Troubleshooting ClearBox with Client Tool

Client Tool is a software RADIUS client which can be used to emulate a NAS for debugging. It uses RADIUS dictionary supplied with ClearBox Server and supports PAP, CHAP, MS-CHAP and MS-CHAP2 authentication.

You may use Client tool to test server availability and its configuration without the necessity to invoke real hardware equipment.

1. Input IP address of a RADIUS server you are going send packets to in the Server IP box (set 127.0.0.1 to send requests to the server installed on the same machine).
2. Type in the server port. Default values are 1812 for authentication packets and 1813 for accounting packets.
3. Type a secret shared by a client with a RADIUS server in the Shared secret box. It is required for accounting request packets and for authentication packets with PAP authentication method.
4. Input user name which will sent as 'User-Name' attribute in the request packet in the User name box.
5. Input user password in the Password box if it should be present in the request authentication packet.
6. Select authentication method in the Authentication list. It is ignored for accounting requests. If 'None' is selected, user's password is not included in the packet. If any other method is selected, password is put into appropriate RADIUS attribute.

Input Additional RADIUS Data

1. Select a RADIUS attribute you want to add to the request packet from the Attribute name list, then click Add. It will added to the list below.
2. If you want to remove an attribute from the list, select it and click Remove.
3. Select type of a request in the Request type list. If you want to send a nonstandard request, select 'User defined' from the list and enter request type number in the box near the list. Note that accounting requests should be sent to the RADIUS accounting port (default value is 1813).
4. Check Sign with Message-Authenticator box to include Message-Authenticator attribute in a request packet. Note that valid secret key should be set to use this attribute. Message-Authenticator is required to be present in a packet with EAP-Message attribute in it.

Every RADIUS attribute has a definite type of value it contains. Client Tool get information about this type from the RADIUS dictionary and displays an appropriate dialog to input data.

IP Addresses

Some RADIUS attributes, such as 'NAS-IP-Address', has a value containing some IP address. When you select such attribute and click Add, is shown prompting for an address.

Integer numbers

Some attributes, such as 'Service-Type' have values which are integer numbers. These numbers may be in a defined range and have names (as it is in case of 'Service-Type' attribute), then Enumerated value list is enabled in a displayed dialog. Also numbers can be input directly in the Simple value box.

String/Text Values

Some set of attributes contain text or byte strings (e.g., 'User-Name'). The difference between them is that textual attributes always contain human-readable strings while byte strings may contain any sequence of bytes and may not be interpreted by humans.

If our are inputting a simple string, select the Normal string option and input text. To input binary data, select the Hexadecimal string option and input a string in hexadecimal form (composed of 0-9 and a-f letters).

Date and Time

If an attribute (e.g. 'Event-Timestamp') has a value describing a date, this dialog is shown. The first box is intended to input date, and the second one - to input time.

When everything is set up, click Send. If a response is received, it is displayed in the Attributes in the response packet list, an error message is shown otherwise. Click Cancel to interrupt negotiations between client and server.

Select a necessary line in the Attributes in response packet and click Copy to copy it to clipboard.