[pptp-server] pptpd+chapms+radius

Dragos DOBRE ddobre at deuroconsult.ro
Wed May 31 10:33:25 CDT 2000

I think I have pinned the bug :)

the normal sequence would be (correct me if I am wrong)

user dials to pptp server
pptp daemon sees incoming call,
fires up the ppp daemon
pppd sends  [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap...
client agrees, passes the username/passwd to server
pppd using radiusclient contacts radius server,
radiusserver verifies the client in mysql, auths the client

Trying Radius client=mambo, server=eris devnam=/dev/pts/5
User mambo:mambo
C mambo Return=1, passwd=C264F2FACC6A4BEE0FC013C0BAF7B9CB
client=mambo, server=eris, secret=C264F2FACC6A4BEE0FC013C0BAF7B9CB
ChapReceiveResponse: rcvd type MS-CHAP-V1
sent [CHAP Success id=0x1 "Welcome to eris."]

the client logs in.

this is the normal sequence.

instead, it goes like this:

user dials to pptp server
pptp daemon sees incoming call,
fires up the ppp daemon
and pppd using radiusclient tries to contact radius server
with NULL passwd and NULL username,
because the LCP ConfReq auth chap hasn't been sent yet.
radiusclient time-out (after the value in radiusclient.conf)
ppp times out on the client
the server finally sends auth chap LCP
but the connection is closed.

so, it seems that the problem is that when pppd starts on server,
it first tries to contact radius instead on trying to negociate chap or
anything else.

i made it work reducing the retries-number and time-out in

so, i would help anyone who wants to patch the existing code
in order to make this function correctly.

tnx for all the advises received

Dragos Adrian DOBRE
Network Systems Specialist
Deuroconsult Brasov, Romania

More information about the pptp-server mailing list