> I believe that you are on the right track. I turned "security" off on
> one port, dialed in as a shell user and got in. As expected there was
> no entry for the user in the detail file for that PortMaster.
What login service is configured for the port? What's the default host?
> Now here is where it gets interesting; I then connected to that port as
> a PPP user who exists only in the users file and got authenticated using
> PAP.
As I understand it, if security is off, when you connect to a port, a
login connection (e.g., telnet) is established to the designated host
immediately. In that case, the PM wouldn't have any opportunity to
negotiate a PPP connection with the client. The only thing I can think
of is if the port was configured for "set host prompt", you would be
able to throw PPP frames at the "host:" prompt (Brian, is this
possible?). But then the PM should only be able to authenticate the
connection from its user's table, not from RADIUS.
-- John W. Temples, III || Providing the first public access Internet Gulfnet Kuwait || site in the Arabian Gulf region