(RADIATOR) MS-MPPE-RECV-send

Hugh Irvine hugh at open.com.au
Mon Jul 12 18:07:21 CDT 2004 

Hello Judy -

MS-CHAPv2 expects to use the complete username string when checking the  
password.

I suggest you remove the RewriteUsername and change "judyblue" to  
"judyblue at pptp" in the users file.

regards

Hugh


On 12 Jul 2004, at 22:13, Judy Angel wrote:

>
>
> --On 10 July 2004 17:10 +1000 Hugh Irvine <hugh at open.com.au> wrote:
>
>>
>> Hello Judy -
>>
>> You should be able to use "AutoMPPEKeys" in your AuthBy module.
>>
>> See section 6.17.23 in the Radiator 3.9 reference manual  
>> ("doc/ref.html").
>
> ok some progress,
>
> but if I test from the bluesocket with realm pptp or without it works,  
> but not from a pptp microsoft client.
> The password is clear text in the users file
>
>
> Mon Jul 12 12:57:12 2004: DEBUG: Packet dump:
> *** Received from 147.197.200.100 port 32798 ....
> Code:       Access-Request
> Identifier: 111
> Authentic:  <194>w<14><164>$1<200><208><9><179><174><5><162><13><217>9
> Attributes:
>        Service-Type = Framed-User
>        Framed-Protocol = PPP
>        User-Name = "judyblue at pptp"
>        MS-CHAP-Challenge =  
> "<186>5<192>wi<205><165>|+<235><132>J<158><222><249>5"
>        MS-CHAP2-Response =  
> "<1><0><227><5><169>1<240><137>^<202><218>K<20>b@<144><152>`<0
>> <0><0><0><0><0><0><0><137>R<197><12>l<27>,L<249><136>dJ<26><153>)s<229 
>> >G<1
> 49>!<246>j<186>
> <147>"
>        NAS-IP-Address = 147.197.200.100
>        NAS-Port = 0
>
> Mon Jul 12 12:57:12 2004: DEBUG: Handling request with Handler  
> 'Realm=pptp'
> Mon Jul 12 12:57:12 2004: DEBUG: Rewrote user name to judyblue
> Mon Jul 12 12:57:12 2004: DEBUG:  Deleting session for judyblue at pptp,  
> 147.197.200.100, 0
> Mon Jul 12 12:57:12 2004: DEBUG: Handling with Radius::AuthFILE:
> Mon Jul 12 12:57:12 2004: DEBUG: Radius::AuthFILE looks for match with  
> judyblue
> Mon Jul 12 12:57:12 2004: DEBUG: Radius::AuthFILE REJECT: Bad Password
> Mon Jul 12 12:57:12 2004: INFO: Access rejected for judyblue: Bad  
> Password
> Mon Jul 12 12:57:12 2004: DEBUG: Packet dump:
> *** Sending to 147.197.200.100 port 32798 ....
> Code:       Access-Reject
> Identifier: 111
> Authentic:  <194>w<14><164>$1<200><208><9><179><174><5><162><13><217>9
> Attributes:
>        Reply-Message = "Request Denied"
>
>
>
> users/....
>
> judyblue        Password = "xx"
>        Service-Type = Framed-User,
>         Framed-Protocol = PPP,
>         Framed-IP-Netmask = 255.255.255.255,
>         Framed-Routing = None,
>         Framed-MTU = 1500,
>         Framed-Compression = Van-Jacobson-TCP-IP,
>         Message-Authenticator = 0000000000000000,
>         MS-MPPE-Encryption-Policy = Encryption-Allowed,
>         MS-MPPE-Encryption-Types = Encryption-Any
>
>
> config..
>
>
>
> <Realm pptp>
>        RewriteUsername s/^([^@]+).*/$1/
>        <AuthBy FILE>
>                Filename ./users
>                # generate MPPE keys to encrypt pptp vpns
>                AutoMPPEKeys Yes
>        </AuthBy>
>         AcctLogFileName %L/detail
> </Realm>
>
>
> This is my first use of pptp, so I guess it is somthing basic that I  
> am missing.
>
> Thanks
>
> Judy
>>
>> regards
>>
>> Hugh
>>
>>
>> On 10 Jul 2004, at 00:54, Judy Angel wrote:
>>
>>> Hi,
>>>
>>> I have seen you question to Radiator
>>>
>>> "On Wednesday, Mar 5, 2003, at 00:32 Australia/Melbourne, baxter  
>>> wrote:
>>>
>>>> I am using radiator to authenticate wireless users (from a  
>>>> bluesocket
>>>> wireless gateway) with the authentication going against an imap  
>>>> server
>>>> on
>>>> our campus.  The problem I am having is that I can't seem to figure
>>>> out what
>>>> I need to return on a pptp request.  The bluesocket people say I  
>>>> need
>>>> to get
>>>> a "MS-MPPE-RECV-key" and a "MS-MPPE-RECV-send" but the log from the
>>>> radiator
>>> "
>>>
>>> I have exactly the same problem and am interested to know if that was
>>> solved. I can see no reply after the request for the trace. I would  
>>> be
>>> very greatful if you tell me how you solved that problem.
>>>
>>> many thanks
>>>
>>> Judy Angel
>>> University of Hertfordshire
>>>
>>> --
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>>
>>>
>>
>> NB: have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>
>> --
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list