Yeah, but at least the user only tries the one time. They then learn they need to use CHAP. The better fix is indeed to have the NAS deny PAP, but doing it at the RADIUS server still has some benefit.
/fc On Mon, Mar 04, 2002 at 04:32:36PM -0500, Eric Dean wrote: > > Unfortunately, if the NAS has already negotiated PAP, it's pretty useless > to have the radius server not authenticate because it's already been sent. > > On Mon, 4 Mar 2002, Alan DeKok wrote: > > > Eduardo Roldan <[EMAIL PROTECTED]> wrote: > > > I have a wireless network. I want that my customers only authenticate > > > through CHAP (don't want passwords flying in the sky), so, all PAP > > > request will deny access. > > > > > > How can I disable PAP? or Enable CHAP ONLY - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
