Problem with connecting to a MS Windows server - PPP

This is a discussion on Problem with connecting to a MS Windows server - PPP ; Dear All I am trying to connect from Mandrake 10 to a MS Windows server, but I get the following error: sent [CHAP Response id=0x0 , name = "unl\"\\\"psmith"] rcvd [LCP TermReq id=0x3 "9\"\003\37777777615\000 LCP terminated by peer (9"^CM-^M^@ My ...

+ Reply to Thread
Results 1 to 11 of 11

Thread: Problem with connecting to a MS Windows server

  1. Problem with connecting to a MS Windows server

    Dear All

    I am trying to connect from Mandrake 10 to a MS Windows server, but I
    get the following error:

    sent [CHAP Response id=0x0
    <9583b7807730dda2bd09ead7f8cb946e000000000000000051 f6dd93f4cdfa9ba20b77a91461689ff0cda01c60fcd5bc00>,
    name = "unl\"\\\"psmith"]
    rcvd [LCP TermReq id=0x3
    "9\"\003\37777777615\000<\37777777715t\000\000\003\37777777642"]
    LCP terminated by peer (9"^CM-^M^@
    My username is unl\psmith (and yes, the slash belongs to my username).
    Any ideas?

    Thanks in advance,

    Paul

  2. Re: Problem with connecting to a MS Windows server

    phhs80@hotpop.com (Paul Smith) writes:
    > sent [CHAP Response id=0x0
    > <9583b7807730dda2bd09ead7f8cb946e000000000000000051 f6dd93f4cdfa9ba20b77a91461689ff0cda01c60fcd5bc00>,
    > name = "unl\"\\\"psmith"]
    > rcvd [LCP TermReq id=0x3
    > "9\"\003\37777777615\000<\37777777715t\000\000\003\37777777642"]
    > LCP terminated by peer (9"^CM-^M^@ >
    > My username is unl\psmith (and yes, the slash belongs to my username).
    > Any ideas?


    It looks like something's amiss in the /etc/ppp/chap-secrets file and
    the 'user' option -- the user name has extra characters in it.

    The former should read something like this:

    unl\\psmith * "pass phrase"

    and the latter:

    user unl\\psmith

    --
    James Carlson, IP Systems Group
    Sun Microsystems / 1 Network Drive 71.234W Vox +1 781 442 2084
    MS UBUR02-212 / Burlington MA 01803-2757 42.497N Fax +1 781 442 1677

  3. Re: Problem with connecting to a MS Windows server

    James Carlson wrote in message news:...
    > phhs80@hotpop.com (Paul Smith) writes:
    > > sent [CHAP Response id=0x0
    > > <9583b7807730dda2bd09ead7f8cb946e000000000000000051 f6dd93f4cdfa9ba20b77a91461689ff0cda01c60fcd5bc00>,
    > > name = "unl\"\\\"psmith"]
    > > rcvd [LCP TermReq id=0x3
    > > "9\"\003\37777777615\000<\37777777715t\000\000\003\37777777642"]
    > > LCP terminated by peer (9"^CM-^M^@ > >
    > > My username is unl\psmith (and yes, the slash belongs to my username).
    > > Any ideas?

    >
    > It looks like something's amiss in the /etc/ppp/chap-secrets file and
    > the 'user' option -- the user name has extra characters in it.
    >
    > The former should read something like this:
    >
    > unl\\psmith * "pass phrase"
    >
    > and the latter:
    >
    > user unl\\psmith


    Thanks for your reply, James. With unl\\psmith, I get:

    sent [CHAP Response id=0x0
    <1ccb0224fd560b8e2a4249d7b0071eb80000000000000000f3 ed3faaee11da3947876bb22d09561e58b3554c9407f51900>,
    name = "unl\\psmith"]
    rcvd [CHAP Failure id=0x0 "E=691 R=1
    C=E1DA3FEAD5F9E5CE314604CA9715DE11 V=3"]
    Unknown MS-CHAP authentication failure: E=691 R=1
    C=E1DA3FEAD5F9E5CE314604CA9715DE11 V=3
    sent [LCP TermReq id=0x2 "Failed to authenticate ourselves to peer"]
    rcvd [LCP TermAck id=0x2 "Failed to authenticate ourselves to peer"]
    Connection terminated.

    Paul

  4. Re: Problem with connecting to a MS Windows server

    phhs80@hotpop.com (Paul Smith) writes:
    > sent [CHAP Response id=0x0
    > <1ccb0224fd560b8e2a4249d7b0071eb80000000000000000f3 ed3faaee11da3947876bb22d09561e58b3554c9407f51900>,
    > name = "unl\\psmith"]
    > rcvd [CHAP Failure id=0x0 "E=691 R=1
    > C=E1DA3FEAD5F9E5CE314604CA9715DE11 V=3"]
    > Unknown MS-CHAP authentication failure: E=691 R=1


    691 is a general authentication failure. It means that the user name
    or password are invalid.

    Not sure what to say. It's possible that there are still escaping
    problems here, but I don't know what they are.

    --
    James Carlson, IP Systems Group
    Sun Microsystems / 1 Network Drive 71.234W Vox +1 781 442 2084
    MS UBUR02-212 / Burlington MA 01803-2757 42.497N Fax +1 781 442 1677

  5. Re: Problem with connecting to a MS Windows server

    James Carlson wrote in message
    > > sent [CHAP Response id=0x0
    > > <1ccb0224fd560b8e2a4249d7b0071eb80000000000000000f3 ed3faaee11da3947876bb22d09561e58b3554c9407f51900>,
    > > name = "unl\\psmith"]
    > > rcvd [CHAP Failure id=0x0 "E=691 R=1
    > > C=E1DA3FEAD5F9E5CE314604CA9715DE11 V=3"]
    > > Unknown MS-CHAP authentication failure: E=691 R=1

    >
    > 691 is a general authentication failure. It means that the user name
    > or password are invalid.
    >
    > Not sure what to say. It's possible that there are still escaping
    > problems here, but I don't know what they are.


    I have sent an e-mail to the system administrator at my work asking
    him (in case he knows it) what is precisely the string with my user
    name that the protocol is expecting. Anyway, thanks for helping me
    with isolating the problem.

    Paul

  6. Re: Problem with connecting to a MS Windows server

    phhs80@hotpop.com (Paul Smith) writes:

    ]Dear All

    ]I am trying to connect from Mandrake 10 to a MS Windows server, but I
    ]get the following error:

    ]sent [CHAP Response id=0x0
    ]<9583b7807730dda2bd09ead7f8cb946e000000000000000051 f6dd93f4cdfa9ba20b77a91461689ff0cda01c60fcd5bc00>,
    ]name = "unl\"\\\"psmith"]
    ]rcvd [LCP TermReq id=0x3
    ]"9\"\003\37777777615\000<\37777777715t\000\000\003\37777777642"]
    ]LCP terminated by peer (9"^CM-^M^@
    ]My username is unl\psmith (and yes, the slash belongs to my username).
    ]Any ideas?

    Are you sure that the system can handle the \? Also what is being sent is
    unl"\"psmith, not unl\psmith. Why would you want a backslash in your
    username anyway?

    What do you have as your username? and in /etc/ppp/chap-secrets?


  7. Re: Problem with connecting to a MS Windows server

    Bill Unruh wrote:
    > phhs80@hotpop.com (Paul Smith) writes:


    > ]Dear All


    > ]I am trying to connect from Mandrake 10 to a MS Windows server, but I
    > ]get the following error:


    > ]sent [CHAP Response id=0x0
    > ]<9583b7807730dda2bd09ead7f8cb946e000000000000000051 f6dd93f4cdfa9ba20b77a91461689ff0cda01c60fcd5bc00>,
    > ]name = "unl\"\\\"psmith"]
    > ]rcvd [LCP TermReq id=0x3
    > ]"9\"\003\37777777615\000<\37777777715t\000\000\003\37777777642"]
    > ]LCP terminated by peer (9"^CM-^M^@

    > ]My username is unl\psmith (and yes, the slash belongs to my username).
    > ]Any ideas?


    > Are you sure that the system can handle the \? Also what is being sent is
    > unl"\"psmith, not unl\psmith. Why would you want a backslash in your
    > username anyway?


    1) Sometimes a name of that form is necessary for MS-CHAP, and he does
    seem to be sure about the form.

    2) Yes, it looks like ``unl"\"psmith'' is sent. His log showed
    unl\\psmith after he seemed to have followed James' advice, so I
    guess the "real" escapes really do appear in the log message.

    3) Read README.MSCHAP80 in the pppd source; it's an MS "Domain Server"
    thing.

    > What do you have as your username? and in /etc/ppp/chap-secrets?


    Good questions. Another that may be pertinent is whether he is using
    the "remotename" pppd option to identify the peer in the secrets line(s).

    If the OP has README.MSCHAP80 available then he should read it.
    Basically it says that two secrets lines are necessary - although
    the authors apparently don't know why (and neither do I), and two
    pppd options, name and remotename.

    A quote from that file:

    For example, if your service provider calls their machine "DialupNT"
    and tells you your account and password are "customer47" and "foobar",
    add the following to your chap-secrets file:

    DialupNT customer47 foobar
    customer47 DialupNT foobar

    For this example the pppd options suggested there are

    name customer47 remotename DialupNT

    Also from the README.MSCHAP80 file:

    The "remotename" option is required for MS-CHAP since Microsoft PPP
    servers don't send their system name in the CHAP challenge packet.

    -- Clifford Kite Email: "echo xvgr_yvahk-ccc@ri1.arg|rot13"
    PPP-Q&A links, downloads: http://ckite.no-ip.net/
    /* Slogan appropriate for a certain well-known software company:
    FAILURE IS NOT AN OPTION - it is built into the operating system
    and comes bundled with the software. And it attracts maggots. */

  8. Re: Problem with connecting to a MS Windows server

    Clifford Kite writes:

    ]Bill Unruh wrote:
    ]> phhs80@hotpop.com (Paul Smith) writes:

    ]> ]Dear All

    ]> ]I am trying to connect from Mandrake 10 to a MS Windows server, but I
    ]> ]get the following error:

    ]> ]sent [CHAP Response id=0x0
    ]> ]<9583b7807730dda2bd09ead7f8cb946e000000000000000051 f6dd93f4cdfa9ba20b77a91461689ff0cda01c60fcd5bc00>,
    ]> ]name = "unl\"\\\"psmith"]
    ]> ]rcvd [LCP TermReq id=0x3
    ]> ]"9\"\003\37777777615\000<\37777777715t\000\000\003\37777777642"]
    ]> ]LCP terminated by peer (9"^CM-^M^@
    ]> ]My username is unl\psmith (and yes, the slash belongs to my username).
    ]> ]Any ideas?

    ]> Are you sure that the system can handle the \? Also what is being sent is
    ]> unl"\"psmith, not unl\psmith. Why would you want a backslash in your
    ]> username anyway?

    ]1) Sometimes a name of that form is necessary for MS-CHAP, and he does
    ]seem to be sure about the form.

    ]2) Yes, it looks like ``unl"\"psmith'' is sent. His log showed
    ]unl\\psmith after he seemed to have followed James' advice, so I
    ]guess the "real" escapes really do appear in the log message.

    ]3) Read README.MSCHAP80 in the pppd source; it's an MS "Domain Server"
    ]thing.

    ]> What do you have as your username? and in /etc/ppp/chap-secrets?

    ]Good questions. Another that may be pertinent is whether he is using
    ]the "remotename" pppd option to identify the peer in the secrets line(s).

    ]If the OP has README.MSCHAP80 available then he should read it.
    ]Basically it says that two secrets lines are necessary - although
    ]the authors apparently don't know why (and neither do I), and two
    ]pppd options, name and remotename.

    ]A quote from that file:

    ] For example, if your service provider calls their machine "DialupNT"
    ] and tells you your account and password are "customer47" and "foobar",
    ] add the following to your chap-secrets file:

    ] DialupNT customer47 foobar
    ] customer47 DialupNT foobar

    This has never been needed in anything I have done or heard of.
    The username and remotename are for your system. They tell your system
    which of the lines in chap-secrets to find the secret on. The remote system
    is irrelevant. This would be if the remote system was also supposed to
    authenticate itself to you, which never happens.



    ]For this example the pppd options suggested there are

    ]name customer47 remotename DialupNT
    ^^^^ user


    ]Also from the README.MSCHAP80 file:

    ] The "remotename" option is required for MS-CHAP since Microsoft PPP
    ] servers don't send their system name in the CHAP challenge packet.


    That is only if you have more than one line with the same username AFAIK.
    Ie, this should not matter.
    If you have a number of systems on all of which you have the same user name
    but different passwords, then you MUST use the remotename option or the
    remote machine must send its name, and you list them in chap-secrets. Again
    , this is rare and probably not his situation.

    'unl\psmith' * password *
    should work in chap-secrets.

    but then he would need to give the user to pppd
    user 'unl\psmith'
    would do I think, but am not sure (ie I am note sure where the \ is
    interpreted-- and it might be different if this was on the command line
    where bash would remove the quotes or in /etc/ppp/options.




  9. Re: Problem with connecting to a MS Windows server

    unruh@string.physics.ubc.ca (Bill Unruh) writes:
    > ] For example, if your service provider calls their machine "DialupNT"
    > ] and tells you your account and password are "customer47" and "foobar",
    > ] add the following to your chap-secrets file:
    >
    > ] DialupNT customer47 foobar
    > ] customer47 DialupNT foobar
    >
    > This has never been needed in anything I have done or heard of.
    > The username and remotename are for your system. They tell your system
    > which of the lines in chap-secrets to find the secret on.


    Right. With standard CHAP, the remote system tells you its name as
    part of the initial Challenge message. That means that if the peer
    doing the authentication request (the "server") is named "joe," you
    can do this in your /etc/ppp/chap-secrets file on the authenticatee
    ("client"):

    unruh joe foobar

    and then specify "user unruh" in your pppd configuration, if necessary
    (not necessary if that's also the local system name).

    With MS-CHAP, though, the remote system doesn't reveal its name. I
    think the protocol _can_ do it, it's just never done. Thus *IFF* you
    want to match on remote peer name on the "client" side, *THEN* you
    must include the 'remotename' option, as there's no other way to know
    which entry to match.

    The same is true with PAP, for what it's worth. When we're
    authenticating ourselves to a PAP peer, we don't know who that peer
    is.

    > The remote system
    > is irrelevant. This would be if the remote system was also supposed to
    > authenticate itself to you, which never happens.


    Uh, no, that's an unrelated issue. Authentication in PPP can be
    negotiated in either or both directions.

    "remotename" is the "assume that the peer has this name for
    authentication purposes, because the peer isn't going to identify
    himself" option.

    > ]For this example the pppd options suggested there are
    >
    > ]name customer47 remotename DialupNT
    > ^^^^ user


    Agreed.

    > That is only if you have more than one line with the same username AFAIK.


    That's right.

    > Ie, this should not matter.


    Depends on the configuration. I agree that it probably doesn't matter
    much to most ordinary users.

    > but then he would need to give the user to pppd
    > user 'unl\psmith'
    > would do I think, but am not sure (ie I am note sure where the \ is
    > interpreted-- and it might be different if this was on the command line
    > where bash would remove the quotes or in /etc/ppp/options.


    The escaping rules for the two places are somewhat similar.

    --
    James Carlson, IP Systems Group
    Sun Microsystems / 1 Network Drive 71.234W Vox +1 781 442 2084
    MS UBUR02-212 / Burlington MA 01803-2757 42.497N Fax +1 781 442 1677

  10. Re: Problem with connecting to a MS Windows server

    phhs80@hotpop.com (Paul Smith) wrote in message
    > I am trying to connect from Mandrake 10 to a MS Windows server, but I
    > get the following error:
    >
    > sent [CHAP Response id=0x0
    > <9583b7807730dda2bd09ead7f8cb946e000000000000000051 f6dd93f4cdfa9ba20b77a91461689ff0cda01c60fcd5bc00>,
    > name = "unl\"\\\"psmith"]
    > rcvd [LCP TermReq id=0x3
    > "9\"\003\37777777615\000<\37777777715t\000\000\003\37777777642"]
    > LCP terminated by peer (9"^CM-^M^@ >
    > My username is unl\psmith (and yes, the slash belongs to my username).
    > Any ideas?


    Thanks to all for the ongoing discussion. The slash in my username is
    really needed, as well as for FTP purposes and even for webmail. (Why
    does my username need a slash, I cannot tell you, as it was a choice
    of the system administrator at my work; he does not know anything
    about Linux...) I can perfectly connect to the VPN server from MS
    Windows, but I cannot do so from Linux. I would like to add that I am
    using pptp client (http://pptpclient.sourceforge.net), under Linux,
    for establishing the VPN connection.

    Paul

  11. Re: Problem with connecting to a MS Windows server

    Paul Smith wrote:

    > Thanks to all for the ongoing discussion. The slash in my username is
    > really needed, as well as for FTP purposes and even for webmail. (Why
    > does my username need a slash, I cannot tell you, as it was a choice
    > of the system administrator at my work; he does not know anything
    > about Linux...) I can perfectly connect to the VPN server from MS
    > Windows, but I cannot do so from Linux. I would like to add that I am
    > using pptp client (http://pptpclient.sourceforge.net), under Linux,
    > for establishing the VPN connection.


    In several tests I've been unable to send a username with a single
    back-slash in it. I *have* sent a username with two back-slashes,
    just as you were able to do.

    Perhaps someone can tell us both how to send one with only a single
    back-slash, but anyone who responds needs to show us how. Personally,
    I now strongly suspect there is something wrong with the way pppd
    2.4.2 handles escaping an escape.

    --
    Clifford Kite Email: "echo xvgr_yvahk-ccc@ri1.arg|rot13"
    PPP-Q&A links, downloads: http://ckite.no-ip.net/
    /* "PPPoE has many advantages for DSL service providers, and
    practically none for DSL consumers."
    - David F. Skoll */