(RADIATOR) Troubles with getting MPPE Keys in Access-Accept

Ayotunde Itayemi aitayemi at metrong.com
Fri Oct 11 14:27:28 CDT 2002 

Hi Philipp,

You might need to set the key first. For example:

<AuthBy DYNADDRESS>
 Identifier myIPADDRESSauth
 Allocator mySQLallocator
 PoolHint %{Client:Identifier}
 MapAttribute   yiaddr, Framed-IP-Address
 MapAttribute   subnetmask, Framed-IP-Netmask
 StripFromReply PoolHint
# policy = 4 (40bit), 2 (128bit), 6 (any)
 AddToReply MS-MPPE-Encryption-Policy = 1, MS-MPPE-Encryption-Types = 6
 AddToReply MS-MPPE-Send-Key, MS-MPPE-Recv-Key
        DefaultSimultaneousUse 1
</AuthBy>


The snippet above is from my own config. Also I don't think the AutoMPPEKeys
takes any parameter. In my config I have it on a line itself as just
"AutoMPPEKeys"
and not "AutoMPPEKeys Yes"

Regards,
Tunde Itayemi.


----- Original Message -----
From: "Philipp Kolmann" <kolmann at zid.tuwien.ac.at>
To: <radiator at open.com.au>
Sent: Friday, October 11, 2002 1:34 PM
Subject: (RADIATOR) Troubles with getting MPPE Keys in Access-Accept


> Hi!
>
> We use Radiator v3.3 and have troubles getting MPPE Keys back in
> Access Accept;
> We use Microsoft (2000,XP) VPN Clients to connect to a cisco VPN3030
> Concentrator and want to use MPPE Encryption.
> Our Problem is, the in the radiator reply packet there are no MPPE Keys
> (we use MS-CHAPv1)
>
> Here is the part of our radiator config file:
>
>
> <snip>
> ##      VPN Service
> <Handler Realm=vpn.tuwien.ac.at,
> Client-Identifier=/(terminator|sisko|localhost)/>
>         AuthByPolicy ContinueAlways
>         AuthBy account-sql
>         <AuthBy GROUP>
>                 AutoMPPEKeys    Yes
>                 AuthBy          radius-sql
>                 AddToReply      MS-MPPE-Encryption-Policy =
> Encryption-Allowed, \
>                                 MS-MPPE-Encryption-Types  = Encryption-Any
>         </Authby>
> </Handler>
>
>
> <snip>
>
> any ideas?
>
> Kind Regards
> Philipp Kolmann
>
> Technical University of Vienna
>
>
> --
> To err is human;
> to really screw things up requires the root password.
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list