PAM authentication not working

Jaap Winius jwinius at umrk.nl
Sun Feb 10 03:18:57 CET 2013


Quoting Phil Mayers <p.mayers at imperial.ac.uk>:

> Your client is doing EAP-TTLS/EAP-MD5.
>
> You have two choices:
>
>  1. Reconfigure the client to do EAP-TTLS/PAP, which PAM will be  
> able to authenticate
>  2. Stop using PAM, and provide the server with the client  
> credentials in a form compatible with your EAP-type (see 1st URL  
> above)

Choice #1 seemed worth a shot, so I altered my client's  
wpa_supplicant.conf by adding one extra line -- a 'phase2' attribute  
for PAP:

   network={
         ssid="mynet"
         scan_ssid=1
         key_mgmt=WPA-EAP
         pairwise=CCMP TKIP
         group=CCMP TKIP
         eap=TTLS
         identity="jwinius"
         password="secret"
         ca_cert="/etc/certs/ca.pem"
         phase2="auth=PAP"
   }

This configuration, together with the freeradius configuration already  
described in my first post in this thread, worked immediately. :-)

Thank you very much, Phil Mayers, and thanks also to Alan DeKok.

Cheers,

Jaap


More information about the Freeradius-Users mailing list