do not work then do not need proceed with any otherconfiguration. This is the first thing that should be tested.

There is a Windows testtool availableas well. Another nice tool is the JRadiusFramework, covered next.

Test FreeRADIUS performance with jRadius¶

jRadius is a tool to test a FreeRADIUS server. It can perform manydifferent request types, numbers of requests, attributes andauthentication methods. It can test how many requests a RADIUS servercan answer at a time, to make sure that it will perform well in aspecific environment. This tool needs a non-windows system with java torun. I tried with openSUSE:

  • Download JRadius Minimal (client).

  • Unzip the file with the following command:

  • Start the application with the following command:

The application window will open. Fill out the fields:

Free Radius Mapping Tool

  • RADIUS tab
    • Transport: UDP
    • RADIUS Server: 192.168.0.10
    • Shared Secret: mysharedsecret
    • Auth Port: 1812
    • Acct Port: 1813
    • Send Timeout: 10 (or fill in what the NAS offers as timeoutto make test more “real”)
    • Send Retries: 0 (or fill in what the NAS offers as timeoutto make test more “real”)
    • Requester Threads: 1 (To understand this option think aboutthe number of NAS nodes. Every NAS is a Requester Thread. Inworst case after a power cycle all NAS reboot at once so enterhere the amount of NAS nodes)
    • Requests per Thread: 1 (To understand this think about thenumber of hosts which are connected to this NAS at a time and whenthe NAS rebooted all clients will try to reauthenticate)
    • Simulation Type: Auth only (if accounting is chosen, thenadditional attributes must be added later)
    • Authentication Protocol: PAP (Change it to suit the needs ofthe site but TLS needs a client cert, PEAP users only the servercert from FreeRADIUS)
    • Verify Standard: None
    • Check Log RADIUS to log tab
  • Attributes tab:
    • User-Name: myuser
    • User-Password: mypass
    • NAS-Port: 25 (any value is ok)
    • NAS-IP-Address: 192.168.0.111 (IP of the NAS)
    • Check all four attributes in AccessReq
  • RADIUS tab
    • Click Start

Then the test will be performed. It could take some time and the displaywill show the number of requests can be handled per second and theresponse speed. If the server cannot handle the requests fast enoughthen think about increasing FreeRADIUS > Settings, Maximum Numberof Threads. Do not increase this unlimited. It will help on peaks butif there is a high load all the time, think about a faster backend(MySQL instead of flat file). There is also a speed difference if thetestuser in FreeRADIUS > USers is listed at the bottom of a 100users long list or at the top. And there is a difference if there aremany reply attributes like VLAN ID and so on.

After this performance test check the FreeRADIUS server as described inthis chapter: FreeRADIUS 2.x package

EAP Testing

While FreeRADIUS comes with a command-line tool calledradeapclient, by far and away the best EAP testing tool isthe eapol_test program from wpa_supplicant.

The default build of wpa_supplicant does not build theeapol_test program, so you will have to do that yourself.

Building eapol_test

Radius Test Rig Utility

Download the latest version of wpa_supplicant,and un-tar it, then follow these instructions to build it:

$ cd wpa_supplicant-version/wpa_supplicant
$ cp defconfig .config
$ vi .config
Free radius mapping tool

Find the line containing

and change it to

CONFIG_EAPOL_TEST=y

Then, type

Once it is done, copy the file to some where in your PATH.e.g. /usr/local/bin, or ~/bin. The following testsassume that the eapol_test file has been installed, such asvia the following command:

$ cp eapol_test /usr/local/bin

Testing

Run the eapol_test program from the command-line, with oneof the following configuration files.

Where file is one of the configuration files below. Weare also assuming that the RADIUS server is on localhost, andthat the shared secret is testing123.

  • PEAPv0
    • EAP-GTC
  • EAP-TTLS

These configuration files assume that you are using the test userbob, with password hello, as given in the PAP howto.

Free Radius Test Tool Harbor Freight

If the productioncertificates have been created, then the ca_cert entry ineach configuration file can be un-commented. The eapol_testprogram will then verify the server certificate.

Session Resumption, or Fast Reauthentiction

Radius Test Tool For Windows

Use eapol_test -r 1 ... in order to test sessionresumption. See the eapol_test documentation for moreinformation.