(RADIATOR) MS-MPPE-RECV-send
J.Angel at herts.ac.uk
J.Angel at herts.ac.uk
Sun Jul 25 17:04:53 CDT 2004
On Jul 24 2004, Hugh Irvine wrote:
>
> Hello Judy -
>
> You cannot use MS-CHAP(v2) with any form of encrypted password - you
> must have access to the cleartext password.
>
> See section 13.1.2 in the Radiator 3.9 reference manual
> ("doc/ref.html").
>
which authentication/encryption option are available, if I wish to
authenticate with a unix pam password?
thanks
judy angel
University of Hertfordshire
> regards
>
> Hugh
>
>
>
> On 23 Jul 2004, at 21:40, Judy Angel wrote:
>
> >
> >
> > --On 13 July 2004 09:07 +1000 Hugh Irvine <hugh at open.com.au> wrote:
> >
> >>
> >> Hello Judy -
> >>
> >> MS-CHAPv2 expects to use the complete username string when checking
> >> the
> >> password.
> >>
> >> I suggest you remove the RewriteUsername and change "judyblue" to
> >> "judyblue at pptp" in the users file.
> >
> >
> > I am trying to authenticate against a nis+/pam unix server.
> >
> > I have installed radius on another unix server that shared the nis+
> > password file, now the userid is without the realm, but this still
> > does not work from pptp client, Is what I want to use not possible?
> >
> > thanks
> >
> > judy angel
> >
> >
> > <Realm DEFAULT>
> > <AuthBy PAM>
> > # generate MPPE keys to encrypt pptp vpns
> > AutoMPPEKeys Yes
> >
> > </AuthBy>
> > </Realm>
> >
> > ri Jul 23 12:35:50 2004: DEBUG: Finished reading configuration file
> > './goodies/kumbha.cfg
> >
> > ri Jul 23 12:35:50 2004: DEBUG: Reading dictionary file './dictionary'
> > ri Jul 23 12:35:51 2004: DEBUG: Creating authentication port
> > 0.0.0.0:1645
> > ri Jul 23 12:35:51 2004: DEBUG: Creating accounting port 0.0.0.0:1646
> > ri Jul 23 12:35:51 2004: NOTICE: Server started: Radiator 3.9 on kumbha
> > ri Jul 23 12:36:08 2004: DEBUG: Packet dump:
> > ** Received from 147.197.200.100 port 32768 ....
> > ode: Access-Request
> > dentifier: 149
> > uthentic: V4kO<224><134><212><224>k<210>#w<132>"n<246>
> > ttributes:
> > Service-Type = Framed-User
> > Framed-Protocol = PPP
> > User-Name = "ccsqja"
> > MS-CHAP-Challenge = "<148><242><201><146>l<132>
> > <242>X<218>8<158><154><168>/l"
> > MS-CHAP2-Response =
> > "<1><0><217><160><250><139><175>9<229>`<138>_<207><187>1<190><
> > 06><237><0><0><0><0><0><0><0><0><23>mq9Fq<235><221>w<13><253><145>ZV6<1
> > 96><
> > 30><187>%<240>
> > 204>'<21><200>"
> > NAS-IP-Address = 147.197.200.100
> > NAS-Port = 0
> >
> > ri Jul 23 12:36:08 2004: DEBUG: Handling request with Handler
> > 'Realm=DEFAULT'
> > ri Jul 23 12:36:08 2004: DEBUG: Deleting session for ccsqja,
> > 147.197.200.100, 0
> > ri Jul 23 12:36:08 2004: DEBUG: Handling with PAM service login
> > ri Jul 23 12:36:08 2004: DEBUG: Packet dump:
> > ** Received from 147.197.200.100 port 32768 ....
> > ode: Access-Request
> > dentifier: 149
> > uthentic: V4kO<224><134><212><224>k<210>#w<132>"n<246>
> > ttributes:
> > Service-Type = Framed-User
> > Framed-Protocol = PPP
> > User-Name = "ccsqja"
> > MS-CHAP-Challenge = "<148><242><201><146>l<132>
> > <242>X<218>8<158><154><168>/l"
> > MS-CHAP2-Response =
> > "<1><0><217><160><250><139><175>9<229>`<138>_<207><187>1<190><
> > 06><237><0><0><0><0><0><0><0><0><23>mq9Fq<235><221>w<13><253><145>ZV6<1
> > 96><
> > 30><187>%<240>
> > 204>'<21><200>"
> > NAS-IP-Address = 147.197.200.100
> > NAS-Port = 0
> >
> > ri Jul 23 12:36:08 2004: DEBUG: Handling request with Handler
> > 'Realm=DEFAULT'
> > ri Jul 23 12:36:08 2004: DEBUG: Deleting session for ccsqja,
> > 147.197.200.100, 0
> > ri Jul 23 12:36:08 2004: DEBUG: Handling with PAM service login
> > ri Jul 23 12:36:08 2004: DEBUG: PAM is asking for 1: 'Password'
> > ri Jul 23 12:36:08 2004: INFO: Access rejected for ccsqja:
> > Authentication failed:
> > ri Jul 23 12:36:08 2004: DEBUG: Packet dump:
> > ** Sending to 147.197.200.100 port 32768 ....
> > ode: Access-Reject
> > dentifier: 149
> > uthentic: V4kO<224><134><212><224>k<210>#w<132>"n<246>
> > ttributes:
> > Reply-Message = "Request Denied"
> >
> > ri Jul 23 12:36:08 2004: DEBUG: PAM is asking for 1: 'Password'
> > ri Jul 23 12:36:08 2004: INFO: Access rejected for ccsqja:
> > Authentication failed:
> > ri Jul 23 12:36:08 2004: DEBUG: Packet dump:
> > ** Sending to 147.197.200.100 port 32768 ....
> > ode: Access-Reject
> > dentifier: 149
> > uthentic: V4kO<224><134><212><224>k<210>#w<132>"n<246>
> > ttributes:
> > Reply-Message = "Request Denied"
> >
> >
> >>
> >> regards
> >>
> >> Hugh
> >>
> >>
> >> On 12 Jul 2004, at 22:13, Judy Angel wrote:
> >>
> >>>
> >>>
> >>> --On 10 July 2004 17:10 +1000 Hugh Irvine <hugh at open.com.au> wrote:
> >>>
> >>>>
> >>>> Hello Judy -
> >>>>
> >>>> You should be able to use "AutoMPPEKeys" in your AuthBy module.
> >>>>
> >>>> See section 6.17.23 in the Radiator 3.9 reference manual
> >>>> ("doc/ref.html").
> >>>
> >>> ok some progress,
> >>>
> >>> but if I test from the bluesocket with realm pptp or without it
> >>> works,
> >>> but not from a pptp microsoft client.
> >>> The password is clear text in the users file
> >>>
> >>>
> >>> Mon Jul 12 12:57:12 2004: DEBUG: Packet dump:
> >>> *** Received from 147.197.200.100 port 32798 ....
> >>> Code: Access-Request
> >>> Identifier: 111
> >>> Authentic:
> >>> <194>w<14><164>$1<200><208><9><179><174><5><162><13><217>9
> >>> Attributes:
> >>> Service-Type = Framed-User
> >>> Framed-Protocol = PPP
> >>> User-Name = "judyblue at pptp"
> >>> MS-CHAP-Challenge =
> >>> "<186>5<192>wi<205><165>|+<235><132>J<158><222><249>5"
> >>> MS-CHAP2-Response =
> >>> "<1><0><227><5><169>1<240><137>^<202><218>K<20>b@<144><152>`<0
> >>>> <0><0><0><0><0><0><0><137>R<197><12>l<27>,L<249><136>dJ<26><153>)s<2
> >>>> 29
> >>>> > G<1
> >>> 49>!<246>j<186>
> >>> <147>"
> >>> NAS-IP-Address = 147.197.200.100
> >>> NAS-Port = 0
> >>>
> >>> Mon Jul 12 12:57:12 2004: DEBUG: Handling request with Handler
> >>> 'Realm=pptp'
> >>> Mon Jul 12 12:57:12 2004: DEBUG: Rewrote user name to judyblue
> >>> Mon Jul 12 12:57:12 2004: DEBUG: Deleting session for judyblue at pptp,
> >>> 147.197.200.100, 0
> >>> Mon Jul 12 12:57:12 2004: DEBUG: Handling with Radius::AuthFILE:
> >>> Mon Jul 12 12:57:12 2004: DEBUG: Radius::AuthFILE looks for match
> >>> with
> >>> judyblue
> >>> Mon Jul 12 12:57:12 2004: DEBUG: Radius::AuthFILE REJECT: Bad
> >>> Password
> >>> Mon Jul 12 12:57:12 2004: INFO: Access rejected for judyblue: Bad
> >>> Password
> >>> Mon Jul 12 12:57:12 2004: DEBUG: Packet dump:
> >>> *** Sending to 147.197.200.100 port 32798 ....
> >>> Code: Access-Reject
> >>> Identifier: 111
> >>> Authentic:
> >>> <194>w<14><164>$1<200><208><9><179><174><5><162><13><217>9
> >>> Attributes:
> >>> Reply-Message = "Request Denied"
> >>>
> >>>
> >>>
> >>> users/....
> >>>
> >>> judyblue Password = "xx"
> >>> Service-Type = Framed-User,
> >>> Framed-Protocol = PPP,
> >>> Framed-IP-Netmask = 255.255.255.255,
> >>> Framed-Routing = None,
> >>> Framed-MTU = 1500,
> >>> Framed-Compression = Van-Jacobson-TCP-IP,
> >>> Message-Authenticator = 0000000000000000,
> >>> MS-MPPE-Encryption-Policy = Encryption-Allowed,
> >>> MS-MPPE-Encryption-Types = Encryption-Any
> >>>
> >>>
> >>> config..
> >>>
> >>>
> >>>
> >>> <Realm pptp>
> >>> RewriteUsername s/^([^@]+).*/$1/
> >>> <AuthBy FILE>
> >>> Filename ./users
> >>> # generate MPPE keys to encrypt pptp vpns
> >>> AutoMPPEKeys Yes
> >>> </AuthBy>
> >>> AcctLogFileName %L/detail
> >>> </Realm>
> >>>
> >>>
> >>> This is my first use of pptp, so I guess it is somthing basic that I
> >>> am missing.
> >>>
> >>> Thanks
> >>>
> >>> Judy
> >>>>
> >>>> regards
> >>>>
> >>>> Hugh
> >>>>
> >>>>
> >>>> On 10 Jul 2004, at 00:54, Judy Angel wrote:
> >>>>
> >>>>> Hi,
> >>>>>
> >>>>> I have seen you question to Radiator
> >>>>>
> >>>>> "On Wednesday, Mar 5, 2003, at 00:32 Australia/Melbourne, baxter
> >>>>> wrote:
> >>>>>
> >>>>>> I am using radiator to authenticate wireless users (from a
> >>>>>> bluesocket
> >>>>>> wireless gateway) with the authentication going against an imap
> >>>>>> server
> >>>>>> on
> >>>>>> our campus. The problem I am having is that I can't seem to
> >>>>>> figure
> >>>>>> out what
> >>>>>> I need to return on a pptp request. The bluesocket people say I
> >>>>>> need
> >>>>>> to get
> >>>>>> a "MS-MPPE-RECV-key" and a "MS-MPPE-RECV-send" but the log from
> >>>>>> the
> >>>>>> radiator
> >>>>> "
> >>>>>
> >>>>> I have exactly the same problem and am interested to know if that
> >>>>> was
> >>>>> solved. I can see no reply after the request for the trace. I would
> >>>>> be
> >>>>> very greatful if you tell me how you solved that problem.
> >>>>>
> >>>>> many thanks
> >>>>>
> >>>>> Judy Angel
> >>>>> University of Hertfordshire
> >>>>>
> >>>>> --
> >>>>> Archive at http://www.open.com.au/archives/radiator/
> >>>>> Announcements on radiator-announce at open.com.au
> >>>>> To unsubscribe, email 'majordomo at open.com.au' with
> >>>>> 'unsubscribe radiator' in the body of the message.
> >>>>>
> >>>>>
> >>>>
> >>>> NB: have you included a copy of your configuration file (no
> >>>> secrets),
> >>>> together with a trace 4 debug showing what is happening?
> >>>>
> >>>> --
> >>>> Radiator: the most portable, flexible and configurable RADIUS server
> >>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> >>>> -
> >>>> Nets: internetwork inventory and management - graphical, extensible,
> >>>> flexible with hardware, software, platform and database
> >>>> independence.
> >>>> -
> >>>> CATool: Private Certificate Authority for Unix and Unix-like
> >>>> systems.
> >>>>
> >>>> --
> >>>> Archive at http://www.open.com.au/archives/radiator/
> >>>> Announcements on radiator-announce at open.com.au
> >>>> To unsubscribe, email 'majordomo at open.com.au' with
> >>>> 'unsubscribe radiator' in the body of the message.
> >>>
> >>>
> >>> --
> >>> Archive at http://www.open.com.au/archives/radiator/
> >>> Announcements on radiator-announce at open.com.au
> >>> To unsubscribe, email 'majordomo at open.com.au' with
> >>> 'unsubscribe radiator' in the body of the message.
> >>>
> >>>
> >>
> >> NB: have you included a copy of your configuration file (no secrets),
> >> together with a trace 4 debug showing what is happening?
> >>
> >> --
> >> Radiator: the most portable, flexible and configurable RADIUS server
> >> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> >> -
> >> Nets: internetwork inventory and management - graphical, extensible,
> >> flexible with hardware, software, platform and database independence.
> >> -
> >> CATool: Private Certificate Authority for Unix and Unix-like systems.
> >>
> >> --
> >> Archive at http://www.open.com.au/archives/radiator/
> >> Announcements on radiator-announce at open.com.au
> >> To unsubscribe, email 'majordomo at open.com.au' with
> >> 'unsubscribe radiator' in the body of the message.
> >
> >
>
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
>
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list