adding mschap to an existing ttls/pap setup

Jan Weiher jan at
Thu Apr 12 18:01:34 CEST 2012

Am 12.04.2012 17:49, schrieb Brian Gold:
> We currently have an existing freeradius setup using eap-ttls/pap with an openldap backend. Up until now, our userPassword has
> always been SHA encoded. I've been working to add sambaNTPassword hashes so that we can use either eap-ttls/mschap or peap/mschap.
> I've got the nt hashes set, but I'm having some difficulty getting freeradius to successfully authenticate. 
> Output from "radtest -t mschap username password localhost 0 secret":
> output from "radtest -t pap username password localhost 0 secret":
> -
> List info/subscribe/unsubscribe? See


I think I had a similar problem and fixed it by setting set_auth_type =
no in modules/ldap. But I'm not sure if this is the only thing I changed...

all the best,

More information about the Freeradius-Users mailing list