PAP with LDAP and PEAP/MSCHANPv2 with ntlm_auth

Neil Prockter n.prockter at
Mon Jun 28 17:57:58 CEST 2010

On 25/06/10 22:23, Alan DeKok wrote:
> Neil Prockter wrote:
>> this is a config that works for PAP/LDAP but not PEAP/MSCHANPv2
>   Change the version of Samba.  From eap.conf:
> 		#  If is still doesn't work, and you're using Samba,
> 		#  you may be encountering a Samba bug.  See:
> 		#
> 		#
> 		#
> 		#  Note that we do not necessarily agree with their
> 		#  explanation... but the fix does appear to work.
> 		#
>   Note that this problem *never* appears if the Cleartext-Password is
> available to FreeRADIUS.  It *only* happens when Samba is being used.
>   Try this for yourself.  Configure a Cleartext-Password in the "users"
> file for a test user, and disable ntlm_auth.  If PEAP/MSCHAPv2 works,
> then the problem is Samba, not FreeRADIUS.
Cleartext-Password worked.

I had started on 3.4.7 which I'd hoped was free of the issue. I tried
downgrading to samba-3.2.15 that didn't help then I tried samba-3.0.37
that did so I'll try sticking with that for a while.

Thank you.


Please access the attached hyperlink for an important electronic communications disclaimer:

More information about the Freeradius-Users mailing list