Jacob Jarick wrote:
> Is it possible to encasuplate PAP inside another protocol say EAP to
> prevent from packet sniffers etc.

  Please stop worrying about how RADIUS works.  It's fine.

  Packet sniffers can't grab the PAP passwords.

> Failing that is it possible to asign vlans bases on ldap primary group
> via the ntlm_auth method.

  No.  ntlm_auth is just for authentication.  You have to configure the
server to do LDAP group lookups for per-group VLAN assignment.  See
messages on this list in the last week or so, which include examples.

  Alan DeKok.
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to