mschap: ERROR: FAILED: No NT/LM-Password. Cannot perform authentication

Matthew Newton mcn4 at
Thu Oct 8 17:14:39 CEST 2015

On Thu, Oct 08, 2015 at 04:55:35PM +0200, Torsten Wilms wrote:
> If i try to login via "radtest -x test testpwd 0 testing123"
> on the linux console, everything is working via ldap. If i try this over the
> 802.1X AccessPoint, it doesn't work. 

This is impossible with PEAP/EAP-MSCHAPv2. AD won't give you
either the Cleartext-Password or the NT hash.

> I think that everything goes wrong with encrypt/decrypt the Domain User
> password or no User-Password is given after eap or something else. I tried a
> lot of stuff, but nothing works.

Forget trying to do LDAP to AD for auth and install Samba.


Matthew Newton, Ph.D. <mcn4 at>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at>

More information about the Freeradius-Users mailing list