[pptp-server] External auth with MS-CHAPv2 and MPPE-128

Bo Byrd byrdr at corp.earthlink.net
Thu Apr 4 12:41:50 CST 2002 

Does anyone know how to make a BSD or Linux POPTOP server externally
authenticate users who are using MSCHAPv2 and MPPE?  From what I
understand the Portslave radius client cant do MSCHAPv2 or MPPE.  LDAP
would do I think but I don’t know how to build it inot POPTOP.

Also I got the FreeBSD POPTOP working but users can never connect as
stateless.  I've specified that they should in the config file
/etc/ppp/ppp.conf:

pptp:
 load loop
 disable chap
 disable pap
 disable chap80
 deny chap
 deny pap
 ideny chap81
 enable chap81
 accept chap81
 set mppe 128 stateless
 #Authenticate against /etc/passwd
 ##enable passwdauth
 enable proxy
 accept dns
 # DNS Servers to assign client
 set dns 207.69.188.187 207.69.188.188 
 # NetBIOS/WINS Servers to assign client
# set nbns 192.168.0.15 192.168.0.16
# set device !/etc/ppp/secure

If anyone has seen this with BSD please let me know.

Thanks,
Bo



-----Original Message-----
From: pptp-server-admin at lists.schulte.org
[mailto:pptp-server-admin at lists.schulte.org] On Behalf Of R. de Vroede
Sent: Thursday, April 04, 2002 5:47 AM
To: truin at enterprise.truin.com
Cc: pptp-server at lists.schulte.org
Subject: RE: [pptp-server] gre protocol not available - help!


this is indeed somewhat of a firewall problem. It has something to do
with entries in /proc/net/ip_conntrack. Haven't gotten to the bottom of
it, but when you get it, there is allready some GRE connection (or
history thereof) from the client or to the server. Wait until the entry
is gone (5 to 10 mins I think), then you can make a new connection.

Regards,
Richard de Vroede

On Thu, 2002-04-04 at 00:28, truin at enterprise.truin.com wrote:
> IS your test computer behind a NAT'd firewall?  I have the GRE 
> Protocol
> Not Available error when my Win client is on a private IP being NAT'd 
> behind a linux firewall.  Perhaps your situation is similar?
> 
> -=Jason=-
> 
> 
> On Wed, 3 Apr 2002, [Windows-1252] Örjan Johansson wrote:
> 
> > I just looked through my .config file, and it says 
> > CONFIG_NET_IPGRE=y so the line in modules.conf is as vain as I 
> > suspected right? The utterly confusing thing is that once or twice 
> > I've got it working, without doing anything...... So why is the 
> > protocol not available 9 times out of ten? Any ideas at all?
> >  
> > Cheers,
> > Örjan
> > 
-- 
Richard de Vroede
(r.devroede at linvision.com)
------------------------------------------------
Linvision BV         Provides Linux Solutions
Elektronicaweg 16D
2628 XG Delft
T: +31157502310      info at linvision.com
F: +31157502319      http://devel.linvision.com
------------------------------------------------

_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
--- To unsubscribe, go to the url just above this line. --

More information about the pptp-server mailing list