PAP with LDAP and PEAP/MSCHANPv2 with ntlm_auth

Alan DeKok aland at
Thu Jun 24 12:03:24 CEST 2010

Neil Prockter wrote:
> I have a working config for PAP with LDAP against AD and a working
> config for PEAP/MSCHANPv2 with ntlm_auth.
> I need the server to do both but when I combine the configs one thing or
> another breaks.

  And debug output says... ?

> Does anyone have such a setup working or know if it is possible/impossible.

  It's possible.

> Would it be simpler to use a virtual server for one or the other?

  There's already a two virtual servers: default, and inner-tunnel.  You
can use those.

  Step 1: start with default config
  Step 2: get LDAP to work with PAP
  Step 3: configure "ntlm_auth" for the MSCHAP module.

  After that, both will work.

  The *usual* cause of problems is that you're forcing Auth-Type.  Don't
do that.

  Alan DeKok.

More information about the Freeradius-Users mailing list