freeradius + peap + ldap

Yuri Francalacci yuri.francalacci at
Mon Oct 10 19:33:17 CEST 2005

I have this environment: WinXP PEAP wireless client + linksys AP +
freeradius 1.0.5 + openldap (with kerberos password) and I would like to
setup the 802.1x peap authentication. Everything works well if I use users
file for authenticating wireless client, but if I use ldap users, clients
are not authenticated. My password attribute is UserPassword
The error is (I suppose) here:
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 6
rlm_mschap: Told to do MS-CHAPv2 for yuri with NT-Password
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 6
modcall: group Auth-Type returns reject for request 6

Does anyone has a working configuration that looks like (more or less) mine?

--- radiusd.conf ------ > mschap section
mschap {
authtype = MS-CHAP
use_mppe = no
# require_encryption = yes
# require_strong = yes
with_ntdomain_hack = no

Thanks, Yuri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list