I am trying to implement a Radius dial access configuration, using Ciscosecure 2.6 for Windows. I have noticed the following: When I set up my NaS and AAA server for radius, the client can only be properly authenticated with PAP. If I use chap, then apparently the NAS refuses to authenticate, and I constantly get a debug messages like "peer unable to authenticate" messages. This happens even though I have checked about a thousand times that the password is indeed correct, and that Ciscosecure has been configured to use the password for chap. As soon as I configure the dial client for PAP (not the NAS, but the client), everything immediately authenticates and works perfectly. This is really odd because if I switch CS and the NAS to speak Tacacs+, then the client can authenticate with chap perfectly. It is only when I use radius and client chap do I get this stupid problem. Has anybody ever seen this? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=10547&t=10547 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]