Greetings,
I'm having trouble getting CHAP to authenticate encrypted (DES 56-bit) secrets
with a remote host. I'm running kernel 2.0.36, pppd 2.3.5, diald 0.16, and chat
1.17, from the redhat 5.2 package.
My system simply creates a diald/FIFO for each remote host a user can connect
to. When a user selects a site, I force up the appropriate diald, all of which
use CHAP (PAP is not an option). The remote sites (NT box or cisco router), all
connect flawlessly, save those sites that require me to use encryption. None of
the remote hosts are using anything older than MD4, with most using MD5, and
none using the old ms-lanmanager stuff ('MS-CHAP 80' I think?). I have read
conflicting postings that the encryption seed is 5h for both microsoft and
linux, and also that the seed is 80h for microsoft and 5h for linux. ?.
Hopefully the following dumps will help. I would appreciate any suggestions
from the group.
Thanks to all for your time!
--------------------------------------
A sample diald config file for a site:
--------------------------------------
mode ppp
lock
device /dev/ttyR0
device /dev/ttyR1
device /dev/ttyR2
device /dev/ttyR3
device /dev/ttyR4
device /dev/ttyR5
device /dev/ttyR6
device /dev/ttyR7
accounting-log /var/log/diald/diald.xterm6
fifo /var/adm/diald.xterm6
connect /etc/diald/chat.xterm6
speed 115200
modem
crtscts
reroute
local ###.###.###.###
remote ###.###.###.###
# My filter file simply contains "ignore any any"...
include /usr/lib/diald/standard.filter
----------------------
Here's my chat script:
----------------------
#!/bin/sh
# PPP connection script for 'Remote_Host:00052'
PHONE_NUMBER="###,#######"
SITE_NAME="xterm6"
. /etc/diald/chat.dialer.ppp
-------------------------------
Here's my chat.dialer.ppp file:
-------------------------------
MODEM_INIT="ATZ&C1&D2%C0"
# Pass a message on to diald and the system logs.
function message () {
[ $FIFO ] && echo "message $*" >$FIFO
logger -p local2.info -t connect "$*"
}
message "Modem device is $MODEM"
# Initialize the modem. Usually this just resets it.
message "Init Modem for PPP connection."
chat TIMEOUT 20 "" $MODEM_INIT TIMEOUT 60 OK ""
ERRCODE=$?
if [ $ERRCODE != 0 ]; then
message "Failed to initialize modem: $ERRCODE"
exit 1
fi
# Dial the remote system.
>/var/log/diald.$SITE_NAME.connect
message "Dialing $PHONE_NUMBER"
chat -r /var/log/diald.$SITE_NAME.connect \
REPORT CONNECT \
TIMEOUT 45 \
ABORT "NO CARRIER" \
ABORT BUSY \
ABORT "NO DIALTONE" \
ABORT ERROR \
"" ATDT$PHONE_NUMBER \
CONNECT ""
ERRCODE=$?
case $ERRCODE in
0) message "$(cat /var/log/diald.$SITE_NAME.connect)";;
1) message "Chat Error"; exit 1;;
2) message "Chat Script Error"; exit 1;;
3) message "Chat script timed out"; exit 1;;
4) message "No Carrier detected"; exit 1;;
5) message "Line is busy"; exit 1;;
6) message "No DialTone detected"; exit 1;;
7) message "Modem Error"; exit 1;;
*) message "Unknown error: $ERRCODE";exit 1;;
esac
sleep 2
message "Starting network layer."
---------------------------
Here's my ppp options file:
(I've also tried the "auth" switch with the same results of course)
---------------------------
lock
noipdefault
asyncmap 0
debug
-------------------------------
And here's a dump from the log:
-------------------------------
Sep 11 13:29:26 vasalr02misge connect: Init Modem for PPP connection.
Sep 11 13:29:27 vasalr02misge connect: Dialing ###,#######
Sep 11 13:29:51 vasalr02misge connect: chat: Sep 11 13:29:51 CONNECT 115200
Sep 11 13:29:53 vasalr02misge connect: Starting network layer.
Sep 11 13:29:53 vasalr02misge diald[597]: Running pppd (pid = 1137).
Sep 11 13:29:53 vasalr02misge pppd[1137]: pppd 2.3.5 started by root, uid 0
Sep 11 13:29:53 vasalr02misge pppd[1137]: Using interface ppp0
Sep 11 13:29:54 vasalr02misge pppd[1137]: Connect: ppp0 <--> /dev/ttyR0
Sep 11 13:30:00 vasalr02misge pppd[1137]: No CHAP secret found for
authenticating us to dcl-210c-3f1-gw
Sep 11 13:30:00 vasalr02misge pppd[1137]: Remote message: MD/DES compare failed
Sep 11 13:30:00 vasalr02misge pppd[1137]: CHAP authentication failed
Sep 11 13:30:00 vasalr02misge pppd[1137]: LCP terminated by peer
Sep 11 13:30:01 vasalr02misge pppd[1137]: Hangup (SIGHUP)
Sep 11 13:30:01 vasalr02misge pppd[1137]: Modem hangup
Sep 11 13:30:01 vasalr02misge pppd[1137]: Connection terminated.
Sep 11 13:30:02 vasalr02misge pppd[1137]: Exit.
Sep 11 13:30:03 vasalr02misge diald[597]: Delaying 30 seconds before clear to
dial.
Sep 11 13:30:08 vasalr02misge diald[597]: FIFO: Unforce request received.
Sep 11 13:30:08 vasalr02misge diald[597]: FIFO: Link down request received.
__________________________________________________
Brady C. Flax
Programmer/Analyst
Genesys Consulting Services c/o
General Electric Industrial Systems
215 Maple Street
Salem, VA 24153
Phone: (540)378-3378, Dial Comm: 244-3378
Fax: (540)378-3230
E-mail: [EMAIL PROTECTED]
"I ain't got time to bleed" Jesse Ventura as 'Blain' in Predator
-
To unsubscribe from this list: send the line "unsubscribe linux-ppp" in
the body of a message to [EMAIL PROTECTED]
