On Wed, May 23, 2012 at 01:42:56PM +0300, Ali Jawad wrote: > I got it to work "at least half way", I did change pptpd options from > > -chap > -mschap > +mschap-v2 > require-mppe > > TO > > +chap > +mschap > +mschap-v2 > #require-mppe
That's a lot of changes in one go (unless you tested each one individually). I'd check you've got the right entries in the microsoft dictionary for radiusclient (MS-MPPE-Send-Key, MS-MPPE-Recv-Key etc). For what it's worth, we got l2tp/ipsec working recently with radiusclient. The pppd options include: refuse-pap refuse-chap refuse-mschap require-mschap-v2 and you can connect from Windows just fine. No need for CHAP/MSCHAP, or to disable encryption. I'd imagine pptp is similar (albeit the final solution less secure - I don't believe anyone has recommended pptp for new deployments for at least the last five years). However, radiusclient and radius.so are, from what I can tell, ancient and seem in rather need of an overhaul. The dictionary support is nasty, compared to the recent dictionary format. I'm not sure who looks after them now, or if they are maintained. I've just found radiusclient-ng, which looks more recent, but have no experience of it. But this is all mildly off-topic for FreeRADIUS... Matthew -- Matthew Newton, Ph.D. <m...@le.ac.uk> Systems Architect (UNIX and Networks), Network Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ith...@le.ac.uk> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html