Freeradius with LDAP, PEAP MSCHAPv2

Alan DeKok aland at deployingradius.com
Thu Mar 29 13:58:40 CEST 2018


On Mar 29, 2018, at 3:51 AM, Robert Plestenjak <robert.plestenjak at xlab.si> wrote:
> 
> In LDAP I have LM hashed passwords (LM-Password) and radtest with PAP auth metod is successful, but when I switch to MSCHAP it fails.
> 
> So the problem is probably that clients (radtest, ...) sends NTLM hashes (NT-Password)?

  Yes.

  You should NEVER us LM hashes for ANYTHING.  They were insecure, and deprecated 20 years ago.

  Delete all LM hashes from your database, and you will be better off.

  Alan DeKok.




More information about the Freeradius-Users mailing list