2011/8/2 gary <gary.y...@browan.com> > > Hi All > I configure the NAS client as pap method for user authentication. > But through the packet analysis by wireshark it appears "Encrypted".
To debug radius problems, it's much easier and informative to run debug mode (radiusd -X) instead of using packet sniffers. > Is it normal or any incorrect configure on NAS or Freeradius server? Yup, that's normal. From http://www.ietf.org/rfc/rfc2865.txt : Network Security Transactions between the client and RADIUS server are authenticated through the use of a shared secret, which is never sent over the network. In addition, any user passwords are sent encrypted between the client and RADIUS server, to eliminate the possibility that someone snooping on an unsecure network could determine a user's password. If the shared server is correct, the radius server will be able to see the password as clear-text (i.e. unencrypted, exactly the way user enters it). This is different from (for example) mschapv2, where the radius server can't see what the clear-text password is by simply looking at what the client sent. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html