No, CHAP, and MS-CHAP (the inner authentication method used with PEAP) require clear text passwords. Therefore, the shadow password file is not compatible with these methods. This bit me to start with.
so, there is no PAP for PEAP?
You could always try TTLS with SYSTEM as the inner authentication mechanism? Alan is a strong proponent of TTLS vs PEAP, and I have to say that in a purist sense, he's absolutely right. Unfortunately, the two largest players in the market have used (two incompatible versions of) PEAP :-(. This means that it is more trivial, particularly with Microsoft based clients, to use PEAP/MS-CHAPv2.
well, one thing is for sure: TTLS supports PAP as the inner authentication method.
ciao artur
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
