PAP with LDAP and PEAP/MSCHANPv2 with ntlm_auth

Alan DeKok aland at
Fri Jun 25 23:23:00 CEST 2010

Neil Prockter wrote:
> this is a config that works for PAP/LDAP but not PEAP/MSCHANPv2

  Change the version of Samba.  From eap.conf:

		#  If is still doesn't work, and you're using Samba,
		#  you may be encountering a Samba bug.  See:
		#  Note that we do not necessarily agree with their
		#  explanation... but the fix does appear to work.
  Note that this problem *never* appears if the Cleartext-Password is
available to FreeRADIUS.  It *only* happens when Samba is being used.

  Try this for yourself.  Configure a Cleartext-Password in the "users"
file for a test user, and disable ntlm_auth.  If PEAP/MSCHAPv2 works,
then the problem is Samba, not FreeRADIUS.

  Alan DeKok.

More information about the Freeradius-Users mailing list