• Radius Test is an implementation of the client side of RADIUS - Remote Authentication Dial In User Service. It is a useful tool for testing installations of your RADIUS server. Through Radius Test you can simulate authentication and accounting requests and send them to the RADIUS server making Radius Test as a NAS client.
• Radius Test is a server testing tool that can be used by Internet service providers for dial-in user authentication through RADIUS (Remote Authentication Dial In User Service).

1. Free Radius Test Tool Set
2. Test Radius Powershell
3. Test Radius Authentication
4. Free Radius Test Tool Kit
5. Radius Test Tool For Windows
6. Radius Test Rig Utility

The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS.

Important

Netgate is offering COVID-19 aid for pfSense software users, learn more.

Testing the FreeRADIUS Package ona pfSense® firewall.

Test Configuration¶

At a minimum, testing FreeRADIUS requires A User, an Interface, and aNAS/Client.

• Add a User with the following configuration:

  Username

  testuser

  Password

  testpassword

• Add a Client/NAS with the following configuration:

  IP Address

  127.0.0.1

  Shared Secret

  testing123

• Add an Interface with the following configuration:

  IP Address

  127.0.0.1

  Interface Type

  Auth

  Port

  1812

GUI Test¶

The easiest way to test is by using Diagnostics > Authentication in the GUI.

First, add a RADIUS server entry to the user manager as described inAuthentication Servers.

• Navigate to System > User Manager, Authentication Servers tab

• Fill in the settings to match the entry in FreeRADIUS:

  Descriptive Name

  FreeRADIUS

  Type

  RADIUS

  Hostname or IP Address

  127.0.0.1

  Shared Secret

  testing123

  Services Offered

  Authentication

  Authentication Port

  1812

• Click Save

Next, perform the GUI test:

• Navigate to Diagnostics > Authentication

• Set Authentication Server to the RADIUS server in the user manager

• Fill in the Username and Password

• Click Test

If the test succeeds, the GUI prints a success message:

The system log will also contain a message indicating a successful login:

If the test fails, the GUI prints a failure message:

Authentication failed.

The system log will also contain a message indicating failure:

CLI Test¶

FreeRADIUS offers an easy to use command line tool to check if the server isrunning and listening to incoming requests.

SSH to the firewall, start a shell, and type in the following command:

The following output will appear if the test succeeds:

The Access-Accept portion of the output is the most relevant.

Check the system log for the following output:

If a part of the test fails, such as incorrect username, then the test commandoutput will look like the following:

The Accesss-Reject packet indicates that the server rejected the attempt,and the system log will contain the following output:

Let's say that you have mysql and freeradius installed in your system and would like to use it with MikroTik.

After FreeRADIUS is installed, we need to configure it. This step will detail how to setup the server for use with the local Unix user accounts for the machine that FreeRADIUS is installed on. If you would like to immediately setup the server for use with the MySQL database proceed to the next step but I highly recommend you do this step first to verify the RADIUS install works properly. Step 4 also builds on this step.

First we are going to need some tool to test the installation of the RADIUS server with, I prefer NTRadPing you can download it from MasterSoft’s website (free download)NTRadPing provides a nice simple testing interface for MS Windows computers.

First we need to authorize access to the RADIUS server to certain computers:

Add the IP address of the Mikrotik box and the IP address of the windows computer you have NTRadPing installed on and pick a secret key for each.

Example:

• 5MySQL Database
  • 5.1Configuration Files

optional step

This step is not crucial and may be skipped, it simply adds functionaility for you to use the two attributes: Mikrotik-Recv-Limit and Mikrotik-Xmit-Limit for limiting how much data a user can use before being knocked offline (ie. once they transfer say 200MB they are kicked offline). I don’t use this, but you may wish to:

We now need to ‘install’ the dictionary file for the Mikrotik:

• NOTE: if anyone knows anything about this step, ie) if I’m doing it wrong Wink please let me know, my email address is at the top of the page:

After the last $INCLUDE statement add the following line:

naslist

Add the same IP addresses for your test computer and Mikrotik box into this file and select the type of NAS. Example:

Free Radius Test Tool Set

radiusd.conf

Find the Unix section of the file and ensure that the lines

Test Radius Powershell

are NOT commented out (ie. do not have a # sign in front of them).

Congratulations!!! You now have a fully functional RADIUS server that will uses the local Unix accounts as its authentication base.

Let’s test it out

Start the RADIUS server in debug mode(-x) by typing:

• Note: You must be logged in as root (su or real login) to start the server, otherwise you will get a “command not found” error.

If you receive no error messages you have configured the server properly, now on the MS Windows machine open NTRadPing. Enter the following:

• You should get an “Access-Accept” message.
• Now change the password to something incorrect, ensure you get an “Access-Reject” message
• Now correct the password, change the port to 1813, and change the Request Type to: “Accounting Start”. Ensure you get an “Accounting-Response” message.
• Finally change the Request Type to: “Accounting Stop”. Ensure you get an “Accounting-Response” message.

MySQL Database

If the above tests came back in good order we can go ahead and setup FreeRadius to use the MySQL database.

Stop the RADIUS server by pressing CTRL-C

First of all we will need to setup a database schema for the RADIUS server to use, fortunately FreeRADIUS ships with a SQL script to create the database for us. In this step when I refer to root and the respective root password, I am referring to the root user for the MySQL database, not root of the entire system.

You are now in the MySQL shell, all SQL commands end with a semicolon (Wink

We need to create a database before we can create tables within it:

This creates an empty database named “radius”

Now execute the script included with FreeRADIUS to create the database tables:

You should see 6 different tables in the radius database.

Test Radius Authentication

Let’s insert a test user while we are at it:

Verify the user was added by viewing the rows of the usergroup table:

We still need to set more attributes for the user:

We will configure a quick test response here as well (not to be used in the final implementation, you will have to configure that depending on what you want, this will work however):

Configuration Files

We finally need to change a few configuration files:

radiusd.conf

Find the “authorize” section (near the bottom) and add “sql” (no quotes) between“suffix” and “files”. Comment out “files” by putting a # in front of it. Do the same to “suffix”.

Find the “accounting” section (a bit underneath the authorize section) and place the word “sql” (without quotes” between “unix” and radutmp”

sql.conf

Find And modify the following fields:

Starting the Radius Server

Start the RADIUS server:

Let’s test the RADIUS server using NTRadPing as before but use the username and password of the test user listed in the SQL database. You should receive an “Access-Accept” response and assuming you correctly entered the entries into the radgroupreply table you should also see the following in the Attribute Dump portion of the response in NTRadPing:

Congratulations you now have a fully functional RADIUS server authenticating against a MySQL database, and storing the accounting data in the MySQL database!!!

Getting the Mikrotik RouterOS Box to Work with the RADIUS Server

Free Radius Test Tool Kit

Log into the Mikrotik box and execute these simple commands:

For simplicities’ sake later ensure you can ping the radius server from the Mikrotik box:

If you can not ping your server you must fix that first before continuing

You should now, as a hotspot client, be able to request any page and be directed to the login page as normal, if you login as an entry in the SQL database (username: radiustest, password: testpassword) you shold be authenticated no problem.

Radius Test Tool For Windows

Note on RADIUS Applications

There are many ways to use RADIUS with Mikrotik, the common applications are authorizing associations based on MAC address, and PPP(oE/TP) user authorization. Both of these are very simple to do, but can cause some frustration as they are not well documented in the manual. Keep in mind that you will need to add definitions for RADIUS servers in the RADIUS table. Each definition in the RADIUS table (click the RADIUS menu in winbox) is for a specific server, and you can have each specific server authenticate for different types of services, such as HotSpot, PPP[oE/TP], and Wireless.

To authorize associations on an AP interface, first set up a RADIUS server with 'Wireless' enabled, then you simply need to set 'radius-mac-authentication=yes' in the security profile for the AP. You can do this through winbox by going to the Wireless->Security Profiles tab, double clicking your profile and ticking the 'RADIUS MAC Authentication' box. Mikrotik will submit the MAC address as the username in the format 00:11:22:33:44:55 with a blank password. Since Mikrotik submits a blank password, you will need to keep this in mind when developing your security systems.

To authorize PPP[oE/TP] sessions, first set up a RADIUS server with 'PPP' enabled, then on the PPP menu click 'Secrets' and 'AAA', then check radius (At the console, /ppp aaa use-radius=yes). There are many supported attributes that allow you to do many useful things with PPP/RADIUS, such as individual client WEP keys, and per-user queue limits. Read more about the available radius attributes on the Radius manual page

Accounting

To view the Accounting database table for a user:

• Note each login/logout pair is recorded as one row in the table

See also

Radius Test Rig Utility