more EAP/TTLS trouble

Phil Mayers p.mayers at
Wed May 30 09:38:20 CEST 2012

On 05/29/2012 10:28 PM, Steve Hopps wrote:

> So I'm confused, what's the right way to handle this situation?

What situation?

What are you trying to do?

Alan has already hinted at the issue, but basically see here:

...and here:

Whatever protocol you are running within TTLS, it's not PAP therefore 
not compatible with PAM-as-an-oracle.

rlm_pam: Attribute "User-Password" is required for authentication.
++[pam] returns invalid

PAM is being forced (I think) here:

[files] users: Matched entry DEFAULT at line 222

...fix that line. Don't force PAM if you don't want or need it, and if 
you want/need it, pick compatible authentication.

The Proxy-To-Realm comments in the default config files might be out of 
date; in general, obey what the debug says over ANY other advice, 
because it's coming from the actual code.

More information about the Freeradius-Users mailing list