Problems with pptp / freeradius / ppp / pam...
Bob Mancker
bmancker at gmail.com
Fri Apr 15 06:41:40 UTC 2005
Ok, I have the following files available here:
http://xhost.ath.cx:81/list/
[ ] dictionary 15-Apr-2005 02:07 7.5K
[ ] dictionary.microsoft 14-Apr-2005 23:07 2.6K
[ ] options.pptpd 14-Apr-2005 23:07 178
[ ] radiusd.conf 14-Apr-2005 23:07 56K
[ ] users 14-Apr-2005 23:07 6.8K
I am trying to setup either pam authentication, or just regular plain
text authentication. Ok, let's start with the problems with pam first.
I added a user test via adduser test. Then I changed the password to
testpass. Now let me test it with radtest:
[root at server ppp-2.4.3]# radtest test testpass localhost 1873 testing123
Sending Access-Request of id 239 to 127.0.0.1:1812
User-Name = "test"
User-Password = "testpass"
NAS-IP-Address = rickp4a.inscyber.net
NAS-Port = 1873
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=239, length=20
Ok, cool, now let me try it from my windows xp box and the built in
vpn client.. doesn't work: In radiusd -X I get:
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_unix: Attribute "User-Password" is required for authentication.
modcall[authenticate]: module "unix" returns invalid for request 0
modcall: group authenticate returns invalid for request 0
auth: Failed to validate the user.
And in /var/log/messages I get:
Apr 15 14:13:39 rickp4a pppd[12286]: Peer test failed CHAP authentication
(that's the only bad line I see)
And on the windows xp client I get this:
Verifying username and password...
Access was denied because the username and/or password was invalid on
the domain.
Ok, now that doesn't work.. ultimately I'd like to use that, but if I
had to use clear text I wouldn't mind either. Now I am going to try
bob/bob. You can see the entry I added in users...
[root at server ppp-2.4.3]# cat /etc/raddb/users | head -n 4
bob Password == "bob"
Reply-Message = "Hello, bob"
Let's test it with radtest to make sure it works:
[root at rickp4a root]# radtest bob bob localhost 1873 testing123
Sending Access-Request of id 40 to 127.0.0.1:1812
User-Name = "bob"
User-Password = "bob"
NAS-IP-Address = rickp4a.inscyber.net
NAS-Port = 1873
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=40, length=32
Reply-Message = "Hello, bob"
Cool, it works. Now let me try it from my windows xp vpn client...
here is the results:
Here is a snippet from /var/log/messages first that doesn't look right...
Apr 15 14:27:06 rickp4a pppd[12342]: MPPE required, but keys are not
available. Possible plugin problem?
...
Apr 15 14:27:06 rickp4a pptpd[12341]: GRE:
read(fd=6,buffer=804eb00,len=8196) from PTY failed: status = -1 error
= Input/output error, usually caused by unexpected termination of
pppd, check option syntax and pppd logs
And here is radiusd -X:
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
rlm_mschap: Told to do MS-CHAPv2 for bob with NT-Password
modcall[authenticate]: module "mschap" returns ok for request 0
modcall: group Auth-Type returns ok for request 0
radius_xlat: 'Hello, bob'
Sending Access-Accept of id 77 to 127.0.0.1:32825
Reply-Message = "Hello, bob"
MS-CHAP2-Success =
0xa0533d31463232414342304538354230364334363238463030324232323245313645463943434143413838
And now the windows xp vpn client says:
Verifying username and password...
The PPP link control protocol was terminated
Ok, so it looks like it works with radtest (locally) but not remotely?
Is ppp not talking to radiusd correctly?
Here are some version numbers:
pppd version 2.4.3
Poptop v1.2.1
radiusd: FreeRADIUS Version 1.0.1, for host , built on Oct 28 2004 at 09:38:42
I've been as verbose as possible... any comments/advice is appreciated.
Thank you,
Bob
More information about the Pam-list
mailing list