RADPERF
Authentication, Authorization, and Accounting. Performance, scalability, load testing, and validation.
One of the most critical steps when building a RADIUS system is performance characterisation. This means testing the system to see if both authentication (i.e., read-only) and accounting (i.e., read-write) behavior is acceptable.
In many cases, the performance will be good enough for normal loads. However, high loads are commonly seen when a NAS reboots and many users flood the network at the same time. If the system cannot handle this load, then it will be unsuitable for a production environment.
RadPerf helps you make this determination. It can send both authentication and accounting packets at varying rates. Even better, you do not need to know anything about RADIUS in order to use RadPerf.
Starting with a list of users and passwords in a CSV file, RadPerf can generate both authentication and accounting packets. It can simulate spikes in traffic, long-lived user sessions, and end-to-end user behavior.
Once RadPerf has finished testing, it produces a set of reports that summarize offered load versus accepted load. Total accepted packets per second can quickly be determined. These reports gives you the data that you need to make an informed decision about placing a system into production.
http://networkradius.com/radius-performance-testing/
radperf-u14.04# ./radperf -A1,5 -c 1 -p 100 -s -f test.csv 192.168.5.174:1812 auth mysecretkey
-A1,5 parametresi ile 1 saniye sonra CREATE accounting request 5 SANIYE sonra ise DELETE request gonderilmesini sagliyoruz.
-p paralel 100 gonderim yapildigini anlamina geliyor.
radperf - Performance testing tool for RADIUS systems.
Copyright (C) 2012 Network RADIUS SARL. All rights reserved.
Usage: radperf [options] server[:port] <command> [<secret>]
<command> One of auth, acct, status, coa, or disconnect.
-a type Use authentication method <type> (pap, chap, none)
-A d,l After Access-Accept, send accounting packets.
-c count Send each packet 'count' times.
-d raddb Set dictionary directory.
-D file Print packet statistics to file
-f file Read packets from file, not stdin.
-F Update Framed-IP-Address, too.
-n num Send a maximum of 'num' packets per second
-p num Send a maximum of 'num' packets in parallel.
-q Do not print anything out.
-r retries If timeout, retry sending the packet 'retries' times.
-R realm Realm name to append to the User-Name
-s Print out summary information of auth results.
-S file read secret from file, not command line.
-t timeout Wait 'timeout' seconds before retrying (may be a floating point number).
-T template Use template file with every request
-u number Generate requests for 'number' users.
-v Show program version information.
-x Debugging mode.
-4 Use IPv4 address of server
-6 Use IPv6 address of server.
Showing posts with label freeradius. Show all posts
Showing posts with label freeradius. Show all posts
Thursday, March 31, 2016
NTRadPing 1.5 RADIUS Test Utility
| Posted: | 20 Aug 2004 |
| File Size: | 71KB |
| License: | Free |
| Download: | /coolsolutions/tools/downloads/ntradping.zip |
| Publisher: | Arndt Stajta |
NTRadPing is a useful tool for testing installations of your RADIUS servers. Through NTRadPing you can simulate authentication and accounting requests and send them to the RADIUS server making NTRadPing act as a NAS client.
Before you send the request to the server, you need to configure the server IP address, the RADIUS secret key stored in the server clients file, and a username.
All the other parameters are optional.
On accounting requests, the "Acct-Session-Id" attribute is also added automatically if you do not explicitly enter it in the request attribute list.
If you issue an accounting request, then the RADIUS attribute "Acct-Status-Type" is added automatically by NTRadPing depending on the type of accounting request you have chosen (start, stop or update).
In the lower left list box you can add as many RADIUS attributes as you like to your request. The list of available attributes and the relevant values in the two drop down boxes depend on the dictionary file RADDICT.DAT.
By checking the "CHAP" checkbox, you may force NTRadPing to issue authentication requests with a CHAP password instead of a default (PAP) password.
In the right list box you will get results about the RADIUS request, along with a complete dump of all the returned RADIUS attributes.
The parameters entered in the main window are preserved even after closing the application (they are stored in the registry).
Wednesday, March 30, 2016
freeradius installation, configuration and replication notlar
amac tek bir makinaya gelen radius trafigini birden fazla sayida makinaya cogullamak.
kullandigim modul:
mod-enabled/replicate
# Replicate packet(s) to a home server.
#
# This module will open a new socket for each packet, and "clone"
# the incoming packet to the destination realm (i.e. home server).
kurulum:
--
yum install libtalloc-devel openssl-devel gcc
mkdir -p /opt/freeradius
cd freeradius-server-3.0.11
./configure --prefix=/opt/freeradius
make
make install
files:
--
-/etc/raddb/sites-enabled/default bu dosyada authorize, preacct bolumlerine ekleme yaptim, loglarin detayli loglanmasi icin detail ifadelerini ekledim
-/etc/raddb/mods-enabled/detail bu dosyada detail loglarin yazilacagi lokasyonu degistirdim
-/etc/raddb/clients.conf bu dosyaya client ip ve secretkey bilgileri ile alakali duzenleme yaptim
-/etc/raddb/proxy.conf bu dosyaya realm, home server ve home server pool tanimlari ekledim
-/etc/raddb/radiusd.conf bu dosyada ssl guvenlik uyarisini bypass etmek icin duzenleme yaptim
-/etc/raddb/users bu dosyaya manuel valid user ekledim
config:
--
add to authorize, preacct
update control {
&Replicate-To-Realm := server1
&Replicate-To-Realm += server2
&Replicate-To-Realm += server3
}
replicate
add to authorize, preacct /etc/raddb/sites-enabled/default:
update control {
&Replicate-To-Realm := server1
&Replicate-To-Realm += server2
}
replicate
--
add to: /etc/raddb/proxy.conf
client 0.0.0.0/0 {
secret = mysecretkey
require_message_authenticator=no
}
--
add to: /etc/raddb/proxy.conf
home_server remote_server_1 {
ipaddr = 192.168.5.171
port = 1812
type = auth+acct
secret = mysecretkey
}
home_server remote_server_2 {
ipaddr = 192.168.5.172
port = 1812
type = auth+acct
secret = mysecretkey
}
home_server remote_server_3 {
ipaddr = 192.168.5.173
port = 1812
type = auth+acct
secret = mysecretkey
}
home_server_pool remote_pool_1 {
type = fail-over
home_server = remote_server_1
}
home_server_pool remote_pool_2 {
type = fail-over
home_server = remote_server_2
}
home_server_pool remote_pool_3 {
type = fail-over
home_server = remote_server_3
}
realm server1 {
auth_pool = remote_pool_1
acct_pool = remote_pool_1
}
realm server2 {
auth_pool = remote_pool_2
acct_pool = remote_pool_2
}
realm server3 {
auth_pool = remote_pool_2
acct_pool = remote_pool_2
}
kullanici tanimlama:
--
add to: /etc/raddb/users
testuser Cleartext-Password := "password"
test:
$ for i in $(seq 1 100); do radtest testuser password 192.168.5.174 0 mysecretkey; done
kullandigim modul:
mod-enabled/replicate
# Replicate packet(s) to a home server.
#
# This module will open a new socket for each packet, and "clone"
# the incoming packet to the destination realm (i.e. home server).
kurulum:
--
yum install libtalloc-devel openssl-devel gcc
mkdir -p /opt/freeradius
cd freeradius-server-3.0.11
./configure --prefix=/opt/freeradius
make
make install
files:
--
-/etc/raddb/sites-enabled/default bu dosyada authorize, preacct bolumlerine ekleme yaptim, loglarin detayli loglanmasi icin detail ifadelerini ekledim
-/etc/raddb/mods-enabled/detail bu dosyada detail loglarin yazilacagi lokasyonu degistirdim
-/etc/raddb/clients.conf bu dosyaya client ip ve secretkey bilgileri ile alakali duzenleme yaptim
-/etc/raddb/proxy.conf bu dosyaya realm, home server ve home server pool tanimlari ekledim
-/etc/raddb/radiusd.conf bu dosyada ssl guvenlik uyarisini bypass etmek icin duzenleme yaptim
-/etc/raddb/users bu dosyaya manuel valid user ekledim
config:
--
add to authorize, preacct
update control {
&Replicate-To-Realm := server1
&Replicate-To-Realm += server2
&Replicate-To-Realm += server3
}
replicate
add to authorize, preacct /etc/raddb/sites-enabled/default:
update control {
&Replicate-To-Realm := server1
&Replicate-To-Realm += server2
}
replicate
--
add to: /etc/raddb/proxy.conf
client 0.0.0.0/0 {
secret = mysecretkey
require_message_authenticator=no
}
--
add to: /etc/raddb/proxy.conf
home_server remote_server_1 {
ipaddr = 192.168.5.171
port = 1812
type = auth+acct
secret = mysecretkey
}
home_server remote_server_2 {
ipaddr = 192.168.5.172
port = 1812
type = auth+acct
secret = mysecretkey
}
home_server remote_server_3 {
ipaddr = 192.168.5.173
port = 1812
type = auth+acct
secret = mysecretkey
}
home_server_pool remote_pool_1 {
type = fail-over
home_server = remote_server_1
}
home_server_pool remote_pool_2 {
type = fail-over
home_server = remote_server_2
}
home_server_pool remote_pool_3 {
type = fail-over
home_server = remote_server_3
}
realm server1 {
auth_pool = remote_pool_1
acct_pool = remote_pool_1
}
realm server2 {
auth_pool = remote_pool_2
acct_pool = remote_pool_2
}
realm server3 {
auth_pool = remote_pool_2
acct_pool = remote_pool_2
}
kullanici tanimlama:
--
add to: /etc/raddb/users
testuser Cleartext-Password := "password"
test:
$ for i in $(seq 1 100); do radtest testuser password 192.168.5.174 0 mysecretkey; done
Monday, January 19, 2015
freeradius: allow all external ip connections
Platform: FreeBSD 8.x
add to /usr/local/etc/raddb/clients.conf
client 0.0.0.0/0 {
secret = 12345
shortname = name
}
add to /usr/local/etc/raddb/clients.conf
client 0.0.0.0/0 {
secret = 12345
shortname = name
}
Subscribe to:
Posts (Atom)