rlm_pam not getting password?

Daniel Schmidt daniel.schmidt at wyo.gov
Tue Oct 22 01:26:58 CEST 2013 

I'm trying to authenticate against a pam module and running into difficulty
and humbly beg for assistance.  I am, of course, looking to do pap/ttls,
which I hear is the only way.

To summarize:
1.  radtest works fine with static cleartext AND pam users
2.  eapol_test with static cleartext user is fine
3.  eapol_test with pam user - not fine.  "rlm_pam: Attribute
"User-Password" is required for authentication."

Here is my simple static pap user that works perfectly in my eapol_test:
$ cat ttls-pap2.conf
#
#   eapol_test -c ttls-pap.conf -s testing123
#
network={
        ssid="example"
        key_mgmt=WPA-EAP
        eap=TTLS
        identity="bob"
        # anonymous_identity="anonymous"
        password="hello"
        phase2="auth=PAP"

#
#  Uncomment the following to perform server certificate validation.
# ca_cert="/etc/raddb/certs/ca.der"
}

A radtest also works quite well.  (radtest pam_username pam_password
localhost 1814 radius_password)

This all *seems* to imply the eap/pap/pam configuration is working fine.

However, a eapol_test with SAME pam username/pass information as that
radtest shows this:
Found Auth-Type = PAM
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
rlm_pam: Attribute "User-Password" is required for authentication.

When it should say something like it does for radtest:
Found Auth-Type = PAM
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
pam_pass: using pamauth string <radiusd> for pam.conf lookup
pam_pass: authentication succeeded for <daniel.schmidt>
++[pam] returns ok

I don't get it.  eapol_test seems to imply that the eap.conf config is
correct, right?  I do not know where to look next.

Please forgive me if I have left out anything, I did not want to clutter
with spurious config.  Thanks.


E-Mail to and from me, in connection with the transaction 
of public business, is subject to the Wyoming Public Records 
Act and may be disclosed to third parties.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20131021/e61c4630/attachment-0001.html>

More information about the Freeradius-Users mailing list