[pptp-server] PATCHES to allow MS-Chap v2 auth using Xtradius
James MacLean
macleajb at EDnet.NS.CA
Tue May 16 13:04:52 CDT 2000
Hi Folks,
Second in the series of hacks to get MSChap v2 authentication out of
chap-secrets and into somewhere easier to maintain :). Uses MySQL via 2
simplistic perl scripts to add/modify users and access rules.
No, this is not for the pizza :(.
Please find for your development pleasure a combination of patches and
scripts at :
http://www.ednet.ns.ca/~macleajb/chap_crap-0.2.tgz
The README is brief. The chances of cleanly installing it at this time are
probably not above 60%. But don't let that stop you.
When working, it will allow you to run a modified pppd which will use an
xtradius server to get the NtHash password and use it for authentication.
It will also send accounting start/stop to the server which can be used to
setup filter rules, etc...
It also includes the smbpasswd patches from the first effort.
It still uses the rule that if a password is 32 bytes, it will use it as
an NtHash password.
The communication with the radius server is not the right way to do it.
The authenticate request call always succeeds if the user exists and then
returns with the NtHash in a CALLBACK response pair. I believe the more
correct method would have been to send to the radius server a
challenge/response and if valid return the same, but I took the short cut
to see if I could get something working.
One benefit of these patches/scripts is that it allows you to authorize
access to only specific resources by making the accounting start/stop
procedures of Xtradius build filters from the rules stored in a database.
This system expects to give each user their own IP at this time.
Later,
JES
--
James B. MacLean macleajb at ednet.ns.ca
Department of Education http://www.ednet.ns.ca/~macleajb
Nova Scotia, Canada
B3M 4B2
More information about the pptp-server
mailing list