(RADIATOR) MS-MPPE-RECV-send

Fri Jul 23 06:40:05 CDT 2004

--On 13 July 2004 09:07 +1000 Hugh Irvine <hugh at open.com.au> wrote:

>
> Hello Judy -
>
> MS-CHAPv2 expects to use the complete username string when checking the
> password.
>
> I suggest you remove the RewriteUsername and change "judyblue" to
> "judyblue at pptp" in the users file.

I am trying to authenticate against a nis+/pam unix server.

I have installed radius on another unix server that shared the nis+ 
password file, now the userid is without the realm,  but this still does 
not work from pptp client, Is what I want to use not possible?

thanks

judy angel

<Realm DEFAULT>
        <AuthBy PAM>
                # generate MPPE keys to encrypt pptp vpns
                AutoMPPEKeys Yes

        </AuthBy>
</Realm>

ri Jul 23 12:35:50 2004: DEBUG: Finished reading configuration file 
'./goodies/kumbha.cfg

ri Jul 23 12:35:50 2004: DEBUG: Reading dictionary file './dictionary'
ri Jul 23 12:35:51 2004: DEBUG: Creating authentication port 0.0.0.0:1645
ri Jul 23 12:35:51 2004: DEBUG: Creating accounting port 0.0.0.0:1646
ri Jul 23 12:35:51 2004: NOTICE: Server started: Radiator 3.9 on kumbha
ri Jul 23 12:36:08 2004: DEBUG: Packet dump:
** Received from 147.197.200.100 port 32768 ....
ode:       Access-Request
dentifier: 149
uthentic:  V4kO<224><134><212><224>k<210>#w<132>"n<246>
ttributes:
       Service-Type = Framed-User
       Framed-Protocol = PPP
       User-Name = "ccsqja"
       MS-CHAP-Challenge = "<148><242><201><146>l<132> 
<242>X<218>8<158><154><168>/l"
       MS-CHAP2-Response = 
"<1><0><217><160><250><139><175>9<229>`<138>_<207><187>1<190><
06><237><0><0><0><0><0><0><0><0><23>mq9Fq<235><221>w<13><253><145>ZV6<196><
30><187>%<240>
204>'<21><200>"
       NAS-IP-Address = 147.197.200.100
       NAS-Port = 0

ri Jul 23 12:36:08 2004: DEBUG: Handling request with Handler 
'Realm=DEFAULT'
ri Jul 23 12:36:08 2004: DEBUG:  Deleting session for ccsqja, 
147.197.200.100, 0
ri Jul 23 12:36:08 2004: DEBUG: Handling with PAM service login
ri Jul 23 12:36:08 2004: DEBUG: Packet dump:
** Received from 147.197.200.100 port 32768 ....
ode:       Access-Request
dentifier: 149
uthentic:  V4kO<224><134><212><224>k<210>#w<132>"n<246>
ttributes:
       Service-Type = Framed-User
       Framed-Protocol = PPP
       User-Name = "ccsqja"
       MS-CHAP-Challenge = "<148><242><201><146>l<132> 
<242>X<218>8<158><154><168>/l"
       MS-CHAP2-Response = 
"<1><0><217><160><250><139><175>9<229>`<138>_<207><187>1<190><
06><237><0><0><0><0><0><0><0><0><23>mq9Fq<235><221>w<13><253><145>ZV6<196><
30><187>%<240>
204>'<21><200>"
       NAS-IP-Address = 147.197.200.100
       NAS-Port = 0

ri Jul 23 12:36:08 2004: DEBUG: Handling request with Handler 
'Realm=DEFAULT'
ri Jul 23 12:36:08 2004: DEBUG:  Deleting session for ccsqja, 
147.197.200.100, 0
ri Jul 23 12:36:08 2004: DEBUG: Handling with PAM service login
ri Jul 23 12:36:08 2004: DEBUG: PAM is asking for 1: 'Password'
ri Jul 23 12:36:08 2004: INFO: Access rejected for ccsqja: Authentication 
failed:
ri Jul 23 12:36:08 2004: DEBUG: Packet dump:
** Sending to 147.197.200.100 port 32768 ....
ode:       Access-Reject
dentifier: 149
uthentic:  V4kO<224><134><212><224>k<210>#w<132>"n<246>
ttributes:
       Reply-Message = "Request Denied"

ri Jul 23 12:36:08 2004: DEBUG: PAM is asking for 1: 'Password'
ri Jul 23 12:36:08 2004: INFO: Access rejected for ccsqja: Authentication 
failed:
ri Jul 23 12:36:08 2004: DEBUG: Packet dump:
** Sending to 147.197.200.100 port 32768 ....
ode:       Access-Reject
dentifier: 149
uthentic:  V4kO<224><134><212><224>k<210>#w<132>"n<246>
ttributes:
       Reply-Message = "Request Denied"

>
> regards
>
> Hugh
>
>
> On 12 Jul 2004, at 22:13, Judy Angel wrote:
>
>>
>>
>> --On 10 July 2004 17:10 +1000 Hugh Irvine <hugh at open.com.au> wrote:
>>
>>>
>>> Hello Judy -
>>>
>>> You should be able to use "AutoMPPEKeys" in your AuthBy module.
>>>
>>> See section 6.17.23 in the Radiator 3.9 reference manual
>>> ("doc/ref.html").
>>
>> ok some progress,
>>
>> but if I test from the bluesocket with realm pptp or without it works,
>> but not from a pptp microsoft client.
>> The password is clear text in the users file
>>
>>
>> Mon Jul 12 12:57:12 2004: DEBUG: Packet dump:
>> *** Received from 147.197.200.100 port 32798 ....
>> Code:       Access-Request
>> Identifier: 111
>> Authentic:  <194>w<14><164>$1<200><208><9><179><174><5><162><13><217>9
>> Attributes:
>>        Service-Type = Framed-User
>>        Framed-Protocol = PPP
>>        User-Name = "judyblue at pptp"
>>        MS-CHAP-Challenge =
>> "<186>5<192>wi<205><165>|+<235><132>J<158><222><249>5"
>>        MS-CHAP2-Response =
>> "<1><0><227><5><169>1<240><137>^<202><218>K<20>b@<144><152>`<0
>>> <0><0><0><0><0><0><0><137>R<197><12>l<27>,L<249><136>dJ<26><153>)s<229
>>> > G<1
>> 49>!<246>j<186>
>> <147>"
>>        NAS-IP-Address = 147.197.200.100
>>        NAS-Port = 0
>>
>> Mon Jul 12 12:57:12 2004: DEBUG: Handling request with Handler
>> 'Realm=pptp'
>> Mon Jul 12 12:57:12 2004: DEBUG: Rewrote user name to judyblue
>> Mon Jul 12 12:57:12 2004: DEBUG:  Deleting session for judyblue at pptp,
>> 147.197.200.100, 0
>> Mon Jul 12 12:57:12 2004: DEBUG: Handling with Radius::AuthFILE:
>> Mon Jul 12 12:57:12 2004: DEBUG: Radius::AuthFILE looks for match with
>> judyblue
>> Mon Jul 12 12:57:12 2004: DEBUG: Radius::AuthFILE REJECT: Bad Password
>> Mon Jul 12 12:57:12 2004: INFO: Access rejected for judyblue: Bad
>> Password
>> Mon Jul 12 12:57:12 2004: DEBUG: Packet dump:
>> *** Sending to 147.197.200.100 port 32798 ....
>> Code:       Access-Reject
>> Identifier: 111
>> Authentic:  <194>w<14><164>$1<200><208><9><179><174><5><162><13><217>9
>> Attributes:
>>        Reply-Message = "Request Denied"
>>
>>
>>
>> users/....
>>
>> judyblue        Password = "xx"
>>        Service-Type = Framed-User,
>>         Framed-Protocol = PPP,
>>         Framed-IP-Netmask = 255.255.255.255,
>>         Framed-Routing = None,
>>         Framed-MTU = 1500,
>>         Framed-Compression = Van-Jacobson-TCP-IP,
>>         Message-Authenticator = 0000000000000000,
>>         MS-MPPE-Encryption-Policy = Encryption-Allowed,
>>         MS-MPPE-Encryption-Types = Encryption-Any
>>
>>
>> config..
>>
>>
>>
>> <Realm pptp>
>>        RewriteUsername s/^([^@]+).*/$1/
>>        <AuthBy FILE>
>>                Filename ./users
>>                # generate MPPE keys to encrypt pptp vpns
>>                AutoMPPEKeys Yes
>>        </AuthBy>
>>         AcctLogFileName %L/detail
>> </Realm>
>>
>>
>> This is my first use of pptp, so I guess it is somthing basic that I
>> am missing.
>>
>> Thanks
>>
>> Judy
>>>
>>> regards
>>>
>>> Hugh
>>>
>>>
>>> On 10 Jul 2004, at 00:54, Judy Angel wrote:
>>>
>>>> Hi,
>>>>
>>>> I have seen you question to Radiator
>>>>
>>>> "On Wednesday, Mar 5, 2003, at 00:32 Australia/Melbourne, baxter
>>>> wrote:
>>>>
>>>>> I am using radiator to authenticate wireless users (from a
>>>>> bluesocket
>>>>> wireless gateway) with the authentication going against an imap
>>>>> server
>>>>> on
>>>>> our campus.  The problem I am having is that I can't seem to figure
>>>>> out what
>>>>> I need to return on a pptp request.  The bluesocket people say I
>>>>> need
>>>>> to get
>>>>> a "MS-MPPE-RECV-key" and a "MS-MPPE-RECV-send" but the log from the
>>>>> radiator
>>>> "
>>>>
>>>> I have exactly the same problem and am interested to know if that was
>>>> solved. I can see no reply after the request for the trace. I would
>>>> be
>>>> very greatful if you tell me how you solved that problem.
>>>>
>>>> many thanks
>>>>
>>>> Judy Angel
>>>> University of Hertfordshire
>>>>
>>>> --
>>>> Archive at http://www.open.com.au/archives/radiator/
>>>> Announcements on radiator-announce at open.com.au
>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>> 'unsubscribe radiator' in the body of the message.
>>>>
>>>>
>>>
>>> NB: have you included a copy of your configuration file (no secrets),
>>> together with a trace 4 debug showing what is happening?
>>>
>>> --
>>> Radiator: the most portable, flexible and configurable RADIUS server
>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>> -
>>> Nets: internetwork inventory and management - graphical, extensible,
>>> flexible with hardware, software, platform and database independence.
>>> -
>>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>>
>>> --
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>
>>
>> --
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>>
>>
>
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.