proxy incoming PAP request as outgoing PEAP/TTLS requests

Herwin Weststrate herwin at
Mon Sep 21 16:12:04 CEST 2015

On 21-09-15 11:21, A.L.M.Buxey at wrote:
> Hi,
> oh , it is.  if the worry is the insecurity of PAP being sent
> upstream, then make the upstream connection a RADSEC connection.

Another use case I could think of is that the remote RADIUS server does
not accept PAP authentications. I remember that the Microsoft RADIUS
(NPS?) did only accept PEAP by default, it could be configured to accept
MSCHAPv2 as well, but I don't remember we ever could make it to accept
PAP. But I don't think this is the reason here, since it doesn't accept

Herwin Weststrate

More information about the Freeradius-Users mailing list