John Williams wrote:
Ok so Accept doesn't work for MS-CHAP. And I know I can grab the rejected usernames and drop them into the DB so the next time they try to auth it works. I did want to try and avoid rejecting the users and them getting fed up. Someone did mention to me that you can auth a NAS so any auth requests coming from that NAS will be authenticated. Is this right?
It's impossible with MS-CHAP. In MS-CHAP, the server validates the client (which you can just skip) but the client also validates the server - if the server doesn't have the password, this will fail.
So, impossible with MS-CHAP, and in fact CHAP. Only possible with PAP