Can I run eapol_test in interactive mode for PEAP testing?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi

I just recently discovered wpa_supplicant and I am a big fan - my use
case was to find a mechanism to test radius servers without using any
real networking infrastructure - hence, I gravitated to eapol_test

It's working really well except for one use case:  when testing
eap-peap authentications I am unable to go into interactive mode to
simulate a user typing in a wrong credential (which causes the
authenticating server to issue an EAP Challenge response).  eapol_test
doesn't handle this challenge and then the EAP conversation times out.
It would be useful to test the case where a user provides the
incorrect credentials, and have the authenticating server exhaust his
attempts and return an Access-Reject (for example).

Currently with one (wrong) credential eapol_test fails as follows

EAP-MSCHAPV2: error 691
EAP-MSCHAPV2: retry is allowed
EAP-MSCHAPV2: failure challenge - hexdump(len=16): 75 0f 88 f7 73 1a
31 57 f9 48 6a 75 65 87 a3 1b
EAP-MSCHAPV2: password changing protocol version 3
EAP-MSCHAPV2: failure message: '' (retry allowed, error 691)
EAPOL: EAP parameter needed
EAPOL: EAP parameter needed
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: startWhen --> 0
EAPOL test timed out
EAPOL: EAP key not available
EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit
ENGINE: engine deinit
MPPE keys OK: 0  mismatch: 1
FAILURE

But my radius server never receives an Access-Reject, since the EAP
conversation got abandoned.

I have tried to see whether I could use wpa_cli, but it seems that it
relies on wpa_supplicant, and hence, a real wireless adapter.

How tricky/easy would it be to add an interactive mode to eapol_test?
Or failing that, the ability to specify multiple credentials that one
could enter into the .conf file

network={
        ssid="example"
        key_mgmt=WPA-EAP
        eap=PEAP
        identity="bob"
        anonymous_identity="anonymous"
        password="mysupersecretpassword"
        phase2="autheap=MSCHAPV2"
#
#  Would this work, to get eapol_test to engage in EAP Challenge?
#       password2="myotherpassword"
#       password3="lasttry"

thanks and regards
Arne

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux