(RADIATOR) Make Radiator working with PPTPD

Chairul Anwar number_one at attglobal.net
Thu Aug 4 01:41:31 CDT 2005


Hi I've tried the following step:

1. configure VPN on my windows 2003 and authenticate using windows
authentication.
2. test dial with VPN client on Windows 2000 using PAP, MS-CHAP and MS-CHAP
V2, all of them successfully connected.
3. configure the VPN to authenticate to Radius using Internet Authentication
Service (IAS) on windows 2003 and configure IAS to handle the VPN Server as
its client.
4. test dial using PAP, MS-CHAP and MS-CHAP V2, all of them successfully
connected.
5. configure radiator radius using step by step you've given (exept for vpn
I'm using windows 2003 instead of pptpd)
6. running rudpwtest successful with simple.cfg
7. then I add in /etc/radiator/users:
	sistelindo   User-Password=XXXXXX
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-IP-Netmask = 255.255.255.255,
        Framed-Routing = None,
        Framed-MTU = 1500,
        Framed-Compression = Van-Jacobson-TCP-IP
8. and I also add in /etc/radiator/radius.cfg:
	<Client 202.135.145.185>
        Secret XXXXXX
        DupInterval 0
	</Client>
9. Then I run radiusd as your instructions before.
10. I run my vpn client and found this error of radiator debug:

Thu Aug  4 13:27:22 2005: ERR: Attribute number 35 (vendor 311) is not
defined in your dictionary
Thu Aug  4 13:27:22 2005: ERR: Attribute number 34 (vendor 311) is not
defined in your dictionary
Thu Aug  4 13:27:22 2005: DEBUG: Packet dump:
*** Received from 202.135.145.185 port 3132 ....
Code:       Access-Request
Identifier: 5
Authentic:  <244><225>G<176><177><148><194><216><218><250>fv<213><197><<159>
Attributes:
        Acct-Session-Id = "34"
        NAS-Identifier = "MIKEM"
        NAS-IP-Address = 202.135.145.185
        Service-Type = Framed-User
        Framed-Protocol = PPP
        NAS-Port = 129
        MS-RAS-Vendor = 311
        MS-RAS-Version = "MSRASV5.20"
        NAS-Port-Type = Virtual
        Tunnel-Type = 0:PPTP
        Tunnel-Medium-Type = 0:IP
        Calling-Station-Id = "202.135.5.48"
        Tunnel-Client-Endpoint = 202.135.5.48
        User-Name = "sistelindo"
        MS-CHAP-Challenge =
<143>wZ"<170><161><177><152><167><7><232><147><244><193>:<207>
        MS-CHAP2-Response =
<0><0>!I<254><184>PoW<131><16>Q\<212><247><231><138><189><0><0><0><0><0><0><
0><0><198><157>F<16>3<178><135><198><134><19>3<220>i<207>W<172><188>k<238><1
84>(/<228><157>
        Message-Authenticator =
<155><158>sA<147>I<23>2<21><241><134><227><15><3>@A

Thu Aug  4 13:27:22 2005: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Thu Aug  4 13:27:22 2005: DEBUG:  Deleting session for sistelindo,
202.135.145.185, 129
Thu Aug  4 13:27:22 2005: DEBUG: Handling with Radius::AuthFILE: 
Thu Aug  4 13:27:22 2005: DEBUG: Reading users file ./users
Thu Aug  4 13:27:22 2005: DEBUG: Radius::AuthFILE looks for match with
sistelindo
Thu Aug  4 13:27:22 2005: ERR: Could not load Radius::MSCHAP to handle an
MS-CHAP2 request: Can't locate Digest/MD4.pm in @INC (@INC contains: .
/usr/lib/perl5/5.8.5/i386-linux-thread-multi /usr/lib/perl5/5.8.5
/usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl/5.8.4
/usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2
/usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0
/usr/lib/perl5/site_perl
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl/5.8.4
/usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2
/usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0
/usr/lib/perl5/vendor_perl .) at
/usr/lib/perl5/site_perl/5.8.5/Radius/MSCHAP.pm line 47.
BEGIN failed--compilation aborted at
/usr/lib/perl5/site_perl/5.8.5/Radius/MSCHAP.pm line 47.
Compilation failed in require at
/usr/lib/perl5/site_perl/5.8.5/Radius/AuthGeneric.pm line 631.

Thu Aug  4 13:27:22 2005: DEBUG: Radius::AuthFILE REJECT: Bad Password
Thu Aug  4 13:27:22 2005: DEBUG: AuthBy FILE result: REJECT, Bad Password
Thu Aug  4 13:27:22 2005: INFO: Access rejected for sistelindo: Bad Password
Thu Aug  4 13:27:22 2005: DEBUG: Packet dump:
*** Sending to 202.135.145.185 port 3132 ....
Code:       Access-Reject
Identifier: 5
Authentic:  <244><225>G<176><177><148><194><216><218><250>fv<213><197><<159>
Attributes:
        Reply-Message = "Request Denied"


Please let me know what happened, and how to solve this....

Thank you.


-----Original Message-----
From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] On
Behalf Of Hugh Irvine
Sent: Friday, July 29, 2005 2:21 PM
To: number_one at attglobal.net
Cc: radiator at open.com.au
Subject: Re: (RADIATOR) Make Radiator working with PPTPD


Hello Chairul -

To get started with radius I suggest you read the RADIUS RFC's (doc/ 
rfc2865.txt and doc/rfc2866.txt) and then read the Radiator reference  
manual (doc/ref.html). Then you can do some simple experiments with  
radpwtst (test utility) and goodies/simple.cfg.

The steps involved for your application are as follows:

1. configure PPTP to do RADIUS authentication

2. configure PPTP radius to send radius requests to Radiator (IP  
address / UDP port number / shared secret)

3. configure Radiator starting with "goodies/simple.cfg" (Client  
clause to match point 2 above, Realm DEFAULT, AuthBy FILE)

4. run Radiator from the command line so you can see what is going on:

         perl radiusd -foreground -log_stdout -trace 4 - 
config_file .....

5. in a separate window run radpwtst to verify correct operation

6. then run VPN tests to PPTP

At all stages check the trace 4 debug from Radiator so you can see  
what is happening.

hope this helps

regards

Hugh



On 29 Jul 2005, at 14:42, number_one at attglobal.net wrote:

> Yes,
> I've tried it but still have problems getting authenticated.
>
> I said that wrong user id and password, but I'm sure I've put the  
> right one.
> No documents for newbies on the net about how to configure freeradius
> correctly.
> And I've download radiator manual and cannot find the clues either.
> I'm new in this stuff, and I need step by step guide to make it  
> running.
> Can Radiator provide it?
> It was very easy in configuring windows 2003 VPN to authenticate with
> windows radius (IAS) and also complete guide to make it happens.
> I've done it not more than 1 hour to configure it correctly using  
> step by
> step guide from microsoft webpage.
>
> But it is very hard to make pptpd authenticate through Radiator or any
> linux based radius, because lacks of documents for newbies like  
> me ... :(
>
> Chairul
>


NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list