When doing two-way authentication the PM can ONLY use a local configuration
to authenticate itself. And local usernames are, I believe, limited to 8
characters.
Again, what is happening is the Gandalf is insisting that the PM auth to
it, and the PM is insisting the Gandalf auth - as it should in a standard dial
in.
So:
Gandalf->auth-to->PM - standard dial-in, using RADIUS, this is working.
PM->auth-to->Gandalf - reverse auth, can only use local info NOT RADIUS, not
configured and therefore failing.
What you need to do is either configure the PM to be able to CHAP back to
the Gandalf (see the manuals) or stop the Gandalf from being stupid and asking
the PM to auth (the better answer).
> Pretty sure I have that set up correctly in Radius. Hmmm...
RADIUS doesn't play a role in this particular exchange. It can't. (I can
explain why, but it really isn't important.)
-MZ
-- <URL:mailto:megazone@megazone.org> Gweep, Discordian, Author, Engineer, me.. Join ISP/C Internet Service Providers' Consortium <URL:http://www.ispc.org/> "A little nonsense now and then, is relished by the wisest men" 781-788-0130 <URL:http://www.megazone.org/> <URL:http://www.gweep.net/> Hail Discordia! - To unsubscribe, email 'majordomo@livingston.com' with 'unsubscribe portmaster-users' in the body of the message. Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>