freeradius-1.1.1 + mschap + ldap with encrypted password

Phil Mayers p.mayers at
Wed Aug 2 16:40:47 CEST 2006

wekz wrote:

> The problem now is that I have to authenticate doing peap against an 
> ldap which has userpassword encrypted ( and is a point that I can't 
> change unless it is impossible to do ). 

Unless your password is encrypted as an NT or LM hash, it's impossible. 
If your "LDAP server" is an AD server, it's impossible.

> correct me if I'm wrong ).  My question is if there is anyway to make it 
> work configuring ntlm_auth ?

If you have a domain controller, you can indeed use ntlm_auth - merely 
install samba, configure it, join the domain and uncomment the ntlm_auth 
line in the "mschap" module, modifying the configuration (CAREFULLY!) if 
need be.

More information about the Freeradius-Users mailing list