[pptp-server] NT Authentication
Charlie Brady
charlieb at e-smith.com
Thu Dec 20 22:56:37 CST 2001
On Thu, 20 Dec 2001, Cowles, Steve wrote:
> Thats what I do... I run a masq'd NT based PPTP server behind my linux based
> firewall. I hate to admit it (I'd prefer a linux solution) but until PoPToP
> (really pppd) can authenticate against an NT PDC, it makes no sense to
> maintain and synchronize separate user/password data in chap-secrets.
Then you are SOL. Here's microsoft's description of M$CHAPv2:
http://www.microsoft.com/windows2000/en/server/help/default.asp?url=/windows2000/en/server/help/sag_RASS_MSCHAPv2.htm
You are a PoPToP server. Consider yourself an active relay agent between
the RAS (PDC) and the client. You don't know the plaintext password or the
NT hash of the password of the client. You need that hash to set up
encryption for the PPTP link. You also need that hash to authenticate the
client against the PDC. What are you to do?
--
Charlie Brady charlieb at e-smith.com
Lead Product Developer
Network Server Solutions Group http://www.e-smith.com/
Mitel Networks Corporation http://www.mitel.com/
Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739
More information about the pptp-server
mailing list