On Thu, 15 Jul 2004, Mike Lampson wrote: > >> Is it possible to make radius tell the dial equipemnt to send the > >> password in clear text if it can't authenticate a CHAP password? > > No. > > In many cases, the NAS can't even control it. The client uses > > CHAP, and there's no way for the NAS to tell it to use PAP. > > We had a case of a service that proxied to our RADIUS and tried to do CHAP. > Our network engineers fixed this by putting the following into the DEFAULT > profile for that client: > > Ascend-Send-Auth = Send-Auth-PAP > > I cannot speak to what this attribute does or if any special settings were > configured on the router. I leave that to someone with a more vested > interest in this scenario to figure out.
If you have CISCO and the calls come through ISDN lines you can use a cool feature called preauthentication: http://www.cisco.com/en/US/products/sw/iosswrel/ps1834/products_feature_guide09186a008007ffec.html > > _Mike > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html