>>>>> "Alan" == Alan DeKok <[EMAIL PROTECTED]> writes:
>> ok by MS-CHAPv2, but MPPE doesn't work, cisco's debug say: "MPPC: >> no encryption keys available, disabling optional MPPE". Could >> someone say me, what's wrong? Alan> Without the debug log, no, we can't. Here is it: rad_recv: Access-Request packet from host 217.107.252.39:1645, id=195, length=163 Framed-Protocol = PPP User-Name = "volga" MS-CHAP-Challenge = 0x56097f617f039daee1abae53fc7b69fb MS-CHAP2-Response = 0x0200a644021227513c361df1e02d9b1ec2d70000000000000000de119b3c2d3e67a08c4a6d8488bb8f30abb2ac5e95ce5875 NAS-Port-Type = Virtual Cisco-NAS-Port = "Uniq-Sess-ID1017" NAS-Port = 1017 Service-Type = Framed-User NAS-IP-Address = 217.107.252.39 rad_lowerpair: User-Name now 'volga' rad_rmspace_pair: User-Name now 'volga' Processing the authorize section of radiusd.conf modcall: entering group authorize for request 29 modcall[authorize]: module "preprocess" returns ok for request 29 modcall[authorize]: module "chap" returns noop for request 29 rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = MS-CHAP' modcall[authorize]: module "mschap" returns ok for request 29 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 29 users: Matched volga at 946 users: Matched DEFAULT at 106 modcall[authorize]: module "files" returns ok for request 29 modcall: group authorize returns ok for request 29 rad_check_password: Found Auth-Type MS-CHAP auth: type "MS-CHAP" Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 29 rlm_mschap: Told to do MS-CHAPv2 for volga with NT-Password rlm_mschap: adding MS-CHAPv2 MPPE keys modcall[authenticate]: module "mschap" returns ok for request 29 modcall: group Auth-Type returns ok for request 29 Login OK: [volga] (from client vpn-1 port 1017) Sending Access-Accept of id 195 to 217.107.252.39:1645 Framed-Filter-Id += "billing.in" Session-Timeout = 900 Framed-IP-Address = 255.255.255.254 Framed-Protocol = PPP Service-Type = Framed-User MS-CHAP2-Success = 0x02533d41303645424441343636424543364533363931414345413945313042383830363432443634463545 MS-MPPE-Recv-Key = 0xacf70aae5a8f00777af15a1b6fe0606d MS-MPPE-Send-Key = 0x90a47bd168ebfc11af4d29b85443494d MS-MPPE-Encryption-Policy = 0x00000001 MS-MPPE-Encryption-Types = 0x00000006 Finished request 29 And cisco again said: "MPPC: no encryption keys available, disabling optional MPPE". -- DSS5-RIPE DSS-RIPN 2:550/[EMAIL PROTECTED] 2:550/[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] http://neva.vlink.ru/~dsh/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html