Most EAP protocols don't include the clear-text password. PAM requires the clear-text passowrd.
Sorry for bugging you again with this issue. I tried to authenticate against pam but it didn't work. How do I know if my EAP protocol sends clear-text passwords or not. I thought using tcpdump would show it, but I only saw the user name.
rad-access-req 135 [id 35] Attr[ User{testuser} Framed_mtu{1400} Called_station{0002.8a5b.462b} [|radius
Thanks! Andi
P.S Following the freeradius debugging messages
from my laptop with the Aironet Client Utility ###############################################
rad_recv: Access-Request packet from host 192.168.1.10:1645, id=23, length=135
User-Name = "testuser"
Framed-MTU = 1400
Called-Station-Id = "0002.8a5b.462b"
Calling-Station-Id = "000c.8555.2a04"
NAS-Port-Type = Wireless-802.11
Message-Authenticator = 0xc008fd6320dbb27e37008f48318f932b
EAP-Message = "\002\002\000\r\001testuser"
NAS-Port-Type = Virtual
NAS-Port = 65
Service-Type = Login-User
NAS-IP-Address = 192.168.1.10
NAS-Identifier = "ap"
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
modcall[authorize]: module "chap" returns noop
modcall[authorize]: module "mschap" returns notfound
rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched DEFAULT at 153
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type pam
auth: type "PAM"
modcall: entering group authenticate
rlm_pam: Attribute "User-Password" is required for authentication.
modcall[authenticate]: module "pam" returns invalid
modcall: group authenticate returns invalid
auth: Failed to validate the user.
from the server with radclient ##############################
rad_recv: Access-Request packet from host 192.168.1.1:32780, id=158, length=48
User-Name = "testuser"
User-Password = "mypassword"
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
modcall[authorize]: module "chap" returns noop
modcall[authorize]: module "mschap" returns notfound
rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched DEFAULT at 153
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type pam
auth: type "PAM"
modcall: entering group authenticate
pam_pass: using pamauth string <radiusd> for pam.conf lookup
pam_pass: authentication succeeded for <testuser>
modcall[authenticate]: module "pam" returns ok
modcall: group authenticate returns ok
Sending Access-Accept of id 158 to 192.168.1.1:32780
Service-Type = Login-User
Finished request 6
-- ------------------------------- Andreas Büchler Hochschule für Technik Lagerstrasse 45 CH-8004 Zürich ++41 1 298 26 04 [EMAIL PROTECTED] -------------------------------
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
