[pptp-server] External auth with MS-CHAPv2 and MPPE-128
lists at earthling.2y.net
lists at earthling.2y.net
Fri Apr 5 06:48:31 CST 2002
There is no way to really externally authenticate so that you can still
have mschapv2 and mppe. It is possible, with some coding, to auth against
a nt server, or without coding, auth against a database somewhere that is
storing ntlm hashes... the true easy option is to just run that NT SAM ->
smbpasswd program.
On Thu, 4 Apr 2002, Bo Byrd wrote:
> Does anyone know how to make a BSD or Linux POPTOP server externally
> authenticate users who are using MSCHAPv2 and MPPE? From what I
> understand the Portslave radius client cant do MSCHAPv2 or MPPE. LDAP
> would do I think but I don’t know how to build it inot POPTOP.
>
> Also I got the FreeBSD POPTOP working but users can never connect as
> stateless. I've specified that they should in the config file
> /etc/ppp/ppp.conf:
>
> pptp:
> load loop
> disable chap
> disable pap
> disable chap80
> deny chap
> deny pap
> ideny chap81
> enable chap81
> accept chap81
> set mppe 128 stateless
> #Authenticate against /etc/passwd
> ##enable passwdauth
> enable proxy
> accept dns
> # DNS Servers to assign client
> set dns 207.69.188.187 207.69.188.188
> # NetBIOS/WINS Servers to assign client
> # set nbns 192.168.0.15 192.168.0.16
> # set device !/etc/ppp/secure
>
> If anyone has seen this with BSD please let me know.
>
> Thanks,
> Bo
>
>
>
> -----Original Message-----
> From: pptp-server-admin at lists.schulte.org
> [mailto:pptp-server-admin at lists.schulte.org] On Behalf Of R. de Vroede
> Sent: Thursday, April 04, 2002 5:47 AM
> To: truin at enterprise.truin.com
> Cc: pptp-server at lists.schulte.org
> Subject: RE: [pptp-server] gre protocol not available - help!
>
>
> this is indeed somewhat of a firewall problem. It has something to do
> with entries in /proc/net/ip_conntrack. Haven't gotten to the bottom of
> it, but when you get it, there is allready some GRE connection (or
> history thereof) from the client or to the server. Wait until the entry
> is gone (5 to 10 mins I think), then you can make a new connection.
>
> Regards,
> Richard de Vroede
>
> On Thu, 2002-04-04 at 00:28, truin at enterprise.truin.com wrote:
> > IS your test computer behind a NAT'd firewall? I have the GRE
> > Protocol
> > Not Available error when my Win client is on a private IP being NAT'd
> > behind a linux firewall. Perhaps your situation is similar?
> >
> > -=Jason=-
> >
> >
> > On Wed, 3 Apr 2002, [Windows-1252] Örjan Johansson wrote:
> >
> > > I just looked through my .config file, and it says
> > > CONFIG_NET_IPGRE=y so the line in modules.conf is as vain as I
> > > suspected right? The utterly confusing thing is that once or twice
> > > I've got it working, without doing anything...... So why is the
> > > protocol not available 9 times out of ten? Any ideas at all?
> > >
> > > Cheers,
> > > Örjan
> > >
>
--
Justin Kreger, MCP MCSE CCNA
jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net
More information about the pptp-server
mailing list