freerradius 错误：pap: WARNING: No "known good" password found for the user

具体错误如下：

1) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(1)   authorize {
(1)     policy filter_username {
(1)       if (&User-Name) {
(1)       if (&User-Name)  -> TRUE
(1)       if (&User-Name)  {
(1)         if (&User-Name =~ / /) {
(1)         if (&User-Name =~ / /)  -> FALSE
(1)         if (&User-Name =~ /@[^@]*@/ ) {
(1)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(1)         if (&User-Name =~ /../ ) {
(1)         if (&User-Name =~ /../ )  -> FALSE
(1)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+).(.+)$/))  {
(1)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+).(.+)$/))   -> FALSE
(1)         if (&User-Name =~ /.$/)  {
(1)         if (&User-Name =~ /.$/)   -> FALSE
(1)         if (&User-Name =~ /@./)  {
(1)         if (&User-Name =~ /@./)   -> FALSE
(1)       } # if (&User-Name)  = notfound
(1)     } # policy filter_username = notfound
(1)     [preprocess] = ok
(1)     [chap] = noop
(1)     [mschap] = noop
(1)     [digest] = noop
(1) suffix: Checking for suffix after "@"
(1) suffix: Looking up realm "example.org" for User-Name = "user@example.org"
(1) suffix: No such realm "example.org"
(1)     [suffix] = noop
(1) eap: Peer sent EAP Response (code 2) ID 11 length 6
(1) eap: No EAP Start, assuming it's an on-going EAP conversation
(1)     [eap] = updated
(1)     [files] = noop
(1)     [expiration] = noop
(1)     [logintime] = noop
(1) pap: WARNING: No "known good" password found for the user.  Not setting Auth-Type
(1) pap: WARNING: Authentication will fail unless a "known good" password is available
(1)     [pap] = noop
(1)   } # authorize = updated
(1) Found Auth-Type = eap
(1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(1)   authenticate {
(1) eap: Expiring EAP session with state 0x230f5f1f230446d4
(1) eap: Finished EAP session with state 0x230f5f1f230446d4
(1) eap: Previous EAP request found for state 0x230f5f1f230446d4, released from the list
(1) eap: Peer sent packet with method EAP NAK (3)
(1) eap: Found mutually acceptable type TLS (13)
(1) eap: Calling submodule eap_tls to process data
(1) eap_tls: Initiating new EAP-TLS session
(1) eap_tls: Setting verify mode to require certificate from client
(1) eap_tls: [eaptls start] = request
(1) eap: Sending EAP Request (code 1) ID 12 length 6
(1) eap: EAP session adding &reply:State = 0x230f5f1f220352d4
(1)     [eap] = handled
(1)   } # authenticate = handled
(1) Using Post-Auth-Type Challenge
(1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(1)   Challenge { ... } # empty sub-section is ignored
(1) Sent Access-Challenge Id 228 from 192.168.1.122:1812 to 192.168.1.126:60730 length 0
(1)   EAP-Message = 0x010c00060d20
(1)   Message-Authenticator = 0x00000000000000000000000000000000
(1)   State = 0x230f5f1f220352d482ebe8efe238f6fe
(1) Finished request

错误的原因：

users 配置文件中缺少 对应 的用户名和密码。

解决方法：

在 /usr/local/etc/raddb/users 配置文件中添加 client端用于登录的用户名和密码即可。

#########################################################

# You should add test accounts to the TOP of this file!　　　　　　 #

# See the example user "bob" above.                    　　　　　　　　 #

#########################################################

user@example.org Cleartext-Password := 123456