Freeradius3 with PEAP and LDAP

Carsten Schulze carsten.schulze at
Wed Aug 29 07:22:23 CEST 2018

Hi Alan,

thanks for your help again. I used the v3 default config with one 
exception, the default inner-tunnel.

I added the ldap provider to it and changed the modules/eap back to 
point on that -> success.


Am 28.08.2018 um 13:55 schrieb Alan DeKok:
> On Aug 28, 2018, at 4:11 AM, Carsten Schulze <carsten.schulze at> wrote:
>> I try to convert our freeradius2 setup to a new freeradius3 configuration.
>    It's better to start with the default v3 configuration, and then gradually add pieces from the v2 config.  That way it starts off as working.  And, you can tell when it breaks, and what change broke it.
>> A setup with TTLS  + PAP is working, but when I switch to PEAP I'll get the following output.
>> Any idea, or a howto with a LDAP-Provider with NT-Hashes?
>    The problem isn't LDAP or NT hashes.
>> radiusd: FreeRADIUS Version 3.0.12, for host x86_64-pc-linux-gnu, built on Aug 10 2017 at 07:05:06
>> ...
>> (10) pap: Normalizing NT-Password from hex encoding, 32 bytes -> 16 bytes
>> (10) pap: No User-Password attribute in the request.  Cannot do PAP
>> (10)       [pap] = noop
>> (10)     } # authorize = updated
>> (10)   ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject
>    For one, you didn't post the *full* debug output as suggested here:
>    That would have let us know exactly what was going on.
>    Without that, my best guess is that you deleted the "eap" module from the "inner-tunnel" virtual server.  Add it back (as per the default config), and it should work.
>    Alan DeKok.
> -
> List info/subscribe/unsubscribe? See

Mit freundlichen Grüßen
Dipl. Inform. (FH) Carsten Schulze
Medien- und Informationszentrum (MIZ)
Leuphana Universität Lüneburg
Universitätsallee 1, C7.206
21335 Lüneburg
Fon 04131.677-1241
Fax 04131.677-1246

More information about the Freeradius-Users mailing list