"John Williams" <john.williams@eurisp.co.uk> wrote:
Someone did mention to me that you can auth a NAS so any auth requests coming from that NAS will be authenticated. Is this right?
Sort of, but for your purposes, no. You *can* do: DEFAULT Client-IP-Address == 1.2.3.4, Auth-Type := Accept Which is "authenticate all requests from NAS 1.2.3.4". But it's no different than the previous problems with Auth-Type := Accept. The problem you're running into is not the NAS, it's the software on the end user machine. It's doing MS-CHAP, and the NAS is just blindly passing traffic back and forth. Anyways, I explain this in more detail in my book. It should be done by Christmas. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog