PEAP authentication with freerad ?

Michael Griego mgriego at
Tue Jun 6 16:22:32 CEST 2006

I assume by PEAP, you mean the most-often-seen PEAP/EAP-MSCHAPv2.  In  
this case, MD5 is not involved anywhere.  The passwords are hashed  
differently.  As such, you must either have an NT hashed password  
(which is actually a unicode-encoded MD4 hash of the password) or a  
cleartext password in your directory.


On Jun 6, 2006, at 3:36 AM, thomas hahusseau wrote:

> Hello,
> I would like to use PEAP to perfome authentication of wlan users ,  
> I choose PEAP because Users and Passwords are in an LDAP Server  
> (OPEN-LDAP). According to me PEAP works like this :
> Phase 1 :: TLS handshake the server authenticate to the client as a  
> trusted radius serveur and a cipher tunel is created.
> Phase 2 :: Login + Password + Domain hashed with MD5 are send to  
> the Radius Server which ask LDAP server for password and login.
> acording to the doc file :  realm_eap , freeradius supports only  
> eap-tls (authentication based only on certificates (client +  
> server ) lead and eap-MD5 ( according to me even if PEAP use MD5  
> hash , the EAP-MD5 is different with no mutual autenthication and  
> no TLS handshake )
> I dont want to use a full certifcate based solution like EAP-TLS or  
> a authentification with no ciphered tunel like with EAP-MD5
> Anyone could help me for using PEAP (or at least authentication  
> with the two phases described upper) with freeradius ?
> thank you.
> Ps : sorry for english mistakes :)
> -
> List info/subscribe/unsubscribe? See 
> users.html

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6184 bytes
Desc: not available
URL: <>

More information about the Freeradius-Users mailing list