Freeradius as Authenticator

Alan DeKok aland at
Thu Aug 4 17:26:28 CEST 2005

Florian Prester <Florian.Prester at> wrote:
>     With MSCHAP we are using the NT-password ( I know it is not realy 
> crypted, but still better than cleartext!)

  That's a common misconception.

> Now, how can I use PAP authentication with EAP-TTLS?

  Tell the client to use it.  The server has NO control over whether
the client uses PAP or not.

>  Thu Aug  4 08:44:33 2005 : Debug:   rad_check_password:  Found 
> Auth-Type LDAP
>  Thu Aug  4 08:44:33 2005 : Debug: auth: type "LDAP"
>  Thu Aug  4 08:44:33 2005 : Debug:   ERROR: Unknown value specified for 
> Auth-Type.  Cannot
>      perform   requested action.

  Yeah, the LDAP module sets Auth-Type itself, and it can end up
causing problems.  The work-around is to set Auth-Type to PAP.  i.e.


  Alan DeKok.

More information about the Freeradius-Users mailing list