I'm pouring through the alphabet soup of all of this and have a few questions that keep popping up.
During a pap conversation, the radius server ends up with the username/password passed to it from the client. It then encrypts the password to match the encryption of the stored password in ldap (or other directory) and tries a bind. Correct? During a PEAP conversation, the radius server also would end-up with a username/password received from the client (either via clear-text or via the mschap conversation). Why can it not then encrypt the password just like PAP did? Does it do the comparison to LDAP stored passwords via MSCHAP as well? Thanks for any info. Matt [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html