adding mschap to an existing ttls/pap setup

Alan DeKok aland at
Fri Apr 13 08:50:02 CEST 2012

Brian Gold wrote:
> Ok, new pastebin:
> I've confirmed that I don't have "Auth-Type := LDAP" anywhere in my configuration.

  Did you try checking the "set_auth_type" entry in the ldap module
config, as suggested in another post?

> The sambaNTPassword hash was incorrect. We can't
> use smbpasswd since we don't actually have a full samba setup at this time,

  This is a bad answer.  *Nothing* prevents you from using the program.

  FreeRADIUS ships with a "smbencrypt" program.  Go look for it.

> just a normal openldap server which happens to have the
> samba schema so we can use sambaNTPassword. We will probably be moving to a full samba at some point, but not just yet. I've
> manually corrected the NT hash and confirmed that it works via radtest, but I'm still apparently getting rejected. Any help would be
> appreciated. If there is more information I can give, just let me know.

  Try reading the debug output you posted.  It says "Access-Accept".  So
it works.  Why are you saying the user is rejected?

  This is a free help list.  Very little is *more* irritating than
people who can't be bothered to help themselves.

  The whole point of the debug output is for YOU TO READ IT.

  Alan DeKok.

More information about the Freeradius-Users mailing list