(RADIATOR) Make Radiator working with PPTPD

Hugh Irvine hugh at open.com.au
Thu Aug 4 02:02:27 CDT 2005 

Hello Chairul -

Thanks for the additional information - I think you are almost there.

As the debug message shows, to process MS-CHAPv2 you must install the  
Digest-MD4 module (available from CPAN).

regards

Hugh


On 4 Aug 2005, at 16:41, Chairul Anwar wrote:

> Hi I've tried the following step:
>
> 1. configure VPN on my windows 2003 and authenticate using windows
> authentication.
> 2. test dial with VPN client on Windows 2000 using PAP, MS-CHAP and  
> MS-CHAP
> V2, all of them successfully connected.
> 3. configure the VPN to authenticate to Radius using Internet  
> Authentication
> Service (IAS) on windows 2003 and configure IAS to handle the VPN  
> Server as
> its client.
> 4. test dial using PAP, MS-CHAP and MS-CHAP V2, all of them  
> successfully
> connected.
> 5. configure radiator radius using step by step you've given (exept  
> for vpn
> I'm using windows 2003 instead of pptpd)
> 6. running rudpwtest successful with simple.cfg
> 7. then I add in /etc/radiator/users:
>     sistelindo   User-Password=XXXXXX
>         Service-Type = Framed-User,
>         Framed-Protocol = PPP,
>         Framed-IP-Netmask = 255.255.255.255,
>         Framed-Routing = None,
>         Framed-MTU = 1500,
>         Framed-Compression = Van-Jacobson-TCP-IP
> 8. and I also add in /etc/radiator/radius.cfg:
>     <Client 202.135.145.185>
>         Secret XXXXXX
>         DupInterval 0
>     </Client>
> 9. Then I run radiusd as your instructions before.
> 10. I run my vpn client and found this error of radiator debug:
>
> Thu Aug  4 13:27:22 2005: ERR: Attribute number 35 (vendor 311) is not
> defined in your dictionary
> Thu Aug  4 13:27:22 2005: ERR: Attribute number 34 (vendor 311) is not
> defined in your dictionary
> Thu Aug  4 13:27:22 2005: DEBUG: Packet dump:
> *** Received from 202.135.145.185 port 3132 ....
> Code:       Access-Request
> Identifier: 5
> Authentic:   
> <244><225>G<176><177><148><194><216><218><250>fv<213><197><<159>
> Attributes:
>         Acct-Session-Id = "34"
>         NAS-Identifier = "MIKEM"
>         NAS-IP-Address = 202.135.145.185
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
>         NAS-Port = 129
>         MS-RAS-Vendor = 311
>         MS-RAS-Version = "MSRASV5.20"
>         NAS-Port-Type = Virtual
>         Tunnel-Type = 0:PPTP
>         Tunnel-Medium-Type = 0:IP
>         Calling-Station-Id = "202.135.5.48"
>         Tunnel-Client-Endpoint = 202.135.5.48
>         User-Name = "sistelindo"
>         MS-CHAP-Challenge =
> <143>wZ"<170><161><177><152><167><7><232><147><244><193>:<207>
>         MS-CHAP2-Response =
> <0><0>!I<254><184>PoW<131><16>Q 
> \<212><247><231><138><189><0><0><0><0><0><0><
> 0><0><198><157>F<16>3<178><135><198><134><19>3<220>i<207>W<172><188>k< 
> 238><1
> 84>(/<228><157>
>         Message-Authenticator =
> <155><158>sA<147>I<23>2<21><241><134><227><15><3>@A
>
> Thu Aug  4 13:27:22 2005: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Thu Aug  4 13:27:22 2005: DEBUG:  Deleting session for sistelindo,
> 202.135.145.185, 129
> Thu Aug  4 13:27:22 2005: DEBUG: Handling with Radius::AuthFILE:
> Thu Aug  4 13:27:22 2005: DEBUG: Reading users file ./users
> Thu Aug  4 13:27:22 2005: DEBUG: Radius::AuthFILE looks for match with
> sistelindo
> Thu Aug  4 13:27:22 2005: ERR: Could not load Radius::MSCHAP to  
> handle an
> MS-CHAP2 request: Can't locate Digest/MD4.pm in @INC (@INC contains: .
> /usr/lib/perl5/5.8.5/i386-linux-thread-multi /usr/lib/perl5/5.8.5
> /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi
> /usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi
> /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi
> /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi
> /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi
> /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
> /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl/5.8.4
> /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2
> /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0
> /usr/lib/perl5/site_perl
> /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi
> /usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi
> /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi
> /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi
> /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi
> /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi
> /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl/5.8.4
> /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2
> /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0
> /usr/lib/perl5/vendor_perl .) at
> /usr/lib/perl5/site_perl/5.8.5/Radius/MSCHAP.pm line 47.
> BEGIN failed--compilation aborted at
> /usr/lib/perl5/site_perl/5.8.5/Radius/MSCHAP.pm line 47.
> Compilation failed in require at
> /usr/lib/perl5/site_perl/5.8.5/Radius/AuthGeneric.pm line 631.
>
> Thu Aug  4 13:27:22 2005: DEBUG: Radius::AuthFILE REJECT: Bad Password
> Thu Aug  4 13:27:22 2005: DEBUG: AuthBy FILE result: REJECT, Bad  
> Password
> Thu Aug  4 13:27:22 2005: INFO: Access rejected for sistelindo: Bad  
> Password
> Thu Aug  4 13:27:22 2005: DEBUG: Packet dump:
> *** Sending to 202.135.145.185 port 3132 ....
> Code:       Access-Reject
> Identifier: 5
> Authentic:   
> <244><225>G<176><177><148><194><216><218><250>fv<213><197><<159>
> Attributes:
>         Reply-Message = "Request Denied"
>
>
> Please let me know what happened, and how to solve this....
>
> Thank you.
>
>
> -----Original Message-----
> From: owner-radiator at open.com.au [mailto:owner- 
> radiator at open.com.au] On
> Behalf Of Hugh Irvine
> Sent: Friday, July 29, 2005 2:21 PM
> To: number_one at attglobal.net
> Cc: radiator at open.com.au
> Subject: Re: (RADIATOR) Make Radiator working with PPTPD
>
>
> Hello Chairul -
>
> To get started with radius I suggest you read the RADIUS RFC's (doc/
> rfc2865.txt and doc/rfc2866.txt) and then read the Radiator reference
> manual (doc/ref.html). Then you can do some simple experiments with
> radpwtst (test utility) and goodies/simple.cfg.
>
> The steps involved for your application are as follows:
>
> 1. configure PPTP to do RADIUS authentication
>
> 2. configure PPTP radius to send radius requests to Radiator (IP
> address / UDP port number / shared secret)
>
> 3. configure Radiator starting with "goodies/simple.cfg" (Client
> clause to match point 2 above, Realm DEFAULT, AuthBy FILE)
>
> 4. run Radiator from the command line so you can see what is going on:
>
>          perl radiusd -foreground -log_stdout -trace 4 -
> config_file .....
>
> 5. in a separate window run radpwtst to verify correct operation
>
> 6. then run VPN tests to PPTP
>
> At all stages check the trace 4 debug from Radiator so you can see
> what is happening.
>
> hope this helps
>
> regards
>
> Hugh
>
>
>
> On 29 Jul 2005, at 14:42, number_one at attglobal.net wrote:
>
>
>> Yes,
>> I've tried it but still have problems getting authenticated.
>>
>> I said that wrong user id and password, but I'm sure I've put the
>> right one.
>> No documents for newbies on the net about how to configure freeradius
>> correctly.
>> And I've download radiator manual and cannot find the clues either.
>> I'm new in this stuff, and I need step by step guide to make it
>> running.
>> Can Radiator provide it?
>> It was very easy in configuring windows 2003 VPN to authenticate with
>> windows radius (IAS) and also complete guide to make it happens.
>> I've done it not more than 1 hour to configure it correctly using
>> step by
>> step guide from microsoft webpage.
>>
>> But it is very hard to make pptpd authenticate through Radiator or  
>> any
>> linux based radius, because lacks of documents for newbies like
>> me ... :(
>>
>> Chairul
>>
>>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> -- 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>


NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list