EAP PEAP issues

Alan DeKok aland at deployingradius.com
Fri Mar 17 12:56:10 UTC 2023

On Mar 16, 2023, at 6:17 PM, Matt H <meh1963 at gmail.com> wrote:
> This command (local user in ..users) works great:
> radtest -t mschap bob hello 0 testing123
> Comes right back with 'hello bob' as it should.   So presumably mschap is
> working at some level, and Windows connects to it without much fuss and
> bother.

  That's good...

> This command doesn't:
> radtest -t mschap farhadtest Rambo5201 0 testing123
> It tries to auth against ldap,

  LDAP doesn't do MS-CHAP.


> is *not* working from the CLI, and Windows
> can't connect (obviously).   Is mschap even working?  It looks like it is,
> but something else is misconfigured that's blocking external auth.

  You can't use LDAP to do MS-CHAP authentication to Active Directory.  It's impossible.

  You must use Samba and ntlm_auth.  See mods-available/ntlm_auth for documentation.

  Alan DeKok.

More information about the Freeradius-Users mailing list