Dear John Horne, Can you send FreeRADIUS logs for the session which was started with MPPE but without MS-MPPE-Encryption-Policy/MS-MPPE-Encryption-Types?
--Friday, January 31, 2003, 3:03:46 PM, you wrote to [EMAIL PROTECTED]: JH> Hello, JH> I'm using freeradius 0.8.1 and pppd 2.4.b1 with the radius plugin, on a JH> couple of vpn servers. The recent cvs version of pppd accepts mppe JH> connections providing that the MS-MPPE-Recv or send key are seen. The JH> MS-MPPE-Encryption-Policy and MS-MPPE-Encryption-Types must also be seen. JH> In my radiusd.conf file the mschap modules has: JH> modules { JH> mschap { JH> authtype = MS-CHAP JH> use_mppe = yes JH> require_encryption = yes JH> require_strong = yes JH> } JH> As far as I can tell rom the freeradius code the 'require_encryption' will JH> cause the MS-MPPE-Encryption-Policy key to be added to the radius reply with JH> a value of 0x00000002, and the 'require_strong' will cause the JH> MS-MPPE-Encryption-Types to be added with 0x00000004. In that respect I JH> should not need to modify my 'users' file at all. JH> However, this sometimes seems to work but not other times. Why not? I JH> rebooted the vpn server, which runs radius locally. Trying to establish a JH> vpn connection the Policy and Types keys are not added and so the connection JH> fails. If I add to my default entry: JH> DEFAULT Auth-Type := Local JH> MS-MPPE-Encryption-Policy = 0x00000002, JH> MS-MPPE-Encryption-Types = 0x00000004 JH> Restart radius and it works - even for the actual entries in the users file JH> itself, not just the default entry. (The default entry causes a proxy to be JH> used to go off to an MS IAS server for authentication instead.) JH> So I am a bit confused about all this. Do I need to add the 2 key entries to JH> all the users explicitly mentioned in the 'users' file or can I just add JH> them to the DEFAULT entry and they will be added (automatically) to all the JH> radius replies? Should I have to enter them at all considering the mschap JH> module states to use strong encryption? JH> Thanks, JH> John. JH> ------------------------------------------------------------------------ JH> John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 JH> E-mail: [EMAIL PROTECTED] JH> PGP key available from public key servers JH> - JH> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- ~/ZARAZA Впрочем, важнее всего - алгоритм! (Лем) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html