Hi,
And forces (even if I encountered several times that may not be done like that) in the users conf : testuser Auth-Type := PAP, User-Password == "testpass" and also tested EAP,
Don't. FreeRadius typically treats EAP-Requests as _two_ requests. It handles the EAP stuff and then generates a new request for the stuff that's contained in the tunnel (e.g. PAP) and sends that to itself. So, if you force Auth-Type to either EAP or PAP unconditionally, either the "inner" (PAP) or the outer (EAP) protocol cannot be handled.
and not specifying the Auth-Type (which then fallback to the System module and obviously fail)
Now, that's a problem...
Without Auth-Type :
rad_check_password: Found Auth-Type System auth: type "System" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_unix: [testuser]: invalid password
Apparently, it can't find a password (cleartext or uncrypted) for the user, so it falls back to Auth-Type System. Try to get PAP authentication working by itself, first, i.e. just use radtest to send username/password combinations to the server and fix their handling. Once that works, EAP-TTLS with PAP should work as well. HTH, Stefan