How to enable MSCHAP-v2 auth in linux PPPD option file - PPP

This is a discussion on How to enable MSCHAP-v2 auth in linux PPPD option file - PPP ; Hi All, I am trying to establish a PPPoE connection between a linux PC & a Win2000 professional PC. I have installed RASPPPoE server in the Win2000 PC. I am not able to change the MSCHAP auth in Win2000. How ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: How to enable MSCHAP-v2 auth in linux PPPD option file

  1. How to enable MSCHAP-v2 auth in linux PPPD option file

    Hi All,

    I am trying to establish a PPPoE connection between a linux PC & a
    Win2000 professional PC. I have installed RASPPPoE server in the
    Win2000 PC. I am not able to change the MSCHAP auth in Win2000. How do
    i specify mschap and the callback to my PPP config file in
    /etc/ppp/options. I am not able to disable the CBCP in the Win2000
    RAS.


    [root@localhost vanitha]# pppd pty 'pppoe -I eth1'
    using channel 15
    Using interface ppp0
    Connect: ppp0 <--> /dev/pts/5
    sent [LCP ConfReq id=0x1 ]
    rcvd [LCP ConfReq id=0x0 CBCP> < 17 04 00 02>]
    No auth is possible
    sent [LCP ConfRej id=0x0
    < 17 04 00 02>]
    rcvd [LCP ConfAck id=0x1 ]
    rcvd [LCP TermReq id=0x1 0b 9d 3b 70 00 3c cd 74 00 00 03 97]
    sent [LCP TermAck id=0x1]
    Script pppoe -I eth1 finished (pid 22934), status = 0x0
    Modem hangup
    Connection terminated.

    Thanks

  2. Re: How to enable MSCHAP-v2 auth in linux PPPD option file

    I could get rid of the previous error, by using the PPPD with MS_CHAP
    enabled. I am now using PPPD 2.4.2 with MSCHAP enabled.

    Now i have succeeded up to the Auth, but for some reason, the Win2000
    RAS is sending the LCP ConfReq after sending the CHAP success message.
    Below is the debug output...Can you tell why the server is not moving
    to IPCP phase even after CHAP success..?

    /home/vanitha/Downloads/ppp-2.4.2/pppd/pppd pty 'pppoe -I eth1'
    using channel 20
    Using interface ppp0
    Connect: ppp0 <--> /dev/pts/5
    sent [LCP ConfReq id=0x1 ]
    rcvd [LCP ConfReq id=0x0 CBCP> < 17 04 00 02>]
    sent [LCP ConfRej id=0x0 < 17 04 00 02>]
    rcvd [LCP ConfAck id=0x1 ]
    rcvd [LCP ConfReq id=0x1 [MAC:00:50:56:c0:00:08]>]
    sent [LCP ConfAck id=0x1 [MAC:00:50:56:c0:00:08]>]
    [root@localhost vanitha]# /home/vanitha/Downloads/ppp-2.4.2/pppd/pppd
    pty 'pppoe -I eth1'
    using channel 21
    Using interface ppp0
    Connect: ppp0 <--> /dev/pts/5
    sent [LCP ConfReq id=0x1 ]
    rcvd [LCP ConfReq id=0x0 CBCP> < 17 04 00 03>]
    sent [LCP ConfRej id=0x0 < 17 04 00 03>]
    rcvd [LCP ConfAck id=0x1 ]
    rcvd [LCP ConfReq id=0x1 [MAC:00:50:56:c0:00:08]>]
    sent [LCP ConfAck id=0x1 [MAC:00:50:56:c0:00:08]>]
    sent [CHAP Challenge id=0xb2 , name =
    "guest"]
    rcvd [CHAP Challenge id=0x0 <238da58747feb6e5cb6d3819bdc41ba8>, name =
    "GUEST"]
    sent [CHAP Response id=0x0
    <06913317416e887e0a6c93d9ba4c2f9600000000000000003d 3aeb5e647a4539f127bfea9b1efd8f5fa08cf0f09ac24900>,
    name = "guest"]
    rcvd [CHAP Success id=0x0 "S=EEF3E2BE6B143C7128CDFD1AEC8DB8AFE9C28C9F"]
    rcvd [LCP ConfReq id=0x3 CBCP> < 17 04 00 03>]
    sent [LCP ConfReq id=0x2 ]
    sent [LCP ConfRej id=0x3 < 17 04 00 03>]
    rcvd [LCP ConfRej id=0x2 ]
    sent [LCP ConfReq id=0x3 ]
    rcvd [LCP ConfReq id=0x4 [MAC:00:50:56:c0:00:08]>]
    sent [LCP ConfAck id=0x4 [MAC:00:50:56:c0:00:08]>]
    rcvd [LCP ConfAck id=0x3 ]
    peer refused to authenticate: terminating link
    sent [LCP TermReq id=0x4 "peer refused to authenticate"]
    rcvd [CHAP Challenge id=0x0 <965963fd6fc022fb1274511e6ab1076b>, name =
    "GUEST"]
    Discarded non-LCP packet when LCP not open
    rcvd [LCP TermAck id=0x4 "peer refused to authenticate"]
    Connection terminated.
    pppoe: read (asyncReadFromPPP): Session 9: Input/output error
    Waiting for 1 child processes...
    script pppoe -I eth1, pid 23343
    Script pppoe -I eth1 finished (pid 23343), status = 0x1
    [root@localhost vanitha]#


  3. Re: How to enable MSCHAP-v2 auth in linux PPPD option file

    vanitha@agilis.st.com.sg wrote:
    > I could get rid of the previous error, by using the PPPD with MS_CHAP
    > enabled. I am now using PPPD 2.4.2 with MSCHAP enabled.


    > Now i have succeeded up to the Auth, but for some reason, the Win2000
    > RAS is sending the LCP ConfReq after sending the CHAP success message.
    > Below is the debug output...Can you tell why the server is not moving
    > to IPCP phase even after CHAP success..?


    It is because you requested that the peer (server) authenticate
    itself to you and it refuses to do so. I'd guess "MSCHAP enabled"
    enabled means you not only upgraded pppd but also added the option
    require-mschap-v2. That option directs pppd to require the peer
    authenticate itself and you don't want to do that here.

    > /home/vanitha/Downloads/ppp-2.4.2/pppd/pppd pty 'pppoe -I eth1'
    > using channel 20
    > Using interface ppp0
    > Connect: ppp0 <--> /dev/pts/5
    > sent [LCP ConfReq id=0x1 ]
    > rcvd [LCP ConfReq id=0x0 > CBCP> < 17 04 00 02>]
    > sent [LCP ConfRej id=0x0 < 17 04 00 02>]
    > rcvd [LCP ConfAck id=0x1 ]
    > rcvd [LCP ConfReq id=0x1 > [MAC:00:50:56:c0:00:08]>]
    > sent [LCP ConfAck id=0x1 > [MAC:00:50:56:c0:00:08]>]


    Why include the lines above?

    > [root@localhost vanitha]# /home/vanitha/Downloads/ppp-2.4.2/pppd/pppd
    > pty 'pppoe -I eth1'
    > using channel 21
    > Using interface ppp0
    > Connect: ppp0 <--> /dev/pts/5
    > sent [LCP ConfReq id=0x1 ]
    > rcvd [LCP ConfReq id=0x0 > CBCP> < 17 04 00 03>]
    > sent [LCP ConfRej id=0x0 < 17 04 00 03>]
    > rcvd [LCP ConfAck id=0x1 ]
    > rcvd [LCP ConfReq id=0x1 > [MAC:00:50:56:c0:00:08]>]
    > sent [LCP ConfAck id=0x1 > [MAC:00:50:56:c0:00:08]>]
    > sent [CHAP Challenge id=0xb2 , name =
    > "guest"]
    > rcvd [CHAP Challenge id=0x0 <238da58747feb6e5cb6d3819bdc41ba8>, name =
    > "GUEST"]
    > sent [CHAP Response id=0x0
    > <06913317416e887e0a6c93d9ba4c2f9600000000000000003d 3aeb5e647a4539f127bfea9b1efd8f5fa08cf0f09ac24900>,
    > name = "guest"]
    > rcvd [CHAP Success id=0x0 "S=EEF3E2BE6B143C7128CDFD1AEC8DB8AFE9C28C9F"]
    > rcvd [LCP ConfReq id=0x3 > CBCP> < 17 04 00 03>]
    > sent [LCP ConfReq id=0x2 ]


    Pppd requests the peer authenticate itself with MS-CHAP V2.

    > sent [LCP ConfRej id=0x3 < 17 04 00 03>]
    > rcvd [LCP ConfRej id=0x2 ]


    The peer rejects the authentication request.

    > sent [LCP ConfReq id=0x3 ]
    > rcvd [LCP ConfReq id=0x4 > [MAC:00:50:56:c0:00:08]>]
    > sent [LCP ConfAck id=0x4 > [MAC:00:50:56:c0:00:08]>]
    > rcvd [LCP ConfAck id=0x3 ]
    > peer refused to authenticate: terminating link
    > sent [LCP TermReq id=0x4 "peer refused to authenticate"]


    The peer's rejection causes pppd to terminate the negotiations.

    > rcvd [CHAP Challenge id=0x0 <965963fd6fc022fb1274511e6ab1076b>, name =
    > "GUEST"]
    > Discarded non-LCP packet when LCP not open
    > rcvd [LCP TermAck id=0x4 "peer refused to authenticate"]
    > Connection terminated.
    > pppoe: read (asyncReadFromPPP): Session 9: Input/output error
    > Waiting for 1 child processes...
    > script pppoe -I eth1, pid 23343
    > Script pppoe -I eth1 finished (pid 23343), status = 0x1
    > [root@localhost vanitha]#


    --
    Clifford Kite Email: "echo xvgr_yvahk-ccc@ri1.arg|rot13"
    PPP-Q&A links, downloads: http://ckite.no-ip.net/
    /* For every credibility gap, there is a gullibility fill.
    -- R. Clopton */

  4. Re: How to enable MSCHAP-v2 auth in linux PPPD option file

    vanitha@agilis.st.com.sg writes:

    >I could get rid of the previous error, by using the PPPD with MS_CHAP
    >enabled. I am now using PPPD 2.4.2 with MSCHAP enabled.


    >Now i have succeeded up to the Auth, but for some reason, the Win2000
    >RAS is sending the LCP ConfReq after sending the CHAP success message.
    >Below is the debug output...Can you tell why the server is not moving
    >to IPCP phase even after CHAP success..?


    You ask them to authenticate themselves with chap. They refuse. End of
    game. WHy are you asking them to authenticate themselves to you?
    (get rid of the require-chap line in your options)

    >/home/vanitha/Downloads/ppp-2.4.2/pppd/pppd pty 'pppoe -I eth1'
    >using channel 20
    >Using interface ppp0
    >Connect: ppp0 <--> /dev/pts/5
    >sent [LCP ConfReq id=0x1 ]
    >rcvd [LCP ConfReq id=0x0 >CBCP> < 17 04 00 02>]
    >sent [LCP ConfRej id=0x0 < 17 04 00 02>]
    >rcvd [LCP ConfAck id=0x1 ]
    >rcvd [LCP ConfReq id=0x1 >[MAC:00:50:56:c0:00:08]>]
    >sent [LCP ConfAck id=0x1 >[MAC:00:50:56:c0:00:08]>]
    >[root@localhost vanitha]# /home/vanitha/Downloads/ppp-2.4.2/pppd/pppd
    >pty 'pppoe -I eth1'
    >using channel 21
    >Using interface ppp0
    >Connect: ppp0 <--> /dev/pts/5
    >sent [LCP ConfReq id=0x1 ]
    >rcvd [LCP ConfReq id=0x0 >CBCP> < 17 04 00 03>]
    >sent [LCP ConfRej id=0x0 < 17 04 00 03>]
    >rcvd [LCP ConfAck id=0x1 ]
    >rcvd [LCP ConfReq id=0x1 >[MAC:00:50:56:c0:00:08]>]
    >sent [LCP ConfAck id=0x1 >[MAC:00:50:56:c0:00:08]>]
    >sent [CHAP Challenge id=0xb2 , name =
    >"guest"]
    >rcvd [CHAP Challenge id=0x0 <238da58747feb6e5cb6d3819bdc41ba8>, name =
    >"GUEST"]
    >sent [CHAP Response id=0x0
    ><06913317416e887e0a6c93d9ba4c2f9600000000000000003d 3aeb5e647a4539f127bfea9b1efd8f5fa08cf0f09ac24900>,
    >name = "guest"]
    >rcvd [CHAP Success id=0x0 "S=EEF3E2BE6B143C7128CDFD1AEC8DB8AFE9C28C9F"]
    >rcvd [LCP ConfReq id=0x3 >CBCP> < 17 04 00 03>]
    >sent [LCP ConfReq id=0x2 ]
    >sent [LCP ConfRej id=0x3 < 17 04 00 03>]
    >rcvd [LCP ConfRej id=0x2 ]
    >sent [LCP ConfReq id=0x3 ]
    >rcvd [LCP ConfReq id=0x4 >[MAC:00:50:56:c0:00:08]>]
    >sent [LCP ConfAck id=0x4 >[MAC:00:50:56:c0:00:08]>]
    >rcvd [LCP ConfAck id=0x3 ]
    >peer refused to authenticate: terminating link
    >sent [LCP TermReq id=0x4 "peer refused to authenticate"]
    >rcvd [CHAP Challenge id=0x0 <965963fd6fc022fb1274511e6ab1076b>, name =
    >"GUEST"]
    >Discarded non-LCP packet when LCP not open
    >rcvd [LCP TermAck id=0x4 "peer refused to authenticate"]
    >Connection terminated.
    >pppoe: read (asyncReadFromPPP): Session 9: Input/output error
    >Waiting for 1 child processes...
    > script pppoe -I eth1, pid 23343
    >Script pppoe -I eth1 finished (pid 23343), status = 0x1
    >[root@localhost vanitha]#



  5. Re: How to enable MSCHAP-v2 auth in linux PPPD option file

    Thanks. I got it. I removed the auth +mschap-v2 options from the
    /etc/ppp/options file from my Linux PC. Now i am able to establish
    PPPoE connection from my Linux PC to the Win2K PPPoE server.


    Clifford Kite wrote in message news:<54ko3d.ojg.ln@corncob.inetport.tld>...
    > vanitha@agilis.st.com.sg wrote:
    > > I could get rid of the previous error, by using the PPPD with MS_CHAP
    > > enabled. I am now using PPPD 2.4.2 with MSCHAP enabled.

    >
    > > Now i have succeeded up to the Auth, but for some reason, the Win2000
    > > RAS is sending the LCP ConfReq after sending the CHAP success message.
    > > Below is the debug output...Can you tell why the server is not moving
    > > to IPCP phase even after CHAP success..?

    >
    > It is because you requested that the peer (server) authenticate
    > itself to you and it refuses to do so. I'd guess "MSCHAP enabled"
    > enabled means you not only upgraded pppd but also added the option
    > require-mschap-v2. That option directs pppd to require the peer
    > authenticate itself and you don't want to do that here.
    >
    > > /home/vanitha/Downloads/ppp-2.4.2/pppd/pppd pty 'pppoe -I eth1'
    > > using channel 20
    > > Using interface ppp0
    > > Connect: ppp0 <--> /dev/pts/5
    > > sent [LCP ConfReq id=0x1 ]
    > > rcvd [LCP ConfReq id=0x0 > > CBCP> < 17 04 00 02>]
    > > sent [LCP ConfRej id=0x0 < 17 04 00 02>]
    > > rcvd [LCP ConfAck id=0x1 ]
    > > rcvd [LCP ConfReq id=0x1 > > [MAC:00:50:56:c0:00:08]>]
    > > sent [LCP ConfAck id=0x1 > > [MAC:00:50:56:c0:00:08]>]

    >
    > Why include the lines above?
    >
    > > [root@localhost vanitha]# /home/vanitha/Downloads/ppp-2.4.2/pppd/pppd
    > > pty 'pppoe -I eth1'
    > > using channel 21
    > > Using interface ppp0
    > > Connect: ppp0 <--> /dev/pts/5
    > > sent [LCP ConfReq id=0x1 ]
    > > rcvd [LCP ConfReq id=0x0 > > CBCP> < 17 04 00 03>]
    > > sent [LCP ConfRej id=0x0 < 17 04 00 03>]
    > > rcvd [LCP ConfAck id=0x1 ]
    > > rcvd [LCP ConfReq id=0x1 > > [MAC:00:50:56:c0:00:08]>]
    > > sent [LCP ConfAck id=0x1 > > [MAC:00:50:56:c0:00:08]>]
    > > sent [CHAP Challenge id=0xb2 , name =
    > > "guest"]
    > > rcvd [CHAP Challenge id=0x0 <238da58747feb6e5cb6d3819bdc41ba8>, name =
    > > "GUEST"]
    > > sent [CHAP Response id=0x0
    > > <06913317416e887e0a6c93d9ba4c2f9600000000000000003d 3aeb5e647a4539f127bfea9b1efd8f5fa08cf0f09ac24900>,
    > > name = "guest"]
    > > rcvd [CHAP Success id=0x0 "S=EEF3E2BE6B143C7128CDFD1AEC8DB8AFE9C28C9F"]
    > > rcvd [LCP ConfReq id=0x3 > > CBCP> < 17 04 00 03>]
    > > sent [LCP ConfReq id=0x2 ]

    >
    > Pppd requests the peer authenticate itself with MS-CHAP V2.
    >
    > > sent [LCP ConfRej id=0x3 < 17 04 00 03>]
    > > rcvd [LCP ConfRej id=0x2 ]

    >
    > The peer rejects the authentication request.
    >
    > > sent [LCP ConfReq id=0x3 ]
    > > rcvd [LCP ConfReq id=0x4 > > [MAC:00:50:56:c0:00:08]>]
    > > sent [LCP ConfAck id=0x4 > > [MAC:00:50:56:c0:00:08]>]
    > > rcvd [LCP ConfAck id=0x3 ]
    > > peer refused to authenticate: terminating link
    > > sent [LCP TermReq id=0x4 "peer refused to authenticate"]

    >
    > The peer's rejection causes pppd to terminate the negotiations.
    >
    > > rcvd [CHAP Challenge id=0x0 <965963fd6fc022fb1274511e6ab1076b>, name =
    > > "GUEST"]
    > > Discarded non-LCP packet when LCP not open
    > > rcvd [LCP TermAck id=0x4 "peer refused to authenticate"]
    > > Connection terminated.
    > > pppoe: read (asyncReadFromPPP): Session 9: Input/output error
    > > Waiting for 1 child processes...
    > > script pppoe -I eth1, pid 23343
    > > Script pppoe -I eth1 finished (pid 23343), status = 0x1
    > > [root@localhost vanitha]#


+ Reply to Thread