PAM authentication not working

Jaap Winius jwinius at
Fri Feb 8 23:29:34 CET 2013

Quoting Alan DeKok <aland at>:

>   You can't use PAM and EAP-MD5 together.  It's impossible.

That sounds like important information! To turn off EAP, I commented  
out all of the lines related to EAP in  
/etc/freeradius/sites-enabled/default and in
/etc/freeradius/sites-enabled/inner-tunnel. Unfortunately, the result  
is still the same, but freeradius' debug output has changed  

rad_recv: Access-Request packet from host port 1028, id=0,  
	User-Name = "jwinius"
	NAS-IP-Address =
	Called-Station-Id = "0014bf72f676"
	Calling-Station-Id = "00110a81fb2b"
	NAS-Identifier = "0014bf72f676"
	NAS-Port = 17
	Framed-MTU = 1400
	NAS-Port-Type = Wireless-802.11
	EAP-Message = 0x0200000c016a77696e697573
	Message-Authenticator = 0x0695dc9b4d3f16a1fd94a9be695eb90d
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "jwinius", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[files] users: Matched entry DEFAULT at line 211
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.   
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = PAM
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
rlm_pam: Attribute "User-Password" is required for authentication.
++[pam] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] 	expand: %{User-Name} -> jwinius
  attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 0 to port 1028

Still no activity ion /var/log/auth.log.



More information about the Freeradius-Users mailing list