If we test a user with a hard-coded password, both via radlogin and via a
PPP connection with the Cisco, authentication works.
When we take the same user, and change the password to point to
"WINNT\DOMAIN" (where DOMAIN is our NT domain), radlogin authentication
works, but PPP via the Cisco fails. The only difference that I could see
between using radlogin vs the Cisco was that radlogin uses PAP, and our
Cisco is setup for CHAP. Setting the Cisco to use PAP resolves the problem.
I don't really understand why this would make a difference? Also, I'm not
sure if it is that big of problem using PAP - doesn't radius perform
encryption between the client and server?
Any comments would be appreciated.