PAM authentication not working

Jaap Winius jwinius at umrk.nl
Sat Feb 9 00:42:54 CET 2013


Quoting Alan DeKok <aland at deployingradius.com>:

> No.  You can't turn off EAP.  The client is sending EAP to the server.
> You need to change the client.  And likely you can't, because it
> *needs* to do EAP.

Indeed, the key_mgmt attribute in my wpa_supplicant.conf is set to  
WPA-EAP and it looks like that's my only option. But, if you're  
correct, then how is this supposed to work? You make it sound like a  
catch-22.

>> ... freeradius' debug output has changed significantly:
>
> Read it. If the messages aren't clear, I really don't know what to do.

AFAICT, the most pertinent message is:

   [pap] WARNING! No "known good" password found for the user.
        Authentication may fail because of this.

However, it seems freeradius is not actually using the PAM modules,  
because nothing is showing up in /var/log/auth.log (I have yet to see  
it do that). Otherwise, I've checked that the Unix password for my  
account on the freeradius host is correct.

Cheers,

Jaap


More information about the Freeradius-Users mailing list