[EMAIL PROTECTED] wrote: > > LEAP uses MS-CHAP for authentication. As a result, it's impossible > >to combine System authentication with LEAP. ... > I`d like to know is this a "limitation" of freeradius or of the leap > protocol ?
It's a limitation of MS-CHAP, as I tried to point out. See the FAQ for more comments on CHAP. FreeRADIUS didn't define MS-CHAP, so it is NOT responsible for this problem. > I think with Cisco Secure ACS you can utilize backend databases like Active > Directory or LDAP , so is this only limited in freeradius and why ? Because LDAP and Active directory are not Unix system password files. Hint: The names are different! LEAP *can* do authentication with NT-Password hashes, because they're part of the MS-CHAP protocol. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html