eapol_test configuration

Mon Dec 12 08:23:28 PST 2005

Jouni Malinen wrote:

>On Mon, Dec 12, 2005 at 11:40:29AM +0100, Norbert Wegener wrote:
>
>  
>
>>I have setup freeradius for 802.1x port authentication at a cisco switch 
>>with eap-tls and an appended look into an ad-server to get needed values 
>>form there. This works without problems.
>>    
>>
>
>  
>
>>Now I want to do some automated tests using eapol_test instead of the 
>>cisco switch.
>>Therefore I setup this configfile file:
>>    
>>
>
>...
>
>  
>
>>        phase1="TLS tunnel"
>>    
>>
>
>This option is not a valid paramter for wpa_supplicant. It is just
>ignored, though, so it shouldn't break anything.
>
>
>  
>
>>freeradius receives:
>>ad_recv: Access-Request packet from host 149.246.133.44 port 32777, 
>>id=0, length=204
>>        User-Name = "myid"
>>        EAP-Message = 
>>0x02000035012f4f3d5369656d656e732d323030352f434e3d4e6f726265727420576567656e65722054434749443d5a5a5a5a5a3145
>>    
>>
>
>  
>
>>but does not start an eap-tls authentication. Instead it directly 
>>searches the AD server.
>>    
>>
>
>This sounds like a configuration issue on the FreeRADIUS end of the
>connection, so I would recommend going through its configuration and
>asking on freeradius-users mailing list, if needed. Maybe that
>User-Name is not configured to use EAP authentication.
>  
>
Thank you, the problem is solved. Had to do with certificates on the 
radius side.
Another question:
I would like to see, where in a special configuration the slowest part. 
Therefore I would like to fire up as much authentication requests as 
possible via eapol_test.
So, is there a configuration option, that let's eapol_test fire up a 
predefined number of new authcntication requests as soon as the last one 
is accepted or rejected?
Norbert