(RADIATOR) MSCHAP and MPPE

Robert Blayzor noc at inoc.net
Thu Jan 3 11:38:12 CST 2002 

I am trying to replace M$ IAS with Radiator to authenticate VPN
connections from a PIX firewall via PPTP and MPPE.

If I use the IAS with Win2K server, all is fine.

If I cut over to Radiator, Radiator accepts the connections, but the
Windows client (Win2K VPN client) rejects the connection because it does
not use encryption.  Here is a clip our of my users file:

joeuser         User-Password = "<mypass>", Service-Type = Framed-User
                Framed-IP-Address = "255.255.255.254",
                MS-MPPE-Encryption-Policy = Encryption-Required,
                MS-MPPE-Encryption-Types = Encryption-40,
                MS-MPPE-Send-Key = "mysendkey",
                MS-MPPE-Recv-Key = "myrecvkey",
                Tunnel-Type = PPTP


Radiator trace shows:

Thu Jan  3 12:01:42 2002: DEBUG: Check if Handler Client-Identifier =
PIX-FW should be used to ha
ndle this request
Thu Jan  3 12:01:42 2002: DEBUG: Handling request with Handler
'Client-Identifier = PIX-FW'
Thu Jan  3 12:01:42 2002: DEBUG: Handling with Radius::AuthFILE: 
Thu Jan  3 12:01:42 2002: DEBUG: Reading users file /radius/vpn-users
Thu Jan  3 12:01:42 2002: DEBUG: Radius::AuthFILE looks for match with
joeuser
Thu Jan  3 12:01:42 2002: DEBUG: Radius::AuthFILE ACCEPT: 
Thu Jan  3 12:01:42 2002: DEBUG: Access accepted for joeuser
Thu Jan  3 12:01:42 2002: DEBUG: Packet dump:
*** Sending to 10.0.0.1 port 1812 ....
Code:       Access-Accept
Identifier: 138
Authentic:  <136>!F<7>4]<210><163><160>Y<30><255><204><21>*<27>
Attributes:
        Framed-IP-Address = 255.255.255.254
        Service-Type = Framed-User
        MS-MPPE-Encryption-Policy = Encryption-Required
        MS-MPPE-Encryption-Types = Encryption-40
        MS-MPPE-Send-Key = "<removed>"
        MS-MPPE-Recv-Key = "<removed>"
        Tunnel-Type = PPTP


--
Robert Blayzor, BOFH
INOC, LLC
rblayzor at inoc.net

Esc key to reboot Universe, or any other key to continue...


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list