Testing your eduroam setup (especially when you are new) can be daunting. The developers of the wpa_supplicant software on Linux provide a handy tool called eapol_test that will test an EAP authentication flow like a client with a lot of debug information.
eapol_test is traditionally only available on Linux. Instructions to build it for Linux and for 64-bit Windows (Windows 7 and later) are below.
If you do not want to build eapol_test for Windows yourself, you can download a digitally signed copy at Github: https://github.com/janetuk/eapol_test
Linux
Build on Linux
Preparatory work
Install the usual build-tools:
sudo apt-get install build-essential
Install the OpenSSL development files:
sudo apt-get install libssl-dev
NOTE: The following packages may also be required: libdbus-1-dev, libnl-3-dev, libnl-route-3-dev and libnl-genl-3-dev, as well as configuration changes in dbus/dbus_new.c (Ubuntu 20).
Building eapol_test
Download wpa_supplicant's source at https://w1.fi/releases/
Unpack the wpa_supplicant distribution, change into the wpa_supplicant/ subdirectory and create the default config file by executing
cp defconfig .config
Then, enable compilation of eapol_test by editing the .config file and setting (i.e. uncommenting)
CONFIG_EAPOL_TEST=y
You can then compile eapol_test with
make eapol_test
Running ./eapol_test without parameters will display the command-line parameters.
Windows
The instructions for Windows depend on either using a Linux host (such as a virtual machine), or installing the MinGW64 compiler on Windows. For the former, we recommend a recent version of Ubuntu Linux because it includes recent versions of the required tools. For the latter, the instructions were tested on Windows 7 Enterprise, but should continue to be accurate for Windows 10.
1. Cross-compile on Linux for Windows
Preparatory work
Install Ubuntu 20.
Install the usual build tools and MinGW:
sudo apt-get install build-essential mingw-w64
Configuration
Create the script file /usr/bin/mingw64
#!/bin/sh PREFIX=x86_64-w64-mingw32 export CC=$PREFIX-gcc export CXX=$PREFIX-g++ export CPP=$PREFIX-cpp export AR=$PREFIX-ar export AS=$PREFIX-as export NM=$PREFIX-nm export WINDRES=$PREFIX-windres export RANLIB=$PREFIX-ranlib export ADDR2LINE=$PREFIX-addr2line export DLLTOOL=$PREFIX-dlltool export DLLWRAP=$PREFIX-dllwrap export ELFEDIT=$PREFIX-elfedit export OBJCOPY=$PREFIX-objcopy export OBJDUMP=$PREFIX-objdump export READELF=$PREFIX-readelf export SIZE=$PREFIX-size export STRINGS=$PREFIX-strings export STRIP=$PREFIX-strip export WINDMC=$PREFIX-windmc export GCOV=$PREFIX-gcov export PATH="/usr/x86_64-w64-mingw32/bin:$PATH" exec "$@"
Make it executable by all
sudo chmod a+x /usr/bin/mingw64
Building the sources
Download eapol_test.c.patch (for wpa_supplicant v2.9 or earlier) and eapol_test.config from https://github.com/janetuk/eapol_test
Download libtommath's source at https://github.com/libtom/libtommath/releases/download/v1.2.0/ltm-1.2.0.tar.xz
Download wpa_supplicant's source at https://w1.fi/releases/
Unpack the libtommath distribution. Note the directory you unpacked it to. You will need it when you build eapol_test.exe
Change to the libtommath directory. Run the build command
mingw64 make
This should build successfully and leave you with a library in the directory.
Unpack the wpa_supplicant distribution. Copy eapol_test.config to the wpa_supplicant subdirectory
cp eapol_test.config wpa_supplicant-2.9/wpa_supplicant/.config
Change to the wpa_supplicant subdirectory.
Edit the .config file. Find the line LTM_PATH=, change the line to the directory you built libtommath in:
LTM_PATH=<directory where you built libtommath>
(for wpa_supplicant v2.9 or earlier) Run the patching command to fix eapol_test.c
patch eapol_test.c <full path to eapol_test.c.patch>
Run the build command
CFLAGS=" -Wno-error=pointer-to-int-cast -MMD -O2 -g -w" mingw64 make eapol_test
You should now have an eapol_test.exe around 6-7 MB in size.
Copy this to a Windows box. Run it without parameters in a command-line window (this is not a GUI application). It should display command-line parameters.
2. Build on Windows
Preparatory work
Download and install MinGW-W64 from https://sourceforge.net/projects/mingw-w64/files/Toolchains%20targetting%20Win32/Personal%20Builds/mingw-builds/installer/mingw-w64-install.exe
Run the installer, mingw-w64-install.exe. Because it is not signed, Windows will prompt you to confirm whether you wish to run this executable.
During the the installation, you will be prompted for the following:
- Version: 8.1.0 (default)
- Architecture: x86_64
- Threads: win32
- Exception: seh
Accept all other defaults.
Configuration
Create a batch file: C:\Program Files\mingw-w64\x86_64-8.1.0-win32-seh-rt_v6-rev0\mingw64\bin\mingw64.bat
@echo off set PREFIX=x86_64-w64-mingw32 set CC=%PREFIX%-gcc.exe set CXX=%PREFIX%-g++.exe set CPP=%PREFIX%-c++.exe set GCOV=%PREFIX%-gcov.exe set MAKE=mingw32-make.exe %*
Save it.
Building the sources
Download eapol_test.c (for wpa_supplicant v2.9 or earlier only) and eapol_test.config from https://github.com/janetuk/eapol_test. For the purposes of these instructions, we shall use C:\Users\Administrator\Desktop.
Download libtommath's source at https://github.com/libtom/libtommath/releases/download/v1.2.0/ltm-1.2.0.tar.xz
Download wpa_supplicant's source at https://w1.fi/releases/
Unpack the libtommath distribution. Note the directory you unpacked it to. You will need it later. For the purposes of these instructions, we shall use C:\Users\Administrator\Desktop\libtommath-1.2.0
Unpack the wpa_supplicant distribution. For the purposes of these instructions, we shall use C:\Users\Administrator\Desktop\wpa-2.9
Open a MinGW-W64 prompt by opening the menu, going to All Programs > MinGW-W64 project > x86_64-8.1.0-win32-seh-rt_v6-rev0 > Run terminal.
C:\>_
Change to the libtommath directory. Run the build command
C:\> cd C:\Users\Administrator\Desktop\libtommath-1.2.0 C:\Users\Administrator\Desktop\libtommath-1.2.0> mingw64.bat %MAKE%
This should build successfully and leave you with a library in the directory.
Copy eapol_test.config to the wpa_supplicant subdirectory.
cd C:\Users\Administrator\Desktop copy eapol_test.config wpa-2.9\wpa_supplicant\.config
(for wpa_supplicant v2.9 or earlier only) Copy eapol_test.c to the wpa_supplicant subdirectory. You will likely be prompted to overwrite eapol_test.c. Confirm by answering 'Y'.
cd C:\Users\Administrator\Desktop copy eapol_test.c wpa-2.9\wpa_supplicant\eapol_test.c
Change to the wpa_supplicant subdirectory.
C:\Users\Administrator\Desktop> cd wpa-2.9\wpa_supplicant
Edit the .config file. Find the line LTM_PATH=, change it to the directory you built libtommath in:
LTM_PATH=C:\Users\Administrator\Desktop\libtommath-1.2.0
Edit the Makefile and replace the CFLAGS= line near the top of the file with this:
CFLAGS= -Wno-error=pointer-to-int-cast -MMD -O2 -g -w
Run the build command
C:\Users\Administrator\Desktop\wpa-2.9\wpa_supplicant> mingw64.bat %MAKE% eapol_test
You should now have an eapol_test.exe around 6-7 MB in size.
Run it without parameters in a command-line window (this is not a GUI application). It should display command-line parameters.
Testing with eapol_test
Testing with eapol_test on Linux or Windows will ultimately yield the same results. The configuration files for use with the utility are identical on either platform. Here is a sample configuration file you can use.
Configuration file
network={
phase1="tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=0 tls_disable_tlsv1_3=1 peapver=0"
key_mgmt=WPA-EAP
eap=PEAP
identity="<username@realm>"
anonymous_identity="@realm"
password="<userpassword>"
phase2="eapauth=MSCHAPV2 mschapv2_retry=0"
# ca_cert="<full path of the CA root certificate>"
# subject_match="<subject CN>"
# altsubject_match="<DNS: entry from subjectAltName>"
# domain_match="<subject CN>"
}
To use server certificate validation, uncomment the ca_cert line.
To test various TLS handshakes within PEAP, enable (set to 0) the appropriate tls_disable_tlsv1... option.
To use EAP-TTLS, change the eap= line to TTLS
To change the second-phase authentication, you can either use an EAP inner method by specifying 'eapauth=', or a non-EAP inner method by specifying 'auth=' in the phase2= line.
For complete information on the configuration file format, visit https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf