(RADIATOR) MS-MPPE-RECV-send
Hugh Irvine
hugh at open.com.au
Sun Jul 25 18:52:09 CDT 2004
Hello Judy -
You can only use variations of PAP.
regards
Hugh
On 26 Jul 2004, at 08:04, J.Angel at herts.ac.uk wrote:
> On Jul 24 2004, Hugh Irvine wrote:
>
>> Hello Judy -
>> You cannot use MS-CHAP(v2) with any form of encrypted password - you
>> must have access to the cleartext password.
>> See section 13.1.2 in the Radiator 3.9 reference manual
>> ("doc/ref.html").
>
> which authentication/encryption option are available, if I wish to
> authenticate with a unix pam password?
>
> thanks
>
> judy angel
> University of Hertfordshire
>> regards
>> Hugh
>> On 23 Jul 2004, at 21:40, Judy Angel wrote:
>> >
>> >
>> > --On 13 July 2004 09:07 +1000 Hugh Irvine <hugh at open.com.au> wrote:
>> >
>> >>
>> >> Hello Judy -
>> >>
>> >> MS-CHAPv2 expects to use the complete username string when
>> checking >> the
>> >> password.
>> >>
>> >> I suggest you remove the RewriteUsername and change "judyblue" to
>> >> "judyblue at pptp" in the users file.
>> >
>> >
>> > I am trying to authenticate against a nis+/pam unix server.
>> >
>> > I have installed radius on another unix server that shared the nis+
>> > password file, now the userid is without the realm, but this
>> still > does not work from pptp client, Is what I want to use not
>> possible?
>> >
>> > thanks
>> >
>> > judy angel
>> >
>> >
>> > <Realm DEFAULT>
>> > <AuthBy PAM>
>> > # generate MPPE keys to encrypt pptp vpns
>> > AutoMPPEKeys Yes
>> >
>> > </AuthBy>
>> > </Realm>
>> >
>> > ri Jul 23 12:35:50 2004: DEBUG: Finished reading configuration file
>> > './goodies/kumbha.cfg
>> >
>> > ri Jul 23 12:35:50 2004: DEBUG: Reading dictionary file
>> './dictionary'
>> > ri Jul 23 12:35:51 2004: DEBUG: Creating authentication port >
>> 0.0.0.0:1645
>> > ri Jul 23 12:35:51 2004: DEBUG: Creating accounting port
>> 0.0.0.0:1646
>> > ri Jul 23 12:35:51 2004: NOTICE: Server started: Radiator 3.9 on
>> kumbha
>> > ri Jul 23 12:36:08 2004: DEBUG: Packet dump:
>> > ** Received from 147.197.200.100 port 32768 ....
>> > ode: Access-Request
>> > dentifier: 149
>> > uthentic: V4kO<224><134><212><224>k<210>#w<132>"n<246>
>> > ttributes:
>> > Service-Type = Framed-User
>> > Framed-Protocol = PPP
>> > User-Name = "ccsqja"
>> > MS-CHAP-Challenge = "<148><242><201><146>l<132> >
>> <242>X<218>8<158><154><168>/l"
>> > MS-CHAP2-Response = >
>> "<1><0><217><160><250><139><175>9<229>`<138>_<207><187>1<190><
>> >
>> 06><237><0><0><0><0><0><0><0><0><23>mq9Fq<235><221>w<13><253><145>ZV6<
>> 1 > 96><
>> > 30><187>%<240>
>> > 204>'<21><200>"
>> > NAS-IP-Address = 147.197.200.100
>> > NAS-Port = 0
>> >
>> > ri Jul 23 12:36:08 2004: DEBUG: Handling request with Handler >
>> 'Realm=DEFAULT'
>> > ri Jul 23 12:36:08 2004: DEBUG: Deleting session for ccsqja, >
>> 147.197.200.100, 0
>> > ri Jul 23 12:36:08 2004: DEBUG: Handling with PAM service login
>> > ri Jul 23 12:36:08 2004: DEBUG: Packet dump:
>> > ** Received from 147.197.200.100 port 32768 ....
>> > ode: Access-Request
>> > dentifier: 149
>> > uthentic: V4kO<224><134><212><224>k<210>#w<132>"n<246>
>> > ttributes:
>> > Service-Type = Framed-User
>> > Framed-Protocol = PPP
>> > User-Name = "ccsqja"
>> > MS-CHAP-Challenge = "<148><242><201><146>l<132> >
>> <242>X<218>8<158><154><168>/l"
>> > MS-CHAP2-Response = >
>> "<1><0><217><160><250><139><175>9<229>`<138>_<207><187>1<190><
>> >
>> 06><237><0><0><0><0><0><0><0><0><23>mq9Fq<235><221>w<13><253><145>ZV6<
>> 1 > 96><
>> > 30><187>%<240>
>> > 204>'<21><200>"
>> > NAS-IP-Address = 147.197.200.100
>> > NAS-Port = 0
>> >
>> > ri Jul 23 12:36:08 2004: DEBUG: Handling request with Handler >
>> 'Realm=DEFAULT'
>> > ri Jul 23 12:36:08 2004: DEBUG: Deleting session for ccsqja, >
>> 147.197.200.100, 0
>> > ri Jul 23 12:36:08 2004: DEBUG: Handling with PAM service login
>> > ri Jul 23 12:36:08 2004: DEBUG: PAM is asking for 1: 'Password'
>> > ri Jul 23 12:36:08 2004: INFO: Access rejected for ccsqja: >
>> Authentication failed:
>> > ri Jul 23 12:36:08 2004: DEBUG: Packet dump:
>> > ** Sending to 147.197.200.100 port 32768 ....
>> > ode: Access-Reject
>> > dentifier: 149
>> > uthentic: V4kO<224><134><212><224>k<210>#w<132>"n<246>
>> > ttributes:
>> > Reply-Message = "Request Denied"
>> >
>> > ri Jul 23 12:36:08 2004: DEBUG: PAM is asking for 1: 'Password'
>> > ri Jul 23 12:36:08 2004: INFO: Access rejected for ccsqja: >
>> Authentication failed:
>> > ri Jul 23 12:36:08 2004: DEBUG: Packet dump:
>> > ** Sending to 147.197.200.100 port 32768 ....
>> > ode: Access-Reject
>> > dentifier: 149
>> > uthentic: V4kO<224><134><212><224>k<210>#w<132>"n<246>
>> > ttributes:
>> > Reply-Message = "Request Denied"
>> >
>> >
>> >>
>> >> regards
>> >>
>> >> Hugh
>> >>
>> >>
>> >> On 12 Jul 2004, at 22:13, Judy Angel wrote:
>> >>
>> >>>
>> >>>
>> >>> --On 10 July 2004 17:10 +1000 Hugh Irvine <hugh at open.com.au>
>> wrote:
>> >>>
>> >>>>
>> >>>> Hello Judy -
>> >>>>
>> >>>> You should be able to use "AutoMPPEKeys" in your AuthBy module.
>> >>>>
>> >>>> See section 6.17.23 in the Radiator 3.9 reference manual
>> >>>> ("doc/ref.html").
>> >>>
>> >>> ok some progress,
>> >>>
>> >>> but if I test from the bluesocket with realm pptp or without it
>> >>> works,
>> >>> but not from a pptp microsoft client.
>> >>> The password is clear text in the users file
>> >>>
>> >>>
>> >>> Mon Jul 12 12:57:12 2004: DEBUG: Packet dump:
>> >>> *** Received from 147.197.200.100 port 32798 ....
>> >>> Code: Access-Request
>> >>> Identifier: 111
>> >>> Authentic: >>>
>> <194>w<14><164>$1<200><208><9><179><174><5><162><13><217>9
>> >>> Attributes:
>> >>> Service-Type = Framed-User
>> >>> Framed-Protocol = PPP
>> >>> User-Name = "judyblue at pptp"
>> >>> MS-CHAP-Challenge =
>> >>> "<186>5<192>wi<205><165>|+<235><132>J<158><222><249>5"
>> >>> MS-CHAP2-Response =
>> >>> "<1><0><227><5><169>1<240><137>^<202><218>K<20>b@<144><152>`<0
>> >>>>
>> <0><0><0><0><0><0><0><137>R<197><12>l<27>,L<249><136>dJ<26><153>)s<2
>> >>>> 29
>> >>>> > G<1
>> >>> 49>!<246>j<186>
>> >>> <147>"
>> >>> NAS-IP-Address = 147.197.200.100
>> >>> NAS-Port = 0
>> >>>
>> >>> Mon Jul 12 12:57:12 2004: DEBUG: Handling request with Handler
>> >>> 'Realm=pptp'
>> >>> Mon Jul 12 12:57:12 2004: DEBUG: Rewrote user name to judyblue
>> >>> Mon Jul 12 12:57:12 2004: DEBUG: Deleting session for
>> judyblue at pptp,
>> >>> 147.197.200.100, 0
>> >>> Mon Jul 12 12:57:12 2004: DEBUG: Handling with Radius::AuthFILE:
>> >>> Mon Jul 12 12:57:12 2004: DEBUG: Radius::AuthFILE looks for match
>> >>> with
>> >>> judyblue
>> >>> Mon Jul 12 12:57:12 2004: DEBUG: Radius::AuthFILE REJECT: Bad
>> >>> Password
>> >>> Mon Jul 12 12:57:12 2004: INFO: Access rejected for judyblue: Bad
>> >>> Password
>> >>> Mon Jul 12 12:57:12 2004: DEBUG: Packet dump:
>> >>> *** Sending to 147.197.200.100 port 32798 ....
>> >>> Code: Access-Reject
>> >>> Identifier: 111
>> >>> Authentic: >>>
>> <194>w<14><164>$1<200><208><9><179><174><5><162><13><217>9
>> >>> Attributes:
>> >>> Reply-Message = "Request Denied"
>> >>>
>> >>>
>> >>>
>> >>> users/....
>> >>>
>> >>> judyblue Password = "xx"
>> >>> Service-Type = Framed-User,
>> >>> Framed-Protocol = PPP,
>> >>> Framed-IP-Netmask = 255.255.255.255,
>> >>> Framed-Routing = None,
>> >>> Framed-MTU = 1500,
>> >>> Framed-Compression = Van-Jacobson-TCP-IP,
>> >>> Message-Authenticator = 0000000000000000,
>> >>> MS-MPPE-Encryption-Policy = Encryption-Allowed,
>> >>> MS-MPPE-Encryption-Types = Encryption-Any
>> >>>
>> >>>
>> >>> config..
>> >>>
>> >>>
>> >>>
>> >>> <Realm pptp>
>> >>> RewriteUsername s/^([^@]+).*/$1/
>> >>> <AuthBy FILE>
>> >>> Filename ./users
>> >>> # generate MPPE keys to encrypt pptp vpns
>> >>> AutoMPPEKeys Yes
>> >>> </AuthBy>
>> >>> AcctLogFileName %L/detail
>> >>> </Realm>
>> >>>
>> >>>
>> >>> This is my first use of pptp, so I guess it is somthing basic
>> that I
>> >>> am missing.
>> >>>
>> >>> Thanks
>> >>>
>> >>> Judy
>> >>>>
>> >>>> regards
>> >>>>
>> >>>> Hugh
>> >>>>
>> >>>>
>> >>>> On 10 Jul 2004, at 00:54, Judy Angel wrote:
>> >>>>
>> >>>>> Hi,
>> >>>>>
>> >>>>> I have seen you question to Radiator
>> >>>>>
>> >>>>> "On Wednesday, Mar 5, 2003, at 00:32 Australia/Melbourne, baxter
>> >>>>> wrote:
>> >>>>>
>> >>>>>> I am using radiator to authenticate wireless users (from a
>> >>>>>> bluesocket
>> >>>>>> wireless gateway) with the authentication going against an imap
>> >>>>>> server
>> >>>>>> on
>> >>>>>> our campus. The problem I am having is that I can't seem to
>> >>>>>> figure
>> >>>>>> out what
>> >>>>>> I need to return on a pptp request. The bluesocket people say
>> I
>> >>>>>> need
>> >>>>>> to get
>> >>>>>> a "MS-MPPE-RECV-key" and a "MS-MPPE-RECV-send" but the log
>> from >>>>>> the
>> >>>>>> radiator
>> >>>>> "
>> >>>>>
>> >>>>> I have exactly the same problem and am interested to know if
>> that >>>>> was
>> >>>>> solved. I can see no reply after the request for the trace. I
>> would
>> >>>>> be
>> >>>>> very greatful if you tell me how you solved that problem.
>> >>>>>
>> >>>>> many thanks
>> >>>>>
>> >>>>> Judy Angel
>> >>>>> University of Hertfordshire
>> >>>>>
>> >>>>> --
>> >>>>> Archive at http://www.open.com.au/archives/radiator/
>> >>>>> Announcements on radiator-announce at open.com.au
>> >>>>> To unsubscribe, email 'majordomo at open.com.au' with
>> >>>>> 'unsubscribe radiator' in the body of the message.
>> >>>>>
>> >>>>>
>> >>>>
>> >>>> NB: have you included a copy of your configuration file (no
>> >>>> secrets),
>> >>>> together with a trace 4 debug showing what is happening?
>> >>>>
>> >>>> --
>> >>>> Radiator: the most portable, flexible and configurable RADIUS
>> server
>> >>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> >>>> -
>> >>>> Nets: internetwork inventory and management - graphical,
>> extensible,
>> >>>> flexible with hardware, software, platform and database >>>>
>> independence.
>> >>>> -
>> >>>> CATool: Private Certificate Authority for Unix and Unix-like
>> >>>> systems.
>> >>>>
>> >>>> --
>> >>>> Archive at http://www.open.com.au/archives/radiator/
>> >>>> Announcements on radiator-announce at open.com.au
>> >>>> To unsubscribe, email 'majordomo at open.com.au' with
>> >>>> 'unsubscribe radiator' in the body of the message.
>> >>>
>> >>>
>> >>> --
>> >>> Archive at http://www.open.com.au/archives/radiator/
>> >>> Announcements on radiator-announce at open.com.au
>> >>> To unsubscribe, email 'majordomo at open.com.au' with
>> >>> 'unsubscribe radiator' in the body of the message.
>> >>>
>> >>>
>> >>
>> >> NB: have you included a copy of your configuration file (no
>> secrets),
>> >> together with a trace 4 debug showing what is happening?
>> >>
>> >> --
>> >> Radiator: the most portable, flexible and configurable RADIUS
>> server
>> >> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> >> -
>> >> Nets: internetwork inventory and management - graphical,
>> extensible,
>> >> flexible with hardware, software, platform and database
>> independence.
>> >> -
>> >> CATool: Private Certificate Authority for Unix and Unix-like
>> systems.
>> >>
>> >> --
>> >> Archive at http://www.open.com.au/archives/radiator/
>> >> Announcements on radiator-announce at open.com.au
>> >> To unsubscribe, email 'majordomo at open.com.au' with
>> >> 'unsubscribe radiator' in the body of the message.
>> >
>> >
>> NB: have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list