On 05/29/2012 10:28 PM, Steve Hopps wrote:
So I'm confused, what's the right way to handle this situation?
What situation? What are you trying to do? Alan has already hinted at the issue, but basically see here: http://deployingradius.com/documents/protocols/oracles.html ...and here: http://deployingradius.com/documents/protocols/compatibility.html Whatever protocol you are running within TTLS, it's not PAP therefore not compatible with PAM-as-an-oracle. rlm_pam: Attribute "User-Password" is required for authentication. ++[pam] returns invalid PAM is being forced (I think) here: [files] users: Matched entry DEFAULT at line 222 ...fix that line. Don't force PAM if you don't want or need it, and if you want/need it, pick compatible authentication. The Proxy-To-Realm comments in the default config files might be out of date; in general, obey what the debug says over ANY other advice, because it's coming from the actual code.