Table of Contents |
---|
Testing your eduroam setup (especially when you are new) can be daunting. The developers of the wpa_supplicant software on Linux provide a handy tool called eapol_test that will test an EAP authentication flow like a client with a lot of debug information.
eapol_test is traditionally only available on Linux. Instructions to build it for Linux and for 64-bit Windows (Windows 7 and later) are below.
If you do not want to build eapol_test for Windows yourself, you can download a digitally signed copy at Github: https://github.com/janetuk/eapol_test
Linux
Build on Linux
Preparatory work
Install the usual build-tools:
...
Code Block | ||
---|---|---|
| ||
sudo apt-get install libssl-dev |
NOTE: The following packages may also be required: libdbus-1-dev, libnl-3-dev, libnl-route-3-dev and libnl-genl-3-dev, as well as configuration changes in dbus/dbus_new.c (Ubuntu 20).
Building eapol_test
Download wpa_supplicant's source at https://w1.fi/releases/wpa_supplicant-2.9.tar.gz
Unpack the wpa_supplicant distribution, change into the wpa_supplicant/ subdirectory and create the default config file by executing
...
Code Block | ||
---|---|---|
| ||
make eapol_test |
Running ./eapol_test without parameters will display the command-line parameters.
Windows
Currently the The instructions for Windows depend on either using a Linux host (such as a virtual machine), or a container if you are using Docker or similar). The instructions following here are for virtual machine-based building.
...
installing the MinGW64 compiler on Windows. For the former, we recommend a recent version of Ubuntu Linux because it includes recent versions of the required tools. For the latter, the instructions were tested on Windows 7 Enterprise, but should continue to be accurate for Windows 10.
1. Cross-compile on Linux for Windows
Preparatory work
Install Ubuntu 20.
Install MinGW:
Code Block | ||
---|---|---|
| ||
sudo apt-get install mingw-w64 |
Install the usual build - tools and MinGW:
Code Block | ||
---|---|---|
| ||
sudo apt-get install build-essential mingw-w64 |
Configuration
Create the script file /usr/bin/mingw64
Code Block | ||
---|---|---|
| ||
#!/bin/sh PREFIX=x86_64-w64-mingw32 export CC=$PREFIX-gcc export CXX=$PREFIX-g++ export CPP=$PREFIX-cpp export AR=$PREFIX-ar export AS=$PREFIX-as export NM=$PREFIX-nm export WINDRES=$PREFIX-windres export RANLIB=$PREFIX-ranlib export ADDR2LINE=$PREFIX-addr2line export DLLTOOL=$PREFIX-dlltool export DLLWRAP=$PREFIX-dllwrap export ELFEDIT=$PREFIX-elfedit export OBJCOPY=$PREFIX-objcopy export OBJDUMP=$PREFIX-objdump export READELF=$PREFIX-readelf export SIZE=$PREFIX-size export STRINGS=$PREFIX-strings export STRIP=$PREFIX-strip export WINDMC=$PREFIX-windmc export GCOV=$PREFIX-gcov export PATH="/usr/x86_64-w64-mingw32/bin:$PATH" exec "$@" |
Make it executable by all
Code Block | ||
---|---|---|
| ||
sudo chmod a+x /usr/bin/mingw64 |
Building the sources
Download eapol_test.c.patch
(for wpa_supplicant v2.9 or earlier) and eapol_test.config
from https://github.com/janetuk/eapol_test
Download libtommath's source at https://github.com/libtom/libtommath/releases/download/v1.2.0/ltm-1.2.0.tar.xz
Download wpa_supplicant's source at https://w1.fi/releases/wpa_supplicant-2.9.tar.gz
Unpack the libtommath distribution. Note the directory you unpacked it to. You will need it when you build eapol_test.exe
Change to the libtommath directory. Run the build command
Code Block | ||
---|---|---|
| ||
mingw64 make |
This should now build successfully and leave you with a library in the directory.
...
Edit the .config file. Find the line ifndef CONFIG_INTERNAL_LIBTOMMATH
LTM_PATH=
, change the line below it to the directory you built libtommath in:
Code Block | ||
---|---|---|
| ||
LTM_PATH=<directory where you built libtommath> |
(for wpa_supplicant v2.9 or earlier) Run the patching command to fix eapol_test.cc
Code Block | ||
---|---|---|
| ||
patch eapol_test.c <full path to eapol_test.c.patch> |
...
Code Block | ||
---|---|---|
| ||
CFLAGS=" -Wno-error=pointer-to-int-cast -MMD -O2 -g -w" mingw64 make eapol_test |
You should now have an eapol_test.exe
...
around 6-7 MB in size.
Copy this to a Windows box. Run it without parameters in a command-line window (this is not a GUI application). It should display command-line parameters.
2. Build on Windows
Preparatory work
Download and install MinGW-W64 from https://sourceforge.net/projects/mingw-w64/files/Toolchains%20targetting%20Win32/Personal%20Builds/mingw-builds/installer/mingw-w64-install.exe
Run the installer, mingw-w64-install.exe. Because it is not signed, Windows will prompt you to confirm whether you wish to run this executable.
During the the installation, you will be prompted for the following:
- Version: 8.1.0 (default)
- Architecture: x86_64
- Threads: win32
- Exception: seh
Accept all other defaults.
Configuration
Create a batch file: C:\Program Files\mingw-w64\x86_64-8.1.0-win32-seh-rt_v6-rev0\mingw64\bin\mingw64.bat
Code Block | ||
---|---|---|
| ||
@echo off
set PREFIX=x86_64-w64-mingw32
set CC=%PREFIX%-gcc.exe
set CXX=%PREFIX%-g++.exe
set CPP=%PREFIX%-c++.exe
set GCOV=%PREFIX%-gcov.exe
set MAKE=mingw32-make.exe
%* |
Save it.
Building the sources
Download eapol_test.c
(for wpa_supplicant v2.9 or earlier only) and eapol_test.config
from https://github.com/janetuk/eapol_test. For the purposes of these instructions, we shall use C:\Users\Administrator\Desktop.
Download libtommath's source at https://github.com/libtom/libtommath/releases/download/v1.2.0/ltm-1.2.0.tar.xz
Download wpa_supplicant's source at https://w1.fi/releases/
Unpack the libtommath distribution. Note the directory you unpacked it to. You will need it later. For the purposes of these instructions, we shall use C:\Users\Administrator\Desktop\libtommath-1.2.0
Unpack the wpa_supplicant distribution. For the purposes of these instructions, we shall use C:\Users\Administrator\Desktop\wpa-2.9
Open a MinGW-W64 prompt by opening the menu, going to All Programs > MinGW-W64 project > x86_64-8.1.0-win32-seh-rt_v6-rev0 > Run terminal.
Code Block | ||
---|---|---|
| ||
C:\>_ |
Change to the libtommath directory. Run the build command
Code Block | ||
---|---|---|
| ||
C:\> cd C:\Users\Administrator\Desktop\libtommath-1.2.0
C:\Users\Administrator\Desktop\libtommath-1.2.0> mingw64.bat %MAKE% |
This should build successfully and leave you with a library in the directory.
Copy eapol_test.config to the wpa_supplicant subdirectory.
Code Block | ||
---|---|---|
| ||
cd C:\Users\Administrator\Desktop
copy eapol_test.config wpa-2.9\wpa_supplicant\.config |
(for wpa_supplicant v2.9 or earlier only) Copy eapol_test.c to the wpa_supplicant subdirectory. You will likely be prompted to overwrite eapol_test.c. Confirm by answering 'Y'.
Code Block | ||
---|---|---|
| ||
cd C:\Users\Administrator\Desktop
copy eapol_test.c wpa-2.9\wpa_supplicant\eapol_test.c |
Change to the wpa_supplicant subdirectory.
Code Block | ||
---|---|---|
| ||
C:\Users\Administrator\Desktop> cd wpa-2.9\wpa_supplicant |
Edit the .config file. Find the line LTM_PATH=
, change it to the directory you built libtommath in:
Code Block | ||
---|---|---|
| ||
LTM_PATH=C:\Users\Administrator\Desktop\libtommath-1.2.0 |
Edit the Makefile and replace the CFLAGS= line near the top of the file with this:
Code Block | ||
---|---|---|
| ||
CFLAGS= -Wno-error=pointer-to-int-cast -MMD -O2 -g -w |
Run the build command
Code Block | ||
---|---|---|
| ||
C:\Users\Administrator\Desktop\wpa-2.9\wpa_supplicant> mingw64.bat %MAKE% eapol_test |
You should now have an eapol_test.exe
around 6-7 MB in size.
Run it without parameters in a command-line window (this is not a GUI application). It should display command-line parameters.
Testing with eapol_test
Testing with eapol_test on Linux or Windows will ultimately yield the same results. The configuration files for use with the utility are identical on either platform. Here is a sample configuration file you can use.
Configuration file
Code Block | ||
---|---|---|
| ||
network={ phase1="tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=0 tls_disable_tlsv1_3=1 peapver=0" key_mgmt=WPA-EAP eap=PEAP identity="<username@realm>" anonymous_identity="@realm" password="<userpassword>" phase2="eapauth=MSCHAPV2 mschapv2_retry=0" # ca_cert="<full path of the CA root certificate>" # subject_match="<subject CN>" # altsubject_match="<DNS: entry from subjectAltName>" # domain_match="<subject CN>" } |
To use server certificate validation, uncomment the ca_cert
line.
...