[pptp-server] pptpd+chapms+radius
Dragos DOBRE
ddobre at deuroconsult.ro
Thu Jun 1 03:10:59 CDT 2000
James MacLean wrote:
>
> In auth.c I check to see if client!=NULL and server !=NULL. So I am trying
> to figure out where the mistake is :(. It should only actually try to
> contact the radius server when it has either a server or a client passwd.
but the chap part hasn't been yet passed! I mean the server doesn't
have the client-name yet! so pppd goes to radiusclient with NULL client
name!
> I have tried switching the pppd's client/server order of radius checking
> and some other switchies, but it does not show any delay contacting the
> radius server... :(.
well, there is NO delay. the problem is that when pppd goes up, prior to
send or wait
for LCP ConfReq auth chap it goes to radius server with NULL client!
> Hmm. It does contact the radius server to see if the machine has a valid
> entry
^^^^^^^ what machine? the server?
> to connect with the remote system (it's name field has a valid line
> to connect with the remotename) At this time it has only it's own machine
> and radius returns no passwd,
^^^^^^^^^^ , radius is not contacted. radiusclient tryies to contact
radserver
but it times-out since it doesn't pass the correct name (it passes
server=eris
in my case), and after 3 or 4 time-outs, the client ppp times
out...matter of
10xseconds or so.
May 31 18:02:55 eris pptpd[7322]: CTRL: Client 192.168.4.149 control
connection started
May 31 18:02:55 eris pptpd[7322]: CTRL: Starting call (launching pppd,
opening GRE)
May 31 18:02:55 eris pppd[7323]: client=NULL, server=eris, secret=NULL
May 31 18:02:55 eris pppd[7323]: client2=NULL, server=eris, secret=NULL
word=!nothing addrs=Ok
May 31 18:02:55 eris pppd[7323]: Trying Radius client=NULL, server=eris
devnam=/dev/pts/5
May 31 18:03:00 eris pppd[7323]: rc_send_server: no reply from RADIUS
server
eris.deuroconsult.ro:1812
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
May 31 18:03:00 eris pppd[7323]: S eris Return=-1, passwd=!nothing
May 31 18:03:00 eris pppd[7323]: client=NULL, server=eris, secret=NULL
May 31 18:03:00 eris pppd[7323]: HUH *
May 31 18:03:00 eris pppd[7323]: pppd 2.3.11 started by root, uid 0
May 31 18:03:00 eris pppd[7323]: Using interface ppp0
May 31 18:03:00 eris pppd[7323]: Connect: ppp0 <--> /dev/pts/5
May 31 18:03:00 eris pppd[7323]: client=eris, server=NULL,
secret=~D÷ÿ¿~H÷ÿ¿
May 31 18:03:00 eris pppd[7323]: client=eris, server=NULL, secret=NULL
May 31 18:03:00 eris pppd[7323]: client2=eris, server=NULL, secret=NULL
word=!nothing addrs=Ok
May 31 18:03:00 eris pppd[7323]: Trying Radius client=eris, server=NULL
devnam=/dev/pts/5
May 31 18:03:05 eris pppd[7323]: rc_send_server: no reply from RADIUS
server eris.deuroconsult.ro:1812
May 31 18:03:05 eris pppd[7323]: C eris Return=-1, passwd=!nothing
May 31 18:03:05 eris pppd[7323]: client=eris, server=NULL, secret=NULL
May 31 18:03:05 eris pppd[7323]: client=NULL, server=eris, secret=NULL
May 31 18:03:05 eris pppd[7323]: client2=NULL, server=eris, secret=NULL
word=!nothing addrs=Ok
May 31 18:03:05 eris pppd[7323]: Trying Radius client=NULL, server=eris
devnam=/dev/pts/5
May 31 18:03:10 eris pppd[7323]: rc_send_server: no reply from RADIUS
server eris.deuroconsult.ro:1812
May 31 18:03:10 eris pppd[7323]: S eris Return=-1, passwd=!nothing
May 31 18:03:10 eris pppd[7323]: client=NULL, server=eris, secret=NULL
May 31 18:03:10 eris pppd[7323]: HUH *
May 31 18:03:10 eris pptpd[7322]: CTRL: Ignored a SET LINK INFO packet
with real ACCMs!
May 31 18:03:10 eris pppd[7323]: client=mambo, server=eris, secret=
May 31 18:03:10 eris pppd[7323]: client2=mambo, server=eris, secret=
word=!nothing addrs=Ok
May 31 18:03:10 eris pppd[7323]: Trying Radius client=mambo, server=eris
devnam=/dev/pts/5
May 31 18:03:11 eris pppd[7323]: User mambo:mambo
May 31 18:03:11 eris pppd[7323]: C mambo Return=1,
passwd=C264F2FACC6A4BEE0FC013C0BAF7B9CB
May 31 18:03:11 eris pppd[7323]: client=mambo, server=eris,
secret=C264F2FACC6A4BEE0FC013C0BAF7B9CB
May 31 18:03:11 eris pppd[7323]: MSCHAP peer authentication succeeded
for mambo
May 31 18:03:11 eris pppd[7323]: Cannot determine ethernet address for
proxy ARP
May 31 18:03:11 eris pppd[7323]: local IP address 10.10.10.1
May 31 18:03:11 eris pppd[7323]: remote IP address 10.10.10.201
> but since the function in auth.c does not
> end with and error, negotiation can proceed. Is this were you are seeing a
> stall?
yes, i think this is the weak-part !
> > i made it work reducing the retries-number and time-out in
> > radiusclient.conf
>
> I'd like to see if I can understand this better. You are getting a timeout
> in that initial radius connect? I do not think I am seeing it happen here.
ok, may I kindly ask you to pass me the whole source tree for your
implementation
of pppd+xtradius+radiusclient and i'll compile them on my system
and see if we have the same-code.
> What I do see is that pptp connects (Linux PPTP) take forever to complete
> with the chap requests ping-ponging back and forth over the GRE, but the
> Windows connects are fast.
no, the chap requests aren't the problem here.
i will compile them againg, clear the logs,
upgrade my kernel to 2.2.15 and then try again.
after that i'll send you all the logs.maybe all toghether we can
figure-out what's happening.
> I'd like to see it smoothen out :).
well, me too :)
> Thanks for all the feedback.
10k thanks for your help.
> JES
> --
> James B. MacLean macleajb at ednet.ns.ca
respect,
--
Dragos Adrian DOBRE
Network Systems Specialist
Deuroconsult Brasov, Romania
More information about the pptp-server
mailing list