I'm trying to authenticate against a pam module and running into difficulty and humbly beg for assistance. I am, of course, looking to do pap/ttls, which I hear is the only way. To summarize: 1. radtest works fine with static cleartext AND pam users 2. eapol_test with static cleartext user is fine 3. eapol_test with pam user - not fine. "rlm_pam: Attribute "User-Password" is required for authentication." Here is my simple static pap user that works perfectly in my eapol_test: $ cat ttls-pap2.conf # # eapol_test -c ttls-pap.conf -s testing123 # network={ ssid="example" key_mgmt=WPA-EAP eap=TTLS identity="bob" # anonymous_identity="anonymous" password="hello" phase2="auth=PAP" # # Uncomment the following to perform server certificate validation. # ca_cert="/etc/raddb/certs/ca.der" } A radtest also works quite well. (radtest pam_username pam_password localhost 1814 radius_password) This all *seems* to imply the eap/pap/pam configuration is working fine. However, a eapol_test with SAME pam username/pass information as that radtest shows this: Found Auth-Type = PAM # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} rlm_pam: Attribute "User-Password" is required for authentication. When it should say something like it does for radtest: Found Auth-Type = PAM # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} pam_pass: using pamauth string <radiusd> for pam.conf lookup pam_pass: authentication succeeded for <daniel.schmidt> ++[pam] returns ok I don't get it. eapol_test seems to imply that the eap.conf config is correct, right? I do not know where to look next. Please forgive me if I have left out anything, I did not want to clutter with spurious config. Thanks. E-Mail to and from me, in connection with the transaction of public business, is subject to the Wyoming Public Records Act and may be disclosed to third parties.