Authentication Problem with PEAP and openldap

Alan DeKok aland at
Sun Jan 11 19:19:12 CET 2009

Michael Poser wrote:
> native wired xp 802.1X client with PEAP (mschapv2) tries to authenticate via
> freeradius against openldap with an md4 encoded utf-16e password hash. The
> authentication fails. If we use the hash instead of the clear-text password
> with the xp client, the authentication works fine. There must be some
> problems with the encryption of the password. How do we fix the problem? Any
> help is appreciated.

  You may have the NT hash of the password in the LDAP database, but
you're telling FreeRADIUS it's the clear-text password:
> rlm_ldap: performing search in ou=XXX,ou=XXX,o=XXX,dc=XXX,dc=de, with filter
> (uid=plisch01)
> rlm_ldap: Added password 4183... in check items

  You want to map this to the NT-Password attribute.

  Alan DeKok.

More information about the Freeradius-Users mailing list