>From my recent thread with Alan, I have gathered that ldap only supports PAP. PAP sends the password in plain text. Is it possible to encasuplate PAP inside another protocol say EAP to prevent from packet sniffers etc. Failing that is it possible to asign vlans bases on ldap primary group via the ntlm_auth method.