"[pap] WARNING! No "known good" password found..." (was: Re: "WARNING: !! EAP session for state ... did not finish!", And Other Warnings)

Jim Seymour jseymour at LinxNet.com
Fri Oct 2 18:37:53 CEST 2015

(Splitting this one off into a re-titled sub-tread...)

On Fri, 2 Oct 2015 17:24:29 +0100
Matthew Newton <mcn4 at leicester.ac.uk> wrote:

> On Fri, Oct 02, 2015 at 04:16:10PM +0000, A.L.M.Buxey at lboro.ac.uk
> wrote:
> > >     [pap] WARNING! No "known good" password found for the user.
> > >           Authentication may fail because of this .
> > 
> > if calling pap module, the server cant find what it needs in any of
> > your authentication stores to satisfy requirements.  you need to
> > see who that was...
> ...but if doing, say, peap/mschapv2, then there won't be a
> cleartext password and so this can be ignored.

PEAP/MS-CHAPv2 is what we're doing, but here's the thing: Years ago I
used to write a fair bit of code.  I learned *the hard way* not to
blithely disregard "warning:"s.  So when I see them, I want to know
what they're about.  I want to make them Go Away if I can.

Since we're not using PAP, can I simply comment-out the calls to it in
default and inner-tunnel?

Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.

More information about the Freeradius-Users mailing list