(RADIATOR) Digipass, PPTP and MSCHAPV2
Clem Colman
clem at colmancomm.com
Fri Aug 12 00:19:50 CDT 2005
Hi All,
Have scoped a solution which I am now trying to implement.
Components:
Radiator running on Linux (installed from rpm 3.13).
AuthBy Digipass perl module (installed from rpm included in tarball).
Digipass GO3 tokens.
Snapgear SME530 which provides PPTP with Radius Auth and authentication
options of PAP, CHAP, MSCHAP, MSCHAPV2.
The basic concept of the idea is that users use Vasco/Digipass GO3
tokens to log into pptp on the snapgear. The snapgear authenticates
via radius and the world is good (because users don't use static
passwords for pptp).
Have Radiator installed fine, and authenticating using rapwdtst program
just fine.
However, when I try to authenticate via the snapgear, the packets come
through and I see the requests come through in the trace with the
MSCHAP challenge and the MSCHAPV2 response. All looks good, except
that authentication fails.
Doing a little bit of reading it seems to be the case that for the
authby digipass stuff to work it needs the password in plain text,
which is clearly not going to happen unless I go all the way down to
PAP (which I think breaks data encryption for pptp and hence is not
much of an option).
Am I missing something obvious here. Is there some way to make the
MSCHAP challenge and MSCHAPV2 reponse authenticate correctly using
Authby Digipass, or is this bird never going to fly?
The config file is basically the digipass sample from the goodies
directory.
Cheers,
Clem.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list