Unfortunately, if the NAS has already negotiated PAP, it's pretty useless to have the radius server not authenticate because it's already been sent.
On Mon, 4 Mar 2002, Alan DeKok wrote: > Eduardo Roldan <[EMAIL PROTECTED]> wrote: > > I have a wireless network. I want that my customers only authenticate > > through CHAP (don't want passwords flying in the sky), so, all PAP > > request will deny access. > > > > How can I disable PAP? or Enable CHAP ONLY > > You can disable PAP by putting the following at the top of your > 'users' file: > > DEFAULT User-Password =~ ".*", Auth-Type := Reject > Reply-Message = "We don't accept PAP here" > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html