Jacob Jarick wrote:
> Is it possible to encasuplate PAP inside another protocol say EAP to
> prevent from packet sniffers etc.
Please stop worrying about how RADIUS works. It's fine.
Packet sniffers can't grab the PAP passwords.
> Failing that is it possible to asign vlans bases on ldap primary group
> via the ntlm_auth method.
No. ntlm_auth is just for authentication. You have to configure the
server to do LDAP group lookups for per-group VLAN assignment. See
messages on this list in the last week or so, which include examples.
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html