FreeRadius 2.0.5 AD PEAP

Phil Mayers p.mayers at
Thu Aug 21 10:31:59 CEST 2008

>>  Perhaps try it with a Cleartext-Password in the "users" file.  i.e.
>>*Without* using ntlm_auth.  That works for me, including with
>eapol_test, and TTLS/EAP-MSCHAPv2.
>Can you clarify this setup/change to test?  I was pretty sure I needed
>to use ntlm_auth to auth against AD to test mschapv2

Put a test user in the "users" file:

test	Cleartest-Password := "blah", MS-CHAP-Use-NTLM-Auth := 0

>>  If that still fails, then there's something wrong with the system
>that breaks the server in 2.0.5.
>Running Samba 3.2.0 on Fedora 9

Your problem is very odd. I'm using 2.0.5 on RHEL5 with ntlm_auth and 
it's working fine.

The only time I've seen eapol_test fail with "mismatch" is when I've 
failed to strip the DOMAIN\ or @DOMAIN.COM from usernames with realms 
and this has confused the key hashing - but your usernames are 

Perhaps the Samba version in F9 has problems? What OS and samba version 
is your (working) 1.1.7 server running?

>> FYI: Unknown network block for the CA_CERT with regards to the eapol 
>> test config file
>>  What does that mean?
>Within the config you provided to for eapol_test at the bottom is a
>ca_cert declaration that errors out when uncommented
>Anyone using FC9 with freeradius 2.0.5 against AD working that I can use
>to compare?
>Thanks much appreciated
>List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list