[pptp-server] mschap-v2 auth against en-hashed secrets
Jim Bowen
j.bowen at CYPROTEX.com
Mon Jun 17 05:33:45 CDT 2002
Well, I tried your RPM, but no luck :(
With chap-secrets containing the plain-text secret, it works perfectly.
With chap-secrets containing the hex string lifted from smbpasswd, I get a
segfault.
With chap-secrets containing &/etc/samba/smbpasswd, I get an authentication
fail message, but the access time stamp on /etc/samba/smbpasswd is not
updated, so it doesn't appear to be reading the file?
I've even tried moving the smbpasswd file to /etc/smbpasswd and opening up
the access rights to it (eep), but no change.
My options.pptpd file has
lock
## turn pppd syslog debugging on
debug
## change 'pptpd' to whatever you specify as your server name in
chap-secrets
name pptpd
auth
require-chap
proxyarp
-chap
-chapms
+chapms-v2
mppe-40
mppe-128
mppe-stateless
ms-wins 192.168.1.7
ms-dns 192.168.1.1
Am I missing something obvious?
Thanks
Jim
-----Original Message-----
From: R. de Vroede [mailto:r.devroede at linvision.com]
Sent: 07 June 2002 10:06
To: Jim Bowen
Cc: 'pptp-server at lists.schulte.org'
Subject: Re: [pptp-server] mschap-v2 auth against en-hashed secrets
There is a patch out there for ppp to authenticate against Samba.
If you use RedHat 7.x, you're in luck. You can use my test RPM on
http://devel.linvision.com/source/ppp.html
Regards,
Richard de Vroede
On Thu, 2002-06-06 at 16:15, Jim Bowen wrote:
> Hi,
>
> Does anyone know of a way to get ppp to auth against either a separate NT
> (or samba) server, or against NT password hashes instead of plaintext
> passwords in the /etc/ppp/chap-secrets file.
>
> I tried the obvious one of just putting the LM hash into the secret field
> (works with unix-crypt in pap-secrets), but all I got for that was a
> segfault :(
>
> Our domain controller is on NT, but I've managed to convince everyone to
run
> the VPN server on linux instead, using PoPtoP (great app), but I don't
like
> keeping plaintext secrets on a server that has an internet connection. I'm
> stuck with...um.... reverse-engineering their passwords at the moment,
which
> can take a couple of days for the better users :)
>
>
> Jim
> --
> Email : <mailto:j.bowen at cyprotex.com> j.bowen at cyprotex.com
> Tel : 01625 505112
> Fax : 01625 505199
>
>
>
> This E-Mail is sent in confidence for the addressee only. Unauthorised
recipients must preserve this confidentiality and should please advise the
sender immediately by telephone (+44 (0)870 241 6492) and return the
original E-Mail to the sender without taking a copy. Cyprotex has taken all
reasonable precautions to ensure that no viruses are transmitted from
Cyprotex to any third party. Cyprotex accepts no responsibility for any
loss or damage resulting directly or indirectly from the use of this E-Mail
or the contents.
--
Richard de Vroede
(r.devroede at linvision.com)
------------------------------------------------
Linvision BV Provides Linux Solutions
Elektronicaweg 16D
2628 XG Delft
T: +31157502310 info at linvision.com
F: +31157502319 http://devel.linvision.com
------------------------------------------------
________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs SkyScan
service. For more information on a proactive anti-virus service working
around the clock, around the globe, visit http://www.messagelabs.com
________________________________________________________________________
This E-Mail is sent in confidence for the addressee only. Unauthorised recipients must preserve this confidentiality and should please advise the sender immediately by telephone (+44 (0)870 241 6492) and return the original E-Mail to the sender without taking a copy. Cyprotex has taken all reasonable precautions to ensure that no viruses are transmitted from Cyprotex to any third party. Cyprotex accepts no responsibility for any loss or damage resulting directly or indirectly from the use of this E-Mail or the contents.
More information about the pptp-server
mailing list