Hi Hugh, The "NAS" in this case is a Windows 2000 (VPN) Server - 2 of them infact. Any ideas what should be added to the access-replies in this case? I have tried the two you suggested but no change. Now the VPN connection returns with a "Your credentials have failed remote network authentication. Enter a user name and password with access to the remote network domain. This dialog box requests repeatedly that I re-enter my user name, password and possibly a domain. After about 3 tries it terminates with a user name or password invalid error message. Am I missing something about MSCHAPv2 or is there an extra entry I need to make to the Client definitions for Windows clients or something that needs to be added to the standard dictionary? Finally, is there anybody that has implemented a similar setup - radiator on a Linux (RedHat7.2) box with Windows 2000 VPN server set to use MSCHAPv2 for authentication?
Regards, Tunde I. ----- Original Message ----- From: "Hugh Irvine" <[EMAIL PROTECTED]> To: "Tunde Itayemi" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, May 15, 2002 1:34 AM Subject: Re: Fw: (RADIATOR) MS-CHAP v2 killing radiusd > > Hello Tunde - > > Thanks for sending the files. > > The logfile shows that the access requests are being accepted, however I > suspect the problem now is that you must specify some reply attributes in the > access accept so that the NAS can set up a session. I suspect you will need > at least something like this: > > AddToReply Service-Type = Framed-User, \ > Framed-Protocol = PPP, \ > ..... > > As far as these messages are concerned: > > Mon May 13 21:20:27 2002:1021328427:mikem:UNKNOWN-MS-CHAP-V2:fred:PASS > > they are normal. The "UNKNOWN-MS-CHAP-V2" simply means that the password in > the request itself is unknown because it cannot be decrypted. The "PASS" > indicates that the password checking has succeeded. > > regards > > Hugh > > > On Tue, 14 May 2002 18:27, Tunde Itayemi wrote: > > Hi Hugh, > > > > Hope you haven't turned in yet - all the way from Nigeria! > > The first successful login for the user adefolum had the > > PAP, CHAP and MSCHAPv1 checked on the VPN client's connection. > > > > The unsuccessful logins had only MSCHAPv2 checked (for one) and all > > authentication methods checked for the second. They both gave the Error 778 > > message below. > > I have also included the password.log file - notice the > > "UNKNOWN-MS-CHAP-V2" that is placed in the file in the place of passwords > > sent to radiator by the client. > > > > Tunde I. > > > > ----- Original Message ----- > > From: "Hugh Irvine" <[EMAIL PROTECTED]> > > To: "Tunde Itayemi" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > > Cc: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> > > Sent: Tuesday, May 14, 2002 12:02 AM > > Subject: Re: Fw: (RADIATOR) MS-CHAP v2 killing radiusd > > > > > Hello Tunde - > > > > > > It would be most helpful if you could send me a copy of your > > > configuration file, a complete trace 4 debug from Radiator showing what > > > is going on, and > > > > a > > > > > description of the hardware/software system that you are running. > > > > > > If Radiator is sending an access accept back in response to the initial > > > request, then it is likely that you need some additional reply > > > attributes. > > > > > > regards > > > > > > Hugh > > > > > > On Tue, 14 May 2002 06:32, Tunde Itayemi wrote: > > > > ----- Original Message ----- > > > > From: Tunde Itayemi > > > > To: Tunde Itayemi > > > > Sent: Monday, May 13, 2002 8:38 PM > > > > Subject: Re: (RADIATOR) MS-CHAP v2 killing radiusd > > > > > > > > > > > > Hi all, > > > > new development - I downloaded SHA perl module and installed it. Now, > > > > the > > > > > > radiusd does not crash anymore but I can't get it to authenticate with > > > > MSCHAPv2. I get the message below when I do a VPN to my radius server: > > > > > > > > Verifying username and password... > > > > Error 778: It was not possible to verify the identity of the server. > > > > > > > > Also, I noticed that the logfile states that radiator is sending > > > > access-accept packets to the NAS (windows 2K server) and yet, I keep > > > > getting the message above on the test client. Bu the password.log gives > > > > messages of the form: > > > > > > > > Mon May 13 21:20:27 2002:1021328427:mikem:UNKNOWN-MS-CHAP-V2:fred:PASS > > > > > > > > Any ideas about all these discrepancies? > > > > > > > > Tunde I. > > > > ----- Original Message ----- > > > > From: Tunde Itayemi > > > > To: Tichahleyi Mpofu > > > > Cc: [EMAIL PROTECTED] ; Mike McCauley > > > > Sent: Monday, May 13, 2002 8:03 PM > > > > Subject: Re: (RADIATOR) MS-CHAP v2 killing radiusd > > > > > > > > > > > > Hi, > > > > > > > > I downloaded the Digest-MD4-1.1.tar.gz and installed it. Have you > > > > actually authenticated a user with MS CHAP v2? > > > > Also, with all the CHAP variants, I get something in the nature of > > > > > > > > Mon May 13 18:49:44 2002:1021319384:oan:UNKNOWN-MS-CHAP::FAIL > > > > > > > > Note that it could not decode the password sent to it by the client. > > > > By the way, do you have the Digest-SHA perl module installed? I get > > > > the > > > > > > error below when I test radiator with radpwtst with the mschap2 switch > > > > e.g., radpwtst -mschapv2 -user mikem -password fred -nas_ip_address > > > > 192.160.0.4 > > > > > > > > Can't locate SHA.pm in @INC (@INC contains: . > > > > /usr/lib/perl5/5.6.0/i386-linux /u sr/lib/perl5/5.6.0 > > > > /usr/lib/perl5/site_perl/5.6.0/i386-linux /usr/lib/perl5/site > > > > _perl/5.6.0 > > > > > > /usr/lib/perl5/site_perl .) at /usr/lib/perl5/site_perl/5.6.0/Radius > > > > /MSCHAP.pm line 131. > > > > > > > > where can I get a "working" SHA perl module - assuming it is the > > > > cause > > > > of > > > > > > my problems? The one I downloaded from CPAN refuse to install > > > > (Digest-SHA1-2.01.tar.gz) > > > > > > > > Hope to hear from you soon. > > > > Regards, > > > > Tunde I. > > > > ----- Original Message ----- > > > > From: Tichahleyi Mpofu > > > > To: Tunde Itayemi > > > > Sent: Monday, May 13, 2002 6:22 PM > > > > Subject: Re: (RADIATOR) MS-CHAP v2 killing radiusd > > > > > > > > > > > > i installed MD4 perl module and it worked for me. > > > > Regards > > > > Tich > > > > > > > > ----- Original Message ----- > > > > From: Tunde Itayemi > > > > To: Mike McCauley > > > > Cc: [EMAIL PROTECTED] ; [EMAIL PROTECTED] > > > > Sent: Monday, May 13, 2002 5:48 PM > > > > Subject: (RADIATOR) MS-CHAP v2 killing radiusd > > > > > > > > > > > > Hi Mike, Hugh and All, > > > > > > > > I found out through trial and error that it is MS CHAP v2 that is > > > > killing the radius server. According to you - support for it has been > > > > added > > > > > > since last year. Is there a bug in there? I have installed MD4 perl > > > > module. > > > > > > I have also tried downloading the file Radiator-3.0.tgz at your > > > > site, > > > > > > extracting just the AuthGeneric file and using it to replace the > > > > original > > > > > > one installed by the RPM but it had no effect? > > > > > > > > What is responsible? That is what is stopping me from taking > > > > radiator > > > > > > live! > > > > > > > > Hope to hear from you really soon. > > > > > > > > Regards, > > > > Tunde I. > > > > > > -- > > > Radiator: the most portable, flexible and configurable RADIUS server > > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > > > - > > > Nets: internetwork inventory and management - graphical, extensible, > > > flexible with hardware, software, platform and database independence. > > > === > > > Archive at http://www.open.com.au/archives/radiator/ > > > Announcements on [EMAIL PROTECTED] > > > To unsubscribe, email '[EMAIL PROTECTED]' with > > > 'unsubscribe radiator' in the body of the message. > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > - > Nets: internetwork inventory and management - graphical, extensible, > flexible with hardware, software, platform and database independence. > === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.