more EAP/TTLS trouble
Phil Mayers
p.mayers at imperial.ac.uk
Wed May 30 09:38:20 CEST 2012
On 05/29/2012 10:28 PM, Steve Hopps wrote:
> So I'm confused, what's the right way to handle this situation?
What situation?
What are you trying to do?
Alan has already hinted at the issue, but basically see here:
http://deployingradius.com/documents/protocols/oracles.html
...and here:
http://deployingradius.com/documents/protocols/compatibility.html
Whatever protocol you are running within TTLS, it's not PAP therefore
not compatible with PAM-as-an-oracle.
rlm_pam: Attribute "User-Password" is required for authentication.
++[pam] returns invalid
PAM is being forced (I think) here:
[files] users: Matched entry DEFAULT at line 222
...fix that line. Don't force PAM if you don't want or need it, and if
you want/need it, pick compatible authentication.
The Proxy-To-Realm comments in the default config files might be out of
date; in general, obey what the debug says over ANY other advice,
because it's coming from the actual code.
More information about the Freeradius-Users
mailing list