PAP and NT-hashed password

Fajar A. Nugraha list at
Tue Dec 30 12:09:45 CET 2014

On Tue, Dec 30, 2014 at 4:46 PM, sb <superabx at> wrote:
> Hello!
> I'm trying to authenticate users from LDAP with FreeRadius by PAP protocol.
> Passwords are stored in LDAP in NT-hash. It's not my idea, I just have to do
> it.
> When I do
> radtest -t pap ....
> I see from freeradius -X:
> [pap] login attempt with password "n*******W"
> [pap] Using clear text password "1D******************************9B"

Did you assign the hash as cleartext-password?

> [pap] Passwords don't match

If yes, no wonder it doesn't work

> So the question is: how to force PAP to create NT-hash from the given
> password and compare hash and hash. but not the password and hash?

It should work out of the box:

That is, assuming you correctly assign the hash as NT-Password, and
not Cleartext-Password.


More information about the Freeradius-Users mailing list