Quoting Alan DeKok <aland@deployingradius.com>:
No. You can't turn off EAP. The client is sending EAP to the server. You need to change the client. And likely you can't, because it *needs* to do EAP.
Indeed, the key_mgmt attribute in my wpa_supplicant.conf is set to WPA-EAP and it looks like that's my only option. But, if you're correct, then how is this supposed to work? You make it sound like a catch-22.
... freeradius' debug output has changed significantly:
Read it. If the messages aren't clear, I really don't know what to do.
AFAICT, the most pertinent message is: [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. However, it seems freeradius is not actually using the PAM modules, because nothing is showing up in /var/log/auth.log (I have yet to see it do that). Otherwise, I've checked that the Unix password for my account on the freeradius host is correct. Cheers, Jaap