From e33f839d7f387a78bcb0433d0fab523c0d7da5fb Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens@goauthentik.io>
Date: Sat, 24 May 2025 20:19:56 +0200
Subject: [PATCH] add basic testing readme

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---
 internal/outpost/radius/eap/README.md | 44 +++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)
 create mode 100644 internal/outpost/radius/eap/README.md

diff --git a/internal/outpost/radius/eap/README.md b/internal/outpost/radius/eap/README.md
new file mode 100644
index 0000000000..ec408fcafe
--- /dev/null
+++ b/internal/outpost/radius/eap/README.md
@@ -0,0 +1,44 @@
+# EAP protocol implementation
+
+Install `eapol_test` (`sudo apt install eapoltest`)
+
+Both PEAP and EAP-TLS require a minimal PKI setup. A CA, a certificate for the server and for EAP-TLS a client certificate need to be provided.
+
+Save either of the config files below and run eapoltest like so:
+
+```
+# peap.conf is the config file under the PEAP testing section
+# foo is the shared RADIUS secret
+# 1.2.3.4 is the IP of the RADIUS server
+eapol_test -c peap.conf -s foo -a 1.2.3.4
+```
+
+### PEAP testing
+
+```
+network={
+    ssid="DoesNotMatterForThisTest"
+    key_mgmt=WPA-EAP
+    eap=PEAP
+    identity="foo"
+    password="bar"
+    ca_cert="ca.pem"
+    phase2="eapauth=MSCHAPV2"
+}
+```
+
+### EAP-TLS testing
+
+```
+network={
+    ssid="DoesNotMatterForThisTest"
+    key_mgmt=WPA-EAP
+    eap=TLS
+    identity="foo"
+    ca_cert="ca.pem"
+    client_cert="cert_client.pem"
+    private_key="cert_client.key"
+    eapol_flags=3
+    eap_workaround=0
+}
+```