Authentication failure - PEAP - MS-CHAPv2

Ivan Kalik tnt at
Wed Jun 10 01:00:45 CEST 2009

> I'm having a strange issue with FreeRADIUS 2.1.4, using a configuration
> with
> the following items:
> - Cisco Aironet 1130AG access point
> - Ubuntu-based server with FreeRADIUS and OpenLDAP
> - Client machines (Windows XP SP2, Ubuntu 9.04)
> The issue I have is, that I don't get a response from the client after the
> server sends an Access-Challange packet. The certificates were made with
> the
> bootstrap script of FreeRADIUS, so it already contains the OIDs required
> by
> Windows.
> The AP is configured correctly, IP-address, port numbers and shared secret
> are properly set up, I've already checked them.
> Users are stored in an LDAP database and each user has a sambaNTPassword
> attribute, which contains an NT-hashed password. LDAP-RADIUS attribute
> mappings are properly set (NT-Password -> sambaNTPassword). The strange
> thing is, that I can successfully authenticate using an EAP test tool
> (eapol_test), no errors show up in the output. Using another AP with a
> slightly different configuration (using smbpasswd instead of LDAP for
> authorization) works, too.
> I've also read, that XP SP2 is incompatible with third-party
> RADIUS-servers.
> I decided to install SP3, but it did not help. What I can see, is an
> Access-Challange message at the end of the debug output.
> What can be wrong with my configuration? Can it be, that it's an
> incompatibility issue between FreeRADIUS and the access point?

Post the debug.

Ivan Kalik
Kalik Informatika ISP

More information about the Freeradius-Users mailing list