FreeRadius users mailing list <freeradius-users@lists.freeradius.org> on August 12, 2005 at 09:04 -0800 wrote:
LEAP is a proprietary protocol of Cisco's. They have never published a spec, but it has been reverse engineered. (use Google) It is severely flawed.
What he said.
PEAP is in an Internet Draft (v2), but what Microsoft has implemented (v0) and what Cisco supports(v1) are two different derivations of previous versions. You will have to do some archival spelunking to get specs that may agree with the implementations.
PEAP and LEAP are different beasts. If you want the auth features of LEAP (e.g. simple username/password), your best bet is to look at EAP-TTLS/PAP. If you want the hashing functions (whereby CHAP of some sort is used), PEAP will work, given the right subtype. -kb -- Kris Benson, CCP, I.S.P. Technical Analyst, District Projects School District #57 (Prince George)