freeradius sql MD5-Password pap fails

Brian Candler b.candler at
Thu Sep 29 16:15:37 CEST 2016

On 29/09/2016 12:32, Jan-Christoph Fuchs wrote:
> No I have changed the Database table radcheck to store MD5-Password. 
> Tests with radtest works, but livetest will be rejected.
> I really dont know much about protocolls (pap, chap, eap and so on) 
> Debigging freeradius told me that radtest uses pap

You can use "radtest -t mschap ...." to check with MSCHAP authentication.

 > [eap] processing type mschapv2

It looks like your wireless clients are using PEAPv0, which is a TLS 
tunnel on the outside and MSCHAP on the inside. This is the "normal" way 
of doing wireless authenticate.

However, you cannot authenticate MSCHAP with an MD5-hashed password. You 
need either the cleartext password, or the NT LAN Manager password hash.

More information about the Freeradius-Users mailing list