Stefan Kronawithleitner wrote: > The existing setup is a freeradius 1.1.6, allowing auth from a NAS and > PEAP against an eDirectory (ldap) userbase, which works fine. However, > users of another realm should be proxied to another radius-server - > which works fine for PEAP, but failes from the NAS, because the NAS can > do only PAP - which is not allowed on the other radius-server.
The other RADIUS server is either broken, or the administrators are being ridiculous. For a host of reasons, PAP is actually *better* than CHAP. It's not just easier to manage. It can actually be more secure in many cases! > I read through the changelogs, finding nothing like that - has there > been a change? Is it possible to convert PAP to CHAP? Howto? It's possible. You'll have to write some code. It's not hard. See rlm_example for writing a module. See radclient for how to convert a cleartext password into a CHAP password. rad_chap_encode(..) Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
