OpenLDAP and FreeRadius Auth

Herwin Weststrate herwin at
Tue Aug 12 10:58:39 CEST 2014

>> The supplicant is using TTLS with MS-CHAP inside of the TLS tunnel.
>> You edited the "inner-tunnel" virtual server, and deleted "mschap" from
>> it.  Put it back.
> I did have that in there but removed it trying to force it. I will
> change it back and play with it again tomorrow.

That still won't work, since the passwords are only available as MD5
hashes, which are incompatible with MSCHAPv2 (there is a nice overview
You have to change the settings of the client to use PAP as inner
authentication protocol instead of MSCHAPv2.

Herwin Weststrate

More information about the Freeradius-Users mailing list