Hi,
> And forces (even if I encountered several times that may not be done like
> that) in the users conf :
> testuser Auth-Type := PAP, User-Password == "testpass"
> and also tested EAP,
Don't. FreeRadius typically treats EAP-Requests as _two_ requests. It handles
the EAP stuff
and then generates a new request for the stuff that's contained in the tunnel
(e.g. PAP) and
sends that to itself. So, if you force Auth-Type to either EAP or PAP
unconditionally, either
the "inner" (PAP) or the outer (EAP) protocol cannot be handled.
> and not specifying the Auth-Type (which then fallback to the System
> module and obviously fail)
Now, that's a problem...
> Without Auth-Type :
>
> rad_check_password: Found Auth-Type System
> auth: type "System"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 5
> rlm_unix: [testuser]: invalid password
Apparently, it can't find a password (cleartext or uncrypted) for the user, so
it falls
back to Auth-Type System. Try to get PAP authentication working by itself,
first, i.e.
just use radtest to send username/password combinations to the server and fix
their
handling. Once that works, EAP-TTLS with PAP should work as well.
HTH,
Stefan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
