sorry for spamming, i just want to understand *OpenLDAP knows the clear text password:* [ldap] userPassword -> Cleartext-Password == "test " [ldap] userPassword -> NT-Password == 0x7465737420 *=> supposed to be the hash password* [ldap] looking for reply items in directory... [ldap] user bernard authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} *Is the inner tunnel part of the MSCHAPv2 is failing because it doesn't kwow the way of dealing with the password supplied ?* *Adding into ldap.attrmap the userPassword -> NT-Password is enough to produce a correct NT hash password? *[mschap] Invalid NT-Password * * [mschap] Told to do MS-CHAPv2 for bernard with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject [eap] Freeing handler ++[eap] returns reject Failed to authenticate the user. } # server inner-tunnel [peap] Got tunneled reply code 3 MS-CHAP-Error = "\nE=691 R=1" EAP-Message = 0x040a0004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Got tunneled reply RADIUS code 3 MS-CHAP-Error = "\nE=691 R=1" EAP-Message = 0x040a0004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Tunneled authentication was rejected. [peap] FAILURE