Freeradius with EAP and LDAP

Sven Hartge sven at
Thu Dec 19 20:59:01 CET 2019

On 19.12.19 18:09, Juntunen, Jarkko wrote:

> Thanks for Your advice. We have run Freeradius in debug mode couple of
> hours and the problem seems to be ( at least in my opinion) missing of
> password in case of EAP authentication. And the problem is that I have no
> clue how to have Cleartext-password out of EAP-MSCHAP auth.

You don't get a cleartext password like with PAP from the NAS with *any*
CHAP authentication method.

That is the whole point of a Challange Handshake Authentication Protocol.

If you want to use MSCHAP, you *have* to have the password of the user
in the clear or as NT-Hash in your database.

There is no way around it. Please don't ask, how to make this use with
SHA passwords from LDAP.

It cannot be done.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Freeradius-Users mailing list