radius系列：freeradius测试

最新推荐文章于 2025-10-15 07:43:26 发布

原创最新推荐文章于 2025-10-15 07:43:26 发布 · 1.2w 阅读

5 ·

CC 4.0 BY-SA版权

radius 专栏收录该内容

3 篇文章

订阅专栏

本文介绍了freeradius的测试过程，包括使用radclient、radtest、radeapclient、eapol_test等工具进行测试，并提到了服务器端的配置，如pap、eap-md5、eap-tls、ttls-chap、ttls-mschapv2和ttls-pap的设置。

常用工具：

radclient

radtest

radeapclient

eapol_test

jradius simulator

jradius编码

先简单备注下测试配置，后期再作说明：

服务器端配置如下：

## etc/raddb/users 用户配置
"madding" Cleartext-Password := "hell01234"

## etc/raddb/clients.conf 配置客户端密码， 由于是本机测试，配置这个点即可：client localhost 
 secret      = testing123


## /etc/raddb/eap.conf
## eap-tls配置，在tls模块配置客户端证书
## 将父证书到顶级证书的内容都加入奥pem中，要不然freeradius无法识别，区别apache
 CA_file = ${cadir}/alilang/alilang_ca_merge.pem

## etc/raddb/sites-enabled/default
## 配置验证和授权的方式，计费可不考虑，这次不测是到这个点；确认开启了以下几个方式
pap
eap
chap
mschap

pap：

/opt/freeradius/bin/radtest madding hell01234 127.0.0.1 1812 testing123

eap-md5：

# eap-md5.sh
/opt/freeradius/bin/radeapclient -x 127.0.0.1 auth testing123 < eap-md5.txt

# eap-md5.txt
User-Name = "madding"
Cleartext-Password = "hell01234"
EAP-Code = Response
EAP-Id = 210
EAP-Type-Identity = "ufiletest"
Message-Authenticator = 0x00

peap-mschapv2：

#
#   eapol_test -c peap-mschapv2.conf -s testing123
#
network={
        ssid="example"
        key_mgmt=WPA-EAP
        eap=PEAP
        identity="madding"
        anonymous_identity="anonymous"
        password="hell01234"
        phase2="autheap=MSCHAPV2"

    #
    #  Uncomment the following to perform server certificate validation.
#   ca_cert="/etc/raddb/certs/ca.der"
}

eap-tls:

# eapol_test -c tls.conf -a 127.0.0.1 -p 1812 -s testing123 -r 1

network={
    eap=TLS
    eapol_flags=0
    key_mgmt=IEEE8021X
    identity="madding"
    password="hell01234"

    # client 
    #ca_cert="/opt/freeradius/etc/raddb/certs/ca.pem"
    #client_cert="/opt/freeradius/etc/raddb/certs/client.pem"
    #private_key="/opt/freeradius/etc/raddb/certs/client.key"
    #private_key_passwd="whatever"

    # self cert client 
    client_cert="/home/madding/output/alilang_client_25741.pem"
    private_key="/home/madding/output/alilang_client_25741.key"
    private_key_passwd="hell01234"

    # server
    #ca_cert="/opt/freeradius/etc/raddb/certs/ca.pem"
    #client_cert="/opt/freeradius/etc/raddb/certs/server.pem"
    #private_key="/opt/freeradius/etc/raddb/certs/server.key"
    #private_key_passwd="whatever"
}

ttls-chap:

#
#   eapol_test -c ttls-pap.conf -s testing123
#
network={
        ssid="example"
        key_mgmt=WPA-EAP
        eap=TTLS
        identity="madding"
        anonymous_identity="anonymous"
        password="hell01234"
        phase2="auth=CHAP"

    #
    #  Uncomment the following to perform server certificate validation.
#   ca_cert="/etc/raddb/certs/ca.der"
}

ttls-eapmd5:

#
#   eapol_test -c ttls-eapmd5.conf -s testing123
#
network={
        ssid="example"
        key_mgmt=WPA-EAP
        eap=TTLS
        identity="madding"
        anonymous_identity="anonymous"
        password="hell01234"
        phase2="autheap=MD5"

    #
    #  Uncomment the following to perform server certificate validation.
#   ca_cert="/etc/raddb/certs/ca.der"
}
~

ttls-mschapv2:

#
#   eapol_test -c ttls-mschapv2.conf -s testing123
#
network={
        ssid="example"
        key_mgmt=WPA-EAP
        eap=TTLS
        identity="bob"
        anonymous_identity="anonymous"
        password="hello"
        phase2="autheap=MSCHAPv2"

    #
    #  Uncomment the following to perform server certificate validation.
#   ca_cert="/etc/raddb/certs/ca.der"
}

ttls-pap:

#
#   eapol_test -c ttls-pap.conf -s testing123
#
network={
        ssid="example"
        key_mgmt=WPA-EAP
        eap=TTLS
        identity="madding"
        anonymous_identity="anonymous"
        password="hell01234"
        phase2="auth=PAP"

    #
}