[pptp-server] RADIUS server support
James B. MacLean
macleajb at Trademart-1.EDnet.NS.CA
Thu Dec 16 20:30:55 CST 1999
Hi Ken,
I'm glad to see that I am not the only one venturing into radius land :).
On Thu, 16 Dec 1999, Ken Hilliard wrote:
> James,
> The Microsoft Internet Authentication Server (IAS) supports MS-CHAP v1 and
> v2. I also believe that Funk Software's Steel Belted Radius supports MS-CHAP
> v1.
Do you know of standard check keys? I made up my own for the chap response
and second challenge.
> Our company (Acotec) is working on a Java-based RADIUS server/proxy that we
> plan to add MS-CHAP authentication. One of the benefits of having RADIUS
> support for the PPTP server is that you can add other kinds of
> authentication packages. For example, we've added support for RSA's SecurID
> for PPTP, so that only user with a valid SecurID token will be allowed
> access.
Sounds great. I agree about radius opening more opportunity. The password
part seems to be my only hitch. My efforts have been only on v2. I
(probably incorrectly) understood v2 was needed for the 128bit stateless
encryption. I'm not convinced I am doing that great of a solution. At this
time I am returning the password in a reply pair that is used by pppd
natively to create the keys. Plus either you appear to need to store the
password in plain text, or keep the NThash password along with the md5 or
whatever else you keep. (Again maybe there is a better way :).
> Thanks for the info.
Thanks for letting me know I'm not completely off my mark trying to get v2
authentication against a radius server.
take care,
JES
--
James B. MacLean macleajb at ednet.ns.ca
Department of Education http://www.ednet.ns.ca/~macleajb
Nova Scotia, Canada
B3M 4B2
More information about the pptp-server
mailing list