I searched the KB and didn't see anything about changes to PAP on IAS 2003.
You might need to call PSS, maybe you found a bug?
Why, though, are you using PAP? Do you know that PAP sends passwords in the
clear? We usually advise against it. If your routers can do CHAP, that's
a better choice. MS-CHAP and MS-CHAPv2 are increasingly even better.
Steve Riley
(E-Mail Removed)
> Have been running a simple setup of IAS on windows 2000 to been able
> to use
> Radius login from my HP switches for centralized management. After
> upgrade to
> Windows 2003 that stopped working. I have investigated and have
> realized that
> I can't make IAS to accept PAP. If I change to CHAP it works fine.
> The
> remote access policy is set to allow PAP. My logs looks like this
> User roger was denied access.
> Fully-Qualified-User-Name = MEAB\roger
> NAS-IP-Address = 192.168.100.5
> NAS-Identifier = HP ProCurve Switch 5308XL
> Called-Station-Identifier = <not present>
> Calling-Station-Identifier = <not present>
> Client-Friendly-Name = Hp Procurve 5300
> Client-IP-Address = 192.168.100.5
> NAS-Port-Type = Virtual
> NAS-Port = <not present>
> Proxy-Policy-Name = Use Windows authentication for all users
> Authentication-Provider = Windows
> Authentication-Server = <undetermined>
> Policy-Name = <undetermined>
> Authentication-Type = PAP
> EAP-Type = <undetermined>
> Reason-Code = 16
> Reason = Authentication was not successful because an unknown user
> name or
> incorrect password was used.
Linear Mode
