pap/peap confusion

Phil Mayers p.mayers at
Wed Feb 14 22:41:58 CET 2007

Matt Ashfield wrote:
> I'm pouring through the alphabet soup of all of this and have a few
> questions that keep popping up.
> During a pap conversation, the radius server ends up with the
> username/password passed to it from the client. It then encrypts the
> password to match the encryption of the stored password in ldap (or other
> directory) and tries a bind. Correct?


> During a PEAP conversation, the radius server also would end-up with a
> username/password received from the client (either via clear-text or via the
> mschap conversation). Why can it not then encrypt the password just like PAP
> did? Does it do the comparison to LDAP stored passwords via MSCHAP as well?

No, miles off.

During a PEAP/MS-CHAP conversation, the server ends up with:

challenge == random bytes
response  == HASH(challenge, HASH(password))

If the server has any of:

  * the plaintext password
  * HASH(password) i.e. the NT or LM hashes
  * access to a domain controller which has the NT/LM hashes can check the challenge and response match and that the client is 
who they say they are.

More information about the Freeradius-Users mailing list