<P> In turn, the NAS sends a RADIUS Access Request message to the RADIUS server, requesting authorization to grant access via the RADIUS protocol . </P> <P> This request includes access credentials, typically in the form of username and password or security certificate provided by the user . Additionally, the request may contain other information which the NAS knows about the user, such as its network address or phone number, and information regarding the user's physical point of attachment to the NAS . </P> <P> The RADIUS server checks that the information is correct using authentication schemes such as PAP, CHAP or EAP . The user's proof of identification is verified, along with, optionally, other information related to the request, such as the user's network address or phone number, account status, and specific network service access privileges . Historically, RADIUS servers checked the user's information against a locally stored flat file database . Modern RADIUS servers can do this, or can refer to external sources--commonly SQL, Kerberos, LDAP, or Active Directory servers--to verify the user's credentials . </P> <P> The RADIUS server then returns one of three responses to the NAS: 1) Access Reject, 2) Access Challenge, or 3) Access Accept . </P>

What authentication scheme is being used with radius