Samba NT & LM hashes with PEAP

Alan DeKok aland at
Tue Jun 24 09:23:29 CEST 2008

Juraj Hrubša wrote:
> I want to use an existing LDAP database for authentication of WIFI users
> using EAP-PEAP. I am already using LDAP as a backend for samba, so I
> have NT and LM hashes stored. The problem is I am still getting errors:
>   rlm_mschap: Found LM-Password
>   rlm_mschap: Found NT-Password
>   rlm_mschap: Told to do MS-CHAPv2 for lolo with NT-Password
>   rlm_mschap: FAILED: MS-CHAP2-Response is incorrect

  That's pretty definitive.

>                 #  Note that NT-Passwords MUST be stored as a 32-digit hex
>                 #  string, and MUST start off with "0x", such as:
>                 #
>                 #       0x000102030405060708090a0b0c0d0e0f

  You're running an old version of the server.  You should upgrade.
That requirement is gone in newer versions of the server.

  Alan DeKok.

More information about the Freeradius-Users mailing list