PAM authentication not working
Jaap Winius
jwinius at umrk.nl
Sun Feb 10 03:18:57 CET 2013
Quoting Phil Mayers <p.mayers at imperial.ac.uk>:
> Your client is doing EAP-TTLS/EAP-MD5.
>
> You have two choices:
>
> 1. Reconfigure the client to do EAP-TTLS/PAP, which PAM will be
> able to authenticate
> 2. Stop using PAM, and provide the server with the client
> credentials in a form compatible with your EAP-type (see 1st URL
> above)
Choice #1 seemed worth a shot, so I altered my client's
wpa_supplicant.conf by adding one extra line -- a 'phase2' attribute
for PAP:
network={
ssid="mynet"
scan_ssid=1
key_mgmt=WPA-EAP
pairwise=CCMP TKIP
group=CCMP TKIP
eap=TTLS
identity="jwinius"
password="secret"
ca_cert="/etc/certs/ca.pem"
phase2="auth=PAP"
}
This configuration, together with the freeradius configuration already
described in my first post in this thread, worked immediately. :-)
Thank you very much, Phil Mayers, and thanks also to Alan DeKok.
Cheers,
Jaap
More information about the Freeradius-Users
mailing list