[pptp-server] pptpd+chapms+radius

Dragos DOBRE ddobre at deuroconsult.ro
Thu Jun 1 03:10:59 CDT 2000 

James MacLean wrote:
> 

> In auth.c I check to see if client!=NULL and server !=NULL. So I am trying
> to figure out where the mistake is :(. It should only actually try to
> contact the radius server when it has either a server or a client passwd.


but the chap part hasn't been yet passed! I mean the server doesn't 
have the client-name yet! so pppd goes to radiusclient with NULL client
name! 

 
> I have tried switching the pppd's client/server order of radius checking
> and some other switchies, but it does not show any delay contacting the
> radius server... :(.


well, there is NO delay. the problem is that when pppd goes up, prior to
send or wait
for LCP ConfReq auth chap it goes to radius server with NULL client!

 
> Hmm. It does contact the radius server to see if the machine has a valid
> entry 
 ^^^^^^^ what machine? the server?

> to connect with the remote system (it's name field has a valid line
> to connect with the remotename) At this time it has only it's own machine
> and radius returns no passwd, 

^^^^^^^^^^ , radius is not contacted. radiusclient tryies to contact
radserver
but it times-out since it doesn't pass the correct name (it passes
server=eris
in my case), and after 3 or 4 time-outs, the client ppp times
out...matter of
10xseconds or so.

May 31 18:02:55 eris pptpd[7322]: CTRL: Client 192.168.4.149 control
connection started
May 31 18:02:55 eris pptpd[7322]: CTRL: Starting call (launching pppd,
opening GRE)
May 31 18:02:55 eris pppd[7323]: client=NULL, server=eris, secret=NULL
May 31 18:02:55 eris pppd[7323]: client2=NULL, server=eris, secret=NULL
word=!nothing addrs=Ok
May 31 18:02:55 eris pppd[7323]: Trying Radius client=NULL, server=eris
devnam=/dev/pts/5
May 31 18:03:00 eris pppd[7323]: rc_send_server: no reply from RADIUS
server 
eris.deuroconsult.ro:1812

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

May 31 18:03:00 eris pppd[7323]: S eris Return=-1, passwd=!nothing
May 31 18:03:00 eris pppd[7323]: client=NULL, server=eris, secret=NULL


May 31 18:03:00 eris pppd[7323]: HUH *
May 31 18:03:00 eris pppd[7323]: pppd 2.3.11 started by root, uid 0
May 31 18:03:00 eris pppd[7323]: Using interface ppp0
May 31 18:03:00 eris pppd[7323]: Connect: ppp0 <--> /dev/pts/5
May 31 18:03:00 eris pppd[7323]: client=eris, server=NULL,
secret=~D÷ÿ¿~H÷ÿ¿
May 31 18:03:00 eris pppd[7323]: client=eris, server=NULL, secret=NULL
May 31 18:03:00 eris pppd[7323]: client2=eris, server=NULL, secret=NULL
word=!nothing addrs=Ok
May 31 18:03:00 eris pppd[7323]: Trying Radius client=eris, server=NULL
devnam=/dev/pts/5
May 31 18:03:05 eris pppd[7323]: rc_send_server: no reply from RADIUS
server eris.deuroconsult.ro:1812
May 31 18:03:05 eris pppd[7323]: C eris Return=-1, passwd=!nothing
May 31 18:03:05 eris pppd[7323]: client=eris, server=NULL, secret=NULL
May 31 18:03:05 eris pppd[7323]: client=NULL, server=eris, secret=NULL
May 31 18:03:05 eris pppd[7323]: client2=NULL, server=eris, secret=NULL
word=!nothing addrs=Ok
May 31 18:03:05 eris pppd[7323]: Trying Radius client=NULL, server=eris
devnam=/dev/pts/5
May 31 18:03:10 eris pppd[7323]: rc_send_server: no reply from RADIUS
server eris.deuroconsult.ro:1812
May 31 18:03:10 eris pppd[7323]: S eris Return=-1, passwd=!nothing
May 31 18:03:10 eris pppd[7323]: client=NULL, server=eris, secret=NULL
May 31 18:03:10 eris pppd[7323]: HUH *
May 31 18:03:10 eris pptpd[7322]: CTRL: Ignored a SET LINK INFO packet
with real ACCMs!
May 31 18:03:10 eris pppd[7323]: client=mambo, server=eris, secret=
May 31 18:03:10 eris pppd[7323]: client2=mambo, server=eris, secret=
word=!nothing addrs=Ok
May 31 18:03:10 eris pppd[7323]: Trying Radius client=mambo, server=eris
devnam=/dev/pts/5
May 31 18:03:11 eris pppd[7323]: User mambo:mambo
May 31 18:03:11 eris pppd[7323]: C mambo Return=1,
passwd=C264F2FACC6A4BEE0FC013C0BAF7B9CB
May 31 18:03:11 eris pppd[7323]: client=mambo, server=eris,
secret=C264F2FACC6A4BEE0FC013C0BAF7B9CB
May 31 18:03:11 eris pppd[7323]: MSCHAP peer authentication succeeded
for mambo
May 31 18:03:11 eris pppd[7323]: Cannot determine ethernet address for
proxy ARP
May 31 18:03:11 eris pppd[7323]: local  IP address 10.10.10.1
May 31 18:03:11 eris pppd[7323]: remote IP address 10.10.10.201



> but since the function in auth.c does not
> end with and error, negotiation can proceed. Is this were you are seeing a
> stall?

yes, i think this is the weak-part !


 
> > i made it work reducing the retries-number and time-out in
> > radiusclient.conf
> 
> I'd like to see if I can understand this better. You are getting a timeout
> in that initial radius connect? I do not think I am seeing it happen here.


ok, may I kindly ask you to pass me the whole source tree for your
implementation
of pppd+xtradius+radiusclient and i'll compile them on my system
and see if we have the same-code.
 
> What I do see is that pptp connects (Linux PPTP) take forever to complete
> with the chap requests ping-ponging back and forth over the GRE, but the
> Windows connects are fast.


no, the chap requests aren't the problem here.

i will compile them againg, clear the logs,
upgrade my kernel to 2.2.15 and then try again.
after that i'll send you all the logs.maybe all toghether we can 
figure-out what's happening. 

> I'd like to see it smoothen out :).

well, me too :)

> Thanks for all the feedback.

10k thanks for your help.


> JES
> --
> James B. MacLean        macleajb at ednet.ns.ca


respect,
-- 
Dragos Adrian DOBRE
Network Systems Specialist
Deuroconsult Brasov, Romania

More information about the pptp-server mailing list