PEAP with LDAP as authentication source

Óscar Remírez de Ganuza Satrústegui oscarrdg at
Tue Aug 30 11:01:17 CEST 2016

Good morning,


On Mon, Aug 29, 2016 at 2:02 PM, Ana Gallardo Gómez <anaougu at>

> > I don't know if I can use PEAP with LDAP  as authentication source...
> >
> >   Yes, you can.  But you have to use LDAP as a *database*.  You cannot do
> > an LDAP bind.
> >
> Ok, I can't becouse my passwords are store in crypt...

In order to do MSCHAPv2 auth, you must store your passwords in LDAP as
Cleartext passwd or NTpassword. And get them to let freeradius create
mschapv2 hashes.
See [1].

Otherwise, you can use ntlm_auth/winbind to let freeradius authenticate
against a Windows Domain (samba/Active Directory).
See [2]



*Oscar Remírez de Ganuza Satrústegui*
IT Services
Universidad de Navarra
Tel. +34 948425600 x803130

More information about the Freeradius-Users mailing list