I'm trying to authenticate against a pam module and running into difficulty and humbly beg for assistance.  I am, of course, looking to do pap/ttls, which I hear is the only way.  

To summarize:
1.  radtest works fine with static cleartext AND pam users 
2.  eapol_test with static cleartext user is fine
3.  eapol_test with pam user - not fine.  "rlm_pam: Attribute "User-Password" is required for authentication."

Here is my simple static pap user that works perfectly in my eapol_test: 
$ cat ttls-pap2.conf 
#
#   eapol_test -c ttls-pap.conf -s testing123
#
network={
        ssid="example"
        key_mgmt=WPA-EAP
        eap=TTLS
        identity="bob"
        # anonymous_identity="anonymous"
        password="hello"
        phase2="auth=PAP"

#
#  Uncomment the following to perform server certificate validation.
# ca_cert="/etc/raddb/certs/ca.der"
}

A radtest also works quite well.  (radtest pam_username pam_password localhost 1814 radius_password)

This all *seems* to imply the eap/pap/pam configuration is working fine. 

However, a eapol_test with SAME pam username/pass information as that radtest shows this:
Found Auth-Type = PAM
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
rlm_pam: Attribute "User-Password" is required for authentication.

When it should say something like it does for radtest:
Found Auth-Type = PAM
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
pam_pass: using pamauth string <radiusd> for pam.conf lookup
pam_pass: authentication succeeded for <daniel.schmidt>
++[pam] returns ok

I don't get it.  eapol_test seems to imply that the eap.conf config is correct, right?  I do not know where to look next.  

Please forgive me if I have left out anything, I did not want to clutter with spurious config.  Thanks.
E-Mail to and from me, in connection with the transaction 
of public business, is subject to the Wyoming Public Records 
Act and may be disclosed to third parties.