Mark H. Mabry wrote:
Hi,
I'm trying to connect to my work's WinNT RAS server. During initial
negotiations between the machines, I get this problem with the CHAP
authentication:
How surprising (but read on).
Jan 16 09:44:36 crimson pppd[18696]: sent [LCP ConfReq id=0x1 mru 1500
asyncmap 0x0 magic 0x9951290e pcomp accomp]
Jan 16 09:44:36 crimson pppd[18696]: rcvd [LCP ConfReq id=0x0 asyncmap 0x0
auth chap msoft magic 0x420 pcomp accomp]
Jan 16 09:44:36 crimson pppd[18696]: sent [LCP ConfRej id=0x0 auth chap
msoft
]
Jan 16 09:44:36 crimson pppd[18696]: rcvd [LCP ConfAck id=0x1 mru 1500
asyncmap 0x0 magic 0x9951290e pcomp accomp]
Jan 16 09:44:36 crimson pppd[18696]: rcvd [LCP TermReq id=0x1 00 00 02 dc]
Jan 16 09:44:36 crimson pppd[18696]: sent [LCP TermAck id=0x1]
Looks to me like my machine is rejecting the request to use Microsoft CHAP
authentication. Is that correct? Has anyone else seen this?
This is indeed correct. I believe the latest HAMM ppp package includes support
for
ms-chap. If you like to run stable software though and still have bo (I do) then
there *is* a solution. If you're using the RAS which came with NT 4.0 (even if
you
have Service Pak 3) NT you may have to get into the registry. But first you can
try
the following. You need to set your ppp options so that pap authentication is
possible. I use something like the following command line:
/usr/sbin/pppd /dev/ttyS0 38400 user DOMAIN\\username crtscts lock modem connect
/usr/sbin/chat -v -t 120 ABORT BUSY ABORT 'NO CARRIER' '' ATZ OK ATE0V1 OK
ATDT555-1212 CONNECT
Note that I use DOMAIN\\username for the 'user' parameter because I'm logging
into
an NT box that wants me to log on as a domain user. If your user is defined
locally
then you don't need to DOMAIN\\ part. You will also need to add your password to
the /etc/ppp/pap-secrets file.
You'll need a line like:
DOMAIN\\user * password
When you dial in thus to the NT box you'll get logs like:
Jan 14 17:19:20 chilin pppd[22286]: sent [LCP ConfReq id=0x1 mru 1500 magic 0
xf2c0d760 pcomp accomp]
Jan 14 17:19:21 chilin pppd[22286]: rcvd [LCP ConfReq id=0x0 asyncmap 0x0 aut
h chap msoft magic 0x7f95 pcomp accomp]
Jan 14 17:19:21 chilin pppd[22286]: sent [LCP ConfNak id=0x0 auth pap]
Jan 14 17:19:21 chilin pppd[22286]: rcvd [LCP ConfAck id=0x1 mru 1500 magic 0
xf2c0d760 pcomp accomp]
Jan 14 17:19:21 chilin pppd[22286]: rcvd [LCP ConfReq id=0x1 asyncmap 0x0 aut
h pap magic 0x7f95 pcomp accomp]
Note how this time the client ConfNak's, suggesting instead auth pap? That's the
stuff you're after. If this doesn't work, you probably have to modify the
registry
on the NT box to effectively disable ms-chap. Start up regedt32 and go to
\\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RasMan\PPP. There you'll
see
two values, ForceEncryptedPassword and ForceStrongEncryption. Set them both to
zero. Then try again. If that doesn't do the trick. Go back to the same spot in
the
registry. There should be a subkey there called CHAP. Delete the whole subkey.
Then
try again. Make sure you stop/start the RAS service after you change settings in
the registry. This should work. Note that there is an article in the M$
Knowledge
Base. You should look it up on their web page for more in depth info on the
problem.
I'm using ppp-2.2.0f-23, and kernel v2.0.27.
Thanks,
--
Mark Mabry
[EMAIL PROTECTED]
PGP public key on web page
Part 1.2 Type: application/pgp-signature
--
Jens B. Jorgensen
[EMAIL PROTECTED]
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to
[EMAIL PROTECTED] .
Trouble? e-mail to [EMAIL PROTECTED] .
