"[pap] WARNING! No "known good" password found..." (was: Re: "WARNING: !! EAP session for state ... did not finish!", And Other Warnings)
jseymour at LinxNet.com
Fri Oct 2 18:37:53 CEST 2015
(Splitting this one off into a re-titled sub-tread...)
On Fri, 2 Oct 2015 17:24:29 +0100
Matthew Newton <mcn4 at leicester.ac.uk> wrote:
> On Fri, Oct 02, 2015 at 04:16:10PM +0000, A.L.M.Buxey at lboro.ac.uk
> > > [pap] WARNING! No "known good" password found for the user.
> > > Authentication may fail because of this .
> > if calling pap module, the server cant find what it needs in any of
> > your authentication stores to satisfy requirements. you need to
> > see who that was...
> ...but if doing, say, peap/mschapv2, then there won't be a
> cleartext password and so this can be ignored.
PEAP/MS-CHAPv2 is what we're doing, but here's the thing: Years ago I
used to write a fair bit of code. I learned *the hard way* not to
blithely disregard "warning:"s. So when I see them, I want to know
what they're about. I want to make them Go Away if I can.
Since we're not using PAP, can I simply comment-out the calls to it in
default and inner-tunnel?
Note: My mail server employs *very* aggressive anti-spam
filtering. If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.
More information about the Freeradius-Users