>actually to be perfectly precise, what is preferred is MSCHAPv2. this
>is the default in the PPTP VPN configuration so it provides the least
>disruption/tech support issues to the end-user.
but if msdun cannot handshake at mschapv2, it will try for mschapv1, chap
and pap in that order... if your pptp server allowed chap or pap
authentication, you have still a security implication...
Yes this is true. Hence your PPP configuration should require MSCHAPv2. it's a configuration setting. :)
if you stored it using NT hashed password you can use mschapv2... mschapv2
is using MD4 hashed password which is the standard NT hashed password
format...
forgive my ignorance in this case, as i haven't used windows-based server stuff for ages and i wasn't aware that NT hashed password could do this..
>in my case before, we had an existing radius configuration which stored
>passwords encrypted, hence we could not use MSCHAPv2. however
>if you're starting from scratch, it's not a big problem. i should have made
>this clear.
but still it is not an excuse not to use mschapv2 because you know the
tradeoff... since it is a prepaid card with new username/password to make..
you can make a separate database for that :->
in my case before, that was not the case, because we were extending our existing prepaid system (with tons of cards floating at the retailers) to WiFi. so no choice for me back then.
sorry but i cant tell the full details that will implicate my job... but it
is good to know that there is an existing setup like that for others to try
and find it out...
I see your point. however..
IN MY OPINION ONLY, if a solution consists solely of integrating existing open-source components, then the entity/person doing the integrating is not adding any value.
and so in the spirit of software libre, if providing a solution is THAT SIMPLE (i.e. just integrating existing F/OSS software) then the "correct" response to inquiries from others is not "I can't tell you more" but "use this package and this package, and you will be able to do it."
that's not spoon-feeding, that's pointing the questioner in the right direction.
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
