Hi. Sorry 'cause i'm late. Some troubles. Well i worked as following explained to perform a test (problem we talk about) but also to check if password would have been passed encrypted in the internet. |--------------------| *|NAS-USG100|*( *USGWAN* -79.xxx.xxx.xxx )---(INTERNET)----(78.yyy.yyy.yyy) *RADIUS* |--------------------| ( *USGLAN*:172.16.68.253) | (WEB-HTTPS) | | 172.16.68.16 I mirrored both of WAN ports of USG, say WAN1 and WAN2 and had something to give to wireshark :-) I open Web LogIN page of USG and provide fake user and password (not present on ActiveDirectory or local USBdb), say gigino / 12345678 *I obtaint this (USG)* 79.xxx.xxx.xxx 78.yyy.yyy.yyy RADIUS Access-Request(1) .... AVP: l=8 t=User-Name(1): gigino AVP: l=18 t=User-Password(2): *Encrypted* <- Yippieeeee AVP: l=6 t=NAS-IP-Address(4): 172.16.68.10 <- (PDC of my internal domain) AVP: l=10 t=NAS-Identifier(32): weblogin AVP: l=6 t=NAS-Port(5): 20915 AVP: l=6 t=NAS-Port-Type(61): Virtual(5) AVP: l=6 t=Service-Type(6): Authenticate-Only(8) AVP: l=14 t=Calling-Station-Id(31): 172.16.68.16 * . . . on remote radius server i obtain* Ready to process requests. rad_recv: Access-Request packet from host 79.xxx.xxx.xxx ... User-Name = "gigino" User-Password = "gigino" NAS-IP-Address = 172.16.68.10 NAS-Identifier = "weblogin" NAS-Port = 20915 NAS-Port-Type = Virtual Service-Type = Authenticate-Only Calling-Station-Id = "172.16.68.16" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "gigino", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound -------------------------------------------------------------- I presumed NAS-IP-Address: 172.16.68.253 !!!!!!!! What do you think? Thank in advance. _______________________________________________ Sono solo un passeggero del volo e mi credevo pilota . . .