LDAP-FreeRadius-Cisco Switch-802.1x Fails.

Wassim Zaarour wassim.zaarour at navlink.com
Fri Apr 20 09:22:30 CEST 2012

On 4/20/12 10:15 AM, "Fajar A. Nugraha" <list at fajar.net> wrote:

>On Fri, Apr 20, 2012 at 2:09 PM, Wassim Zaarour
><wassim.zaarour at navlink.com> wrote:
>> Hi Alan,
>> I went through the archives and did some changes but still getting the
>> error, appreciate of you can help me a bit here.
>> I think I read that the ldap request must be proxied to the inner
>>tunnel for
>> it work, is that true? How can we do that?
>Short version: you won't be able to get PEAP-MSCHAPv2 (i.e. what
>windows use) to work with your LDAP. Period.
>Long version:
>MSCHAPv2 (which also means PEAP-MSCHAPv2) needs either:
>- Cleartext-Password or NT-Hash available (in LDAP, sql, users file
>whatever), OR
>- an active directory
>If you don't have either, then it won't work.

Hi Farja,

Passwords are stored as clear text in my LDAP, that should make MSCHAPv2
work right?


More information about the Freeradius-Users mailing list