Authentication failure - PEAP - MS-CHAPv2

kissg mail.gery at
Tue Jun 9 23:02:48 CEST 2009

Dear List,

I'm having a strange issue with FreeRADIUS 2.1.4, using a configuration with
the following items:

- Cisco Aironet 1130AG access point
- Ubuntu-based server with FreeRADIUS and OpenLDAP
- Client machines (Windows XP SP2, Ubuntu 9.04)

The issue I have is, that I don't get a response from the client after the
server sends an Access-Challange packet. The certificates were made with the
bootstrap script of FreeRADIUS, so it already contains the OIDs required by

The AP is configured correctly, IP-address, port numbers and shared secret
are properly set up, I've already checked them.
Users are stored in an LDAP database and each user has a sambaNTPassword
attribute, which contains an NT-hashed password. LDAP-RADIUS attribute
mappings are properly set (NT-Password -> sambaNTPassword). The strange
thing is, that I can successfully authenticate using an EAP test tool
(eapol_test), no errors show up in the output. Using another AP with a
slightly different configuration (using smbpasswd instead of LDAP for
authorization) works, too.
I've also read, that XP SP2 is incompatible with third-party RADIUS-servers.
I decided to install SP3, but it did not help. What I can see, is an
Access-Challange message at the end of the debug output.

What can be wrong with my configuration? Can it be, that it's an
incompatibility issue between FreeRADIUS and the access point?

Thank you for your help in advance!

Best regards:
Gergely Kiss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeradius_config.tar.gz
Type: application/x-gzip
Size: 6595 bytes
Desc: not available
URL: <>

More information about the Freeradius-Users mailing list