[pptp-server] mschap-v2 auth against en-hashed secrets

R. de Vroede r.devroede at linvision.com
Mon Jun 17 05:55:11 CDT 2002 

First of all, thank you for the feedback. You're the first.

The SMB authentication incorporated in that RPM is in testphase.
chap-secrets containing the hex-string is definately not the way it
was meant to be. So offcourse that doen't work. The code looks for the
&/etc/samba/smbpasswd string and then should do SMB auth. Maybe it still
looks for /etc/smbpasswd (RH6.2). It was a quick and dirty of an old
patch. I will look into it when I have the time.

Thanks again. I'll post change to this list.

Regards,
Richard


On Mon, 2002-06-17 at 12:33, Jim Bowen wrote:
> Well, I tried your RPM, but no luck :(
> 
> With chap-secrets containing the plain-text secret, it works perfectly.
> 
> With chap-secrets containing the hex string lifted from smbpasswd, I get a
> segfault.
> 
> With chap-secrets containing &/etc/samba/smbpasswd, I get an authentication
> fail message, but the access time stamp on /etc/samba/smbpasswd is not
> updated, so it doesn't appear to be reading the file?
> 
> I've even tried moving the smbpasswd file to /etc/smbpasswd and opening up
> the access rights to it (eep), but no change.
> 
> My options.pptpd file has
> 
> 
> 
> lock
> 
> ## turn pppd syslog debugging on
> debug
> 
> ## change 'pptpd' to whatever you specify as your server name in
> chap-secrets
> name pptpd
> 
> auth
> require-chap
> proxyarp
> -chap
> -chapms
> +chapms-v2
> mppe-40
> mppe-128
> mppe-stateless
> ms-wins 192.168.1.7
> ms-dns 192.168.1.1
> 
> 
> Am I missing something obvious?
> 
> Thanks
> 
> Jim
> 
> 
> 
> -----Original Message-----
> From: R. de Vroede [mailto:r.devroede at linvision.com] 
> Sent: 07 June 2002 10:06
> To: Jim Bowen
> Cc: 'pptp-server at lists.schulte.org'
> Subject: Re: [pptp-server] mschap-v2 auth against en-hashed secrets
> 
> There is a patch out there for ppp to authenticate against Samba.
> If you use RedHat 7.x, you're in luck. You can use my test RPM on
> http://devel.linvision.com/source/ppp.html
> 
> Regards,
> Richard de Vroede
> 
> 
> On Thu, 2002-06-06 at 16:15, Jim Bowen wrote:
> > Hi,
> >  
> > Does anyone know of a way to get ppp to auth against either a separate NT
> > (or samba) server, or against NT password hashes instead of plaintext
> > passwords in the /etc/ppp/chap-secrets file.
> >  
> > I tried the obvious one of just putting the LM hash into the secret field
> > (works with unix-crypt in pap-secrets), but all I got for that was a
> > segfault :(
> >  
> > Our domain controller is on NT, but I've managed to convince everyone to
> run
> > the VPN server on linux instead, using PoPtoP (great app), but I don't
> like
> > keeping plaintext secrets on a server that has an internet connection. I'm
> > stuck with...um.... reverse-engineering their passwords at the moment,
> which
> > can take a couple of days for the better users :)
> >  
> >  
> > Jim
> > --
> > Email    :  <mailto:j.bowen at cyprotex.com> j.bowen at cyprotex.com
> > Tel        : 01625 505112
> > Fax       : 01625 505199
> >  
> > 
> > 
> > This E-Mail is sent in confidence for the addressee only.  Unauthorised
> recipients must preserve this confidentiality and should please advise the
> sender immediately by telephone (+44 (0)870 241 6492) and return the
> original E-Mail to the sender without taking a copy. Cyprotex has taken all
> reasonable precautions to ensure that no viruses are transmitted from
> Cyprotex to any third party.  Cyprotex accepts no responsibility for any
> loss or damage resulting directly or indirectly from the use of this E-Mail
> or the contents.
> -- 
> Richard de Vroede
> (r.devroede at linvision.com)
> ------------------------------------------------
> Linvision BV         Provides Linux Solutions
> Elektronicaweg 16D
> 2628 XG Delft
> T: +31157502310      info at linvision.com
> F: +31157502319      http://devel.linvision.com
> ------------------------------------------------
> 
> 
> ________________________________________________________________________
> This email has been scanned for all viruses by the MessageLabs SkyScan
> service. For more information on a proactive anti-virus service working
> around the clock, around the globe, visit http://www.messagelabs.com
> ________________________________________________________________________
> 
> This E-Mail is sent in confidence for the addressee only.  Unauthorised recipients must preserve this confidentiality and should please advise the sender immediately by telephone (+44 (0)870 241 6492) and return the original E-Mail to the sender without taking a copy. Cyprotex has taken all reasonable precautions to ensure that no viruses are transmitted from Cyprotex to any third party.  Cyprotex accepts no responsibility for any loss or damage resulting directly or indirectly from the use of this E-Mail or the contents.
-- 
Richard de Vroede
(r.devroede at linvision.com)
------------------------------------------------
Linvision BV         Provides Linux Solutions
Elektronicaweg 16D
2628 XG Delft
T: +31157502310      info at linvision.com
F: +31157502319      http://devel.linvision.com
------------------------------------------------

More information about the pptp-server mailing list