test_single.sh 6.83 KB
Newer Older
Peder Bergebakken Sundt's avatar
Peder Bergebakken Sundt committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
#!/usr/bin/env bash
cd rad_eap_test

# certs
echo 'MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7cJpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYPmDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRCdWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTffwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cmNW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPxH2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe+o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g==' |
base64 -d > test_ca_cert1.crt ; echo Created test_ca_cert1.crt
echo 'MIIE+zCCA+OgAwIBAgIQCHC8xa8/25Wakctq7u/kZTANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwHhcNMTQxMTE4MTIwMDAwWhcNMjQxMTE4MTIwMDAwWjBkMQswCQYDVQQGEwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJQW1zdGVyZGFtMQ8wDQYDVQQKEwZURVJFTkExGDAWBgNVBAMTD1RFUkVOQSBTU0wgQ0EgMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMV2Dw/ZQyk7bG3RR63eEL8jwnioSnc18SNb4EweQefCMQC9iDdFdd25AhCAHo/tZCMERaegOTuBTc9jP8JJ/yKeiLDSlrlcinQfkioq8hLIt2hUtVhBgUBoBhpPhSn7tU08D08/QJYbzqjMXjX/ZJj1dd10VAWgNhEEEiRVY++Udy538RV27tOkWUUhn6i+0SftCuirOMo/h9Ha8Y+5Cx9E5+Ct85XCFk3shKM6ktTPxn3mvcsaQE+zVLHzj28NHuO+SaNW5Ae8jafOHbBbV1bRxBz8mGXRzUYvkZS/RYVJ+G1ShxwCVgEnFqtyLvRx5GG1IKD6JmlqCvGrn223zyUCAwEAAaOCAaYwggGiMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMHkGCCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MIGBBgNVHR8EejB4MDqgOKA2hjRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3JsMDqgOKA2hjRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB0GA1UdDgQWBBRn/YggFCeYxwnSJRm76VERY3VQYjAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzANBgkqhkiG9w0BAQsFAAOCAQEAqSg1esR71tonHqyYzyc2TxEydHTmQN0dzfJodzWvs4xdxgS/FfQjZ4u5b5cE60adws3J0aSugS7JurHogNAcyTnBVnZZbJx946nw09E02DxJWYsamM6/xvLYMDX/6W9doK867mZTrqqMaci+mqege9iCSzMTyAfzd9fzZM2eY/lCJ1OuEDOJcjcV8b73HjWizsMt8tey5gvHacDlH198aZt+ziYaM0TDuncFO7pdP0GJ+hY77gRuW6xWS++McPJKe1e9GW6LNgdUJi2GCZQfXzer8CM/jyxflp5HcahE3qm5hS+1NGClXwmgmkMd1L8tRNaN2v11y18WoA5hwnA9Ng==' |
base64 -d > test_ca_cert2.crt ; echo Created test_ca_cert2.crt
echo

# -H <address>                - Address of radius server (DNS name or IP address). When using
#                               DNS name IPv4 address will be used unless -6 option is present.
#                               Both IPv4 or IPv6 addresses may be used.
# -P <port>                   - Port of radius server
# -S <secret>                 - Secret for radius server communication
# -u <username>               - Username (user@realm.tld)
# -A <anonymous_id>           - Anonymous identity (anonymous_user@realm.tld)
# -p <password>               - Password
# -t <timeout>                - Timeout (default is 5 seconds)
# -m <method>                 - Method (WPA-EAP | IEEE8021X)
# -v                          - Verbose (prints decoded last Access-accept packet)
# -c                          - Prints all packets decoded
# -s <ssid>                   - SSID
# -e <method>                 - EAP method (PEAP | TLS | TTLS | LEAP)
# -M <mac_addr>               - MAC address in xx:xx:xx:xx:xx:xx format
# -i <connect_info>           - Connection info (in radius log: connect from <connect_info>)
# -d <domain_name>            - Constraint for server domain name. FQDN is used as a full match
#                               requirement for the server certificate. Multiple values may be specified.
#                               Multiple values must be separated by semicollon.
# -k <user_key_file>          - user certificate key file
# -l <user_key_file_password> - password for user certificate key file
# -j <user_cert_file>         - user certificate file
# -a <ca_cert_file>           - certificate of CA
# -2 <phase2 method>          - Phase2 type (PAP,CHAP,MSCHAPV2)
# -x <subject_match>          - Substring to be matched against the subject of the authentication server certificate.
# -N                          - Identify and do not delete temporary files
# -O <domain.edu.cctld>       - Operator-Name value in domain name format
# -I <ip address>             - explicitly specify NAS-IP-Address
# -C                          - request Chargeable-User-Identity
# -T                          - send Called-Station-Id in MAC:SSID format
# -f                          - send big access-request to cause fragmentation
# -b                          - print details about certificate of RADIUS server (whole certificate chain
#                               may be retrieved by eapol_test, there is a certain logic that tries to
#                               determine the end server cert and print it)
# -B <file>                   - save certificate of RADIUS server to specified file
# -n <directory>              - store temporary files in specified directory
# -g                          - print the entire unmodified output of eapol_test
# -V                          - Show received Chargeable-User-Identity and/or Operator-Name
# -X <warn_days>              - check certificate expiry (whole certificate chain may be retrieved by
#                               eapol_test, there is a certain logic that tries to determine the end
#                               server cert which is checked for expiry)
# -6                          - force use of IPv6 when using DNS name as RADIUS server address
# -4                          - use IPv4 when using DNS name as RADIUS server address (this is the
#                               default, but the option exists for compatibility)
# -h                          - show this message



./rad_eap_test            \
	-H 'ntlr1.eduroam.no' \
	-P 1812               \
	-S Hunter2            \
	-u test_inner@edu.nl  \
	-A test_outer@edu.nl  \
	-p dvhvw              \
	-s eduroam            \
	-d guest.surfnet.nl   \
	-a test_ca_cert1.crt  \
	-a test_ca_cert2.crt  \
	-m WPA-EAP -e PEAP

echo
rm -v test_ca_cert1.crt
rm -v test_ca_cert2.crt