Problems with pptp / freeradius / ppp / pam...

Bob Mancker bmancker at gmail.com
Fri Apr 15 06:41:40 UTC 2005 

Ok, I have the following files available here:
http://xhost.ath.cx:81/list/
[   ] dictionary              15-Apr-2005 02:07  7.5K  
[   ] dictionary.microsoft    14-Apr-2005 23:07  2.6K  
[   ] options.pptpd           14-Apr-2005 23:07  178   
[   ] radiusd.conf            14-Apr-2005 23:07   56K  
[   ] users                   14-Apr-2005 23:07  6.8K  

I am trying to setup either pam authentication, or just regular plain
text authentication. Ok, let's start with the problems with pam first.
I added a user test via adduser test. Then I changed the password to
testpass. Now let me test it with radtest:
[root at server ppp-2.4.3]# radtest test testpass localhost 1873 testing123
Sending Access-Request of id 239 to 127.0.0.1:1812
        User-Name = "test"
        User-Password = "testpass"
        NAS-IP-Address = rickp4a.inscyber.net
        NAS-Port = 1873
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=239, length=20

Ok, cool, now let me try it from my windows xp box and the built in
vpn client.. doesn't work: In radiusd -X I get:
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_unix: Attribute "User-Password" is required for authentication.
  modcall[authenticate]: module "unix" returns invalid for request 0
modcall: group authenticate returns invalid for request 0
auth: Failed to validate the user.

And in /var/log/messages I get:
Apr 15 14:13:39 rickp4a pppd[12286]: Peer test failed CHAP authentication
(that's the only bad line I see)

And on the windows xp client I get this: 
Verifying username and password...
Access was denied because the username and/or password was invalid on
the domain.

Ok, now that doesn't work.. ultimately I'd like to use that, but if I
had to use clear text I wouldn't mind either. Now I am going to try
bob/bob. You can see the entry I added in users...
[root at server ppp-2.4.3]# cat /etc/raddb/users | head -n 4
bob     Password == "bob"
                Reply-Message = "Hello, bob"

Let's test it with radtest to make sure it works:
[root at rickp4a root]# radtest bob bob localhost 1873 testing123
Sending Access-Request of id 40 to 127.0.0.1:1812
        User-Name = "bob"
        User-Password = "bob"
        NAS-IP-Address = rickp4a.inscyber.net
        NAS-Port = 1873
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=40, length=32
        Reply-Message = "Hello, bob"

Cool, it works. Now let me try it from my windows xp vpn client...
here is the results:
Here is a snippet from /var/log/messages first that doesn't look right...
Apr 15 14:27:06 rickp4a pppd[12342]: MPPE required, but keys are not
available.  Possible plugin problem?
...
Apr 15 14:27:06 rickp4a pptpd[12341]: GRE:
read(fd=6,buffer=804eb00,len=8196) from PTY failed: status = -1 error
= Input/output error, usually caused by unexpected termination of
pppd, check option syntax and pppd logs


And here is radiusd -X:
  Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
  rlm_mschap: Told to do MS-CHAPv2 for bob with NT-Password
  modcall[authenticate]: module "mschap" returns ok for request 0
modcall: group Auth-Type returns ok for request 0
radius_xlat:  'Hello, bob'
Sending Access-Accept of id 77 to 127.0.0.1:32825
        Reply-Message = "Hello, bob"
        MS-CHAP2-Success =
0xa0533d31463232414342304538354230364334363238463030324232323245313645463943434143413838


And now the windows xp vpn client says:
Verifying username and password...
The PPP link control protocol was terminated

Ok, so it looks like it works with radtest (locally) but not remotely?
Is ppp not talking to radiusd correctly?

Here are some version numbers:
pppd version 2.4.3
Poptop v1.2.1
radiusd: FreeRADIUS Version 1.0.1, for host , built on Oct 28 2004 at 09:38:42

I've been as verbose as possible... any comments/advice is appreciated. 

Thank you, 
Bob

More information about the Pam-list mailing list