question regarding PEAP/MSCHAPv2 (ERROR: FAILED: No NT/LM-Password. Cannot perform authentication)

Matthew Newton mcn4 at
Fri Oct 30 14:02:18 CET 2015

On Fri, Oct 30, 2015 at 01:54:31PM +0100, Thomas Stather wrote:
> password_attribute to "sambaNTPassword" but the error is still the same.

"password_attribute" was not a literal.

> As we have the hashes in our LDAP it seems that i have to switch to
> "ntlm_auth" module as described in:

No you don't; David was right.

In the update {} section in mods-enabled/ldap, look at the

#               control:NT-Password             := 'ntPassword'

line and add instead:

               control:NT-Password             := 'sambaNTPassword'
               control:LM-Password             := 'sambaLMPassword'

then it should work.

You can do this with LDAP and Samba. ntlm_auth will also work. You
can't do LDAP with real AD.


Matthew Newton, Ph.D. <mcn4 at>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at>

More information about the Freeradius-Users mailing list