rlm_pam not getting password?
Alan DeKok
aland at deployingradius.com
Tue Oct 22 01:47:43 CEST 2013
Daniel Schmidt wrote:
> To summarize:
> 1. radtest works fine with static cleartext AND pam users
> 2. eapol_test with static cleartext user is fine
> 3. eapol_test with pam user - not fine. "rlm_pam: Attribute
> "User-Password" is required for authentication."
Because you're forcing "Auth-Type = PAM", in the "default" virtual server.
> This all *seems* to imply the eap/pap/pam configuration is working fine.
No.
PAP does password authentication. The "default" virtual server
processes this.
EAP-TTLS does EAP authentication. The "default" virtual server
processes this. Notice there is NO PASSWORD.
Inside of EAP-TTLS, there's a password. This *inner* authentication
is processed in the "inner-tunnel" virtual server.
If you READ the debug output, you would see this.
You need to put the PAM authentication into the "inner-tunnel" virtual
server. In recent versions, read the top of
raddb/sites-available/inner-tunnel. It describes how to test the
inner-tunnel authentication methods.
Alan DeKok.
More information about the Freeradius-Users
mailing list