(RADIATOR) Make Radiator working with PPTPD
Chairul Anwar
number_one at attglobal.net
Thu Aug 4 21:52:41 CDT 2005
Hi,
Yes finally I can get connected.
But why this error comes out?
Fri Aug 5 09:25:28 2005: ERR: Attribute number 35 (vendor 311) is not
defined in your dictionary
Here's the whole log:
Fri Aug 5 09:25:28 2005: ERR: Attribute number 35 (vendor 311) is not
defined in your dictionary
Fri Aug 5 09:25:28 2005: ERR: Attribute number 34 (vendor 311) is not
defined in your dictionary
Fri Aug 5 09:25:28 2005: DEBUG: Packet dump:
*** Received from 202.135.145.185 port 3009 ....
Code: Access-Request
Identifier: 1
Authentic: r<247><142><186><208><12>U<153>1<202><188><236><183>><142><195>
Attributes:
Acct-Session-Id = "32"
NAS-IP-Address = 202.135.145.185
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 129
MS-RAS-Vendor = 311
MS-RAS-Version = "MSRASV5.20"
NAS-Port-Type = Virtual
Tunnel-Type = 0:PPTP
Tunnel-Medium-Type = 0:IP
Calling-Station-Id = "202.135.5.24"
Tunnel-Client-Endpoint = 202.135.5.24
User-Name = "sistelindo"
MS-CHAP-Challenge = <8><217><162>?u,<13>g1FO<19><150>)<249><150>
MS-CHAP2-Response =
<0><0><254><219><7>P<168><252><147>w<154>$<250><238>C<155><142>_<0><0><0><0>
<0><0><0><0><241><20>F<149><220><163>oyx&s?<170><139>l<1><176>I<188><250>Y<2
55>g<18>
Message-Authenticator =
<203><227><183><18>2<30><192><28>Q-[c<250>\<13>\
Fri Aug 5 09:25:28 2005: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Fri Aug 5 09:25:28 2005: DEBUG: Deleting session for sistelindo,
202.135.145.185, 129
Fri Aug 5 09:25:28 2005: DEBUG: Handling with Radius::AuthFILE:
Fri Aug 5 09:25:28 2005: DEBUG: Reading users file ./users
Fri Aug 5 09:25:28 2005: DEBUG: Radius::AuthFILE looks for match with
sistelindo
Fri Aug 5 09:25:28 2005: DEBUG: Radius::AuthFILE ACCEPT:
Fri Aug 5 09:25:28 2005: DEBUG: AuthBy FILE result: ACCEPT,
Fri Aug 5 09:25:28 2005: DEBUG: Access accepted for sistelindo
Fri Aug 5 09:25:28 2005: DEBUG: Packet dump:
*** Sending to 202.135.145.185 port 3009 ....
Code: Access-Accept
Identifier: 1
Authentic: r<247><142><186><208><12>U<153>1<202><188><236><183>><142><195>
Attributes:
MS-CHAP2-Success = "<0>S=FFB1C819B95DA7B39C78A71AF76D0DBA1E61B8F3"
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Netmask = 255.255.255.255
Framed-Routing = None
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
Fri Aug 5 09:25:30 2005: ERR: Attribute number 35 (vendor 311) is not
defined in your dictionary
Fri Aug 5 09:25:30 2005: ERR: Attribute number 34 (vendor 311) is not
defined in your dictionary
Fri Aug 5 09:25:30 2005: DEBUG: Packet dump:
*** Received from 202.135.145.185 port 3010 ....
Code: Accounting-Request
Identifier: 1
Authentic: ~<180><129><230>}}9<22><138><156>$"<24><149><183>x
Attributes:
Acct-Status-Type = Start
Acct-Delay-Time = 0
NAS-IP-Address = 202.135.145.185
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 129
MS-RAS-Vendor = 311
MS-RAS-Version = "MSRASV5.20"
NAS-Port-Type = Virtual
Tunnel-Type = 0:PPTP
Tunnel-Medium-Type = 0:IP
Calling-Station-Id = "202.135.5.24"
Tunnel-Client-Endpoint = 202.135.5.24
Acct-Session-Id = "32"
User-Name = "sistelindo"
Framed-IP-Address = 192.168.1.102
Framed-MTU = 1500
Acct-Multi-Session-Id = "1"
Acct-Link-Count = 1
Event-Timestamp = 1123208904
Acct-Authentic = RADIUS
MS-MPPE-Encryption-Types = 0
Fri Aug 5 09:25:30 2005: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Fri Aug 5 09:25:30 2005: DEBUG: Adding session for sistelindo,
202.135.145.185, 129
Fri Aug 5 09:25:30 2005: DEBUG: Handling with Radius::AuthFILE:
Fri Aug 5 09:25:30 2005: DEBUG: AuthBy FILE result: ACCEPT,
Fri Aug 5 09:25:30 2005: DEBUG: Accounting accepted
Fri Aug 5 09:25:30 2005: DEBUG: Packet dump:
*** Sending to 202.135.145.185 port 3010 ....
Code: Accounting-Response
Identifier: 1
Authentic: ~<180><129><230>}}9<22><138><156>$"<24><149><183>x
Attributes:
-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au]
Sent: Thursday, August 04, 2005 2:02 PM
To: Chairul Anwar
Cc: radiator at open.com.au
Subject: Re: (RADIATOR) Make Radiator working with PPTPD
Hello Chairul -
Thanks for the additional information - I think you are almost there.
As the debug message shows, to process MS-CHAPv2 you must install the
Digest-MD4 module (available from CPAN).
regards
Hugh
On 4 Aug 2005, at 16:41, Chairul Anwar wrote:
> Hi I've tried the following step:
>
> 1. configure VPN on my windows 2003 and authenticate using windows
> authentication.
> 2. test dial with VPN client on Windows 2000 using PAP, MS-CHAP and
> MS-CHAP
> V2, all of them successfully connected.
> 3. configure the VPN to authenticate to Radius using Internet
> Authentication
> Service (IAS) on windows 2003 and configure IAS to handle the VPN
> Server as
> its client.
> 4. test dial using PAP, MS-CHAP and MS-CHAP V2, all of them
> successfully
> connected.
> 5. configure radiator radius using step by step you've given (exept
> for vpn
> I'm using windows 2003 instead of pptpd)
> 6. running rudpwtest successful with simple.cfg
> 7. then I add in /etc/radiator/users:
> sistelindo User-Password=XXXXXX
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-IP-Netmask = 255.255.255.255,
> Framed-Routing = None,
> Framed-MTU = 1500,
> Framed-Compression = Van-Jacobson-TCP-IP
> 8. and I also add in /etc/radiator/radius.cfg:
> <Client 202.135.145.185>
> Secret XXXXXX
> DupInterval 0
> </Client>
> 9. Then I run radiusd as your instructions before.
> 10. I run my vpn client and found this error of radiator debug:
>
> Thu Aug 4 13:27:22 2005: ERR: Attribute number 35 (vendor 311) is not
> defined in your dictionary
> Thu Aug 4 13:27:22 2005: ERR: Attribute number 34 (vendor 311) is not
> defined in your dictionary
> Thu Aug 4 13:27:22 2005: DEBUG: Packet dump:
> *** Received from 202.135.145.185 port 3132 ....
> Code: Access-Request
> Identifier: 5
> Authentic:
> <244><225>G<176><177><148><194><216><218><250>fv<213><197><<159>
> Attributes:
> Acct-Session-Id = "34"
> NAS-Identifier = "MIKEM"
> NAS-IP-Address = 202.135.145.185
> Service-Type = Framed-User
> Framed-Protocol = PPP
> NAS-Port = 129
> MS-RAS-Vendor = 311
> MS-RAS-Version = "MSRASV5.20"
> NAS-Port-Type = Virtual
> Tunnel-Type = 0:PPTP
> Tunnel-Medium-Type = 0:IP
> Calling-Station-Id = "202.135.5.48"
> Tunnel-Client-Endpoint = 202.135.5.48
> User-Name = "sistelindo"
> MS-CHAP-Challenge =
> <143>wZ"<170><161><177><152><167><7><232><147><244><193>:<207>
> MS-CHAP2-Response =
> <0><0>!I<254><184>PoW<131><16>Q
> \<212><247><231><138><189><0><0><0><0><0><0><
> 0><0><198><157>F<16>3<178><135><198><134><19>3<220>i<207>W<172><188>k<
> 238><1
> 84>(/<228><157>
> Message-Authenticator =
> <155><158>sA<147>I<23>2<21><241><134><227><15><3>@A
>
> Thu Aug 4 13:27:22 2005: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Thu Aug 4 13:27:22 2005: DEBUG: Deleting session for sistelindo,
> 202.135.145.185, 129
> Thu Aug 4 13:27:22 2005: DEBUG: Handling with Radius::AuthFILE:
> Thu Aug 4 13:27:22 2005: DEBUG: Reading users file ./users
> Thu Aug 4 13:27:22 2005: DEBUG: Radius::AuthFILE looks for match with
> sistelindo
> Thu Aug 4 13:27:22 2005: ERR: Could not load Radius::MSCHAP to
> handle an
> MS-CHAP2 request: Can't locate Digest/MD4.pm in @INC (@INC contains: .
> /usr/lib/perl5/5.8.5/i386-linux-thread-multi /usr/lib/perl5/5.8.5
> /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi
> /usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi
> /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi
> /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi
> /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi
> /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
> /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl/5.8.4
> /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2
> /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0
> /usr/lib/perl5/site_perl
> /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi
> /usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi
> /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi
> /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi
> /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi
> /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi
> /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl/5.8.4
> /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2
> /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0
> /usr/lib/perl5/vendor_perl .) at
> /usr/lib/perl5/site_perl/5.8.5/Radius/MSCHAP.pm line 47.
> BEGIN failed--compilation aborted at
> /usr/lib/perl5/site_perl/5.8.5/Radius/MSCHAP.pm line 47.
> Compilation failed in require at
> /usr/lib/perl5/site_perl/5.8.5/Radius/AuthGeneric.pm line 631.
>
> Thu Aug 4 13:27:22 2005: DEBUG: Radius::AuthFILE REJECT: Bad Password
> Thu Aug 4 13:27:22 2005: DEBUG: AuthBy FILE result: REJECT, Bad
> Password
> Thu Aug 4 13:27:22 2005: INFO: Access rejected for sistelindo: Bad
> Password
> Thu Aug 4 13:27:22 2005: DEBUG: Packet dump:
> *** Sending to 202.135.145.185 port 3132 ....
> Code: Access-Reject
> Identifier: 5
> Authentic:
> <244><225>G<176><177><148><194><216><218><250>fv<213><197><<159>
> Attributes:
> Reply-Message = "Request Denied"
>
>
> Please let me know what happened, and how to solve this....
>
> Thank you.
>
>
> -----Original Message-----
> From: owner-radiator at open.com.au [mailto:owner-
> radiator at open.com.au] On
> Behalf Of Hugh Irvine
> Sent: Friday, July 29, 2005 2:21 PM
> To: number_one at attglobal.net
> Cc: radiator at open.com.au
> Subject: Re: (RADIATOR) Make Radiator working with PPTPD
>
>
> Hello Chairul -
>
> To get started with radius I suggest you read the RADIUS RFC's (doc/
> rfc2865.txt and doc/rfc2866.txt) and then read the Radiator reference
> manual (doc/ref.html). Then you can do some simple experiments with
> radpwtst (test utility) and goodies/simple.cfg.
>
> The steps involved for your application are as follows:
>
> 1. configure PPTP to do RADIUS authentication
>
> 2. configure PPTP radius to send radius requests to Radiator (IP
> address / UDP port number / shared secret)
>
> 3. configure Radiator starting with "goodies/simple.cfg" (Client
> clause to match point 2 above, Realm DEFAULT, AuthBy FILE)
>
> 4. run Radiator from the command line so you can see what is going on:
>
> perl radiusd -foreground -log_stdout -trace 4 -
> config_file .....
>
> 5. in a separate window run radpwtst to verify correct operation
>
> 6. then run VPN tests to PPTP
>
> At all stages check the trace 4 debug from Radiator so you can see
> what is happening.
>
> hope this helps
>
> regards
>
> Hugh
>
>
>
> On 29 Jul 2005, at 14:42, number_one at attglobal.net wrote:
>
>
>> Yes,
>> I've tried it but still have problems getting authenticated.
>>
>> I said that wrong user id and password, but I'm sure I've put the
>> right one.
>> No documents for newbies on the net about how to configure freeradius
>> correctly.
>> And I've download radiator manual and cannot find the clues either.
>> I'm new in this stuff, and I need step by step guide to make it
>> running.
>> Can Radiator provide it?
>> It was very easy in configuring windows 2003 VPN to authenticate with
>> windows radius (IAS) and also complete guide to make it happens.
>> I've done it not more than 1 hour to configure it correctly using
>> step by
>> step guide from microsoft webpage.
>>
>> But it is very hard to make pptpd authenticate through Radiator or
>> any
>> linux based radius, because lacks of documents for newbies like
>> me ... :(
>>
>> Chairul
>>
>>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list