Vendor specific authentication protocol - PPP

This is a discussion on Vendor specific authentication protocol - PPP ; I read RFC 3772 about PPP Vendor Protocol. With value c05b there comes Vendor Specific Authentication Protocol. So if there is my own Windows RAS Server how can i implement using not CHAP or PAP but my own kind of ...

+ Reply to Thread
Results 1 to 12 of 12

Thread: Vendor specific authentication protocol

  1. Vendor specific authentication protocol

    I read RFC 3772 about PPP Vendor Protocol.
    With value c05b there comes Vendor Specific Authentication Protocol.

    So if there is my own Windows RAS Server how can i implement using not
    CHAP or PAP but my own kind of authentication.
    Beside this RFC i never found somethin helpful about this topic.
    I`m pretty new in this topic so every help or link that could help me
    would be appreciated.

    Sincerly
    G.S.


  2. Re: Vendor specific authentication protocol

    "GREG" writes:
    > I read RFC 3772 about PPP Vendor Protocol.
    > With value c05b there comes Vendor Specific Authentication Protocol.


    Yes. I think I can claim to be somewhat familiar with it.

    > So if there is my own Windows RAS Server how can i implement using not
    > CHAP or PAP but my own kind of authentication.


    Unless your vendor (Microsoft) either provides you with the ability to
    create LCP plugins, or provides you with source code to their product
    ("Windows RAS Server"), I think you're just out of luck. Contact the
    vendor, or a newsgroup devoted to that product to find out if it
    supports the features you need.

    If you lack adequate product support from the vendor, you'll need to
    get a PPP implementation that you *can* modify to do what you want. I
    don't know of any, though, that replicate all of the features of
    Windows RAS; certainly none that are free software. Maybe someone
    like FutureSoft (futsoft.com) has it.

    Writing one from scratch, though, wouldn't necessarily be a good idea.

    --
    James Carlson, KISS Network
    Sun Microsystems / 1 Network Drive 71.234W Vox +1 781 442 2084
    MS UBUR02-212 / Burlington MA 01803-2757 42.497N Fax +1 781 442 1677

  3. Re: Vendor specific authentication protocol

    Thank you for your answer!

    Well, i don't have to use necessarily my own kind of authentication.
    What i want is to send specific data while the link negotiation phase.
    I also read rfc 1570 about additional lcp packets/frames like
    identification frames (code 12) which are commonly used to identify
    itself to the peer. It should be possible to send such frames at any
    time also before LCP is in opened state, am i right?

    So if its possible to send those frames, i will need some kind of a
    proxy to make sent information usable and sendable i would imagine...


    thanks


  4. Re: Vendor specific authentication protocol

    "GREG" writes:
    > Thank you for your answer!
    >
    > Well, i don't have to use necessarily my own kind of authentication.


    In that case, RFC 3772 might not be what you want. (Though it offers
    more than just vendor-specific authentication features.)

    > What i want is to send specific data while the link negotiation phase.


    Could you be more specific about what data you want to send?

    In general, and with most implementations, you'll find that LCP (link
    negotiation) is buried inside the implementation and has no user
    serviceable parts exposed -- no plugins, no way to add things.

    But this all depends on the vendor who gave or sold you the PPP
    software you're using. Contact your vendor.

    > I also read rfc 1570 about additional lcp packets/frames like
    > identification frames (code 12) which are commonly used to identify
    > itself to the peer. It should be possible to send such frames at any
    > time also before LCP is in opened state, am i right?


    Yes. And many implementations do use those LCP Identification
    messages.

    They're typically used for logging purposes, to keep track of peer
    version numbers and the like, so that a human can inspect them if
    something goes wrong. No program should ever extract those strings
    and depend on their contents, nor should there be much of any reason
    to insert any data on the line via these messages from outside of PPP.

    > So if its possible to send those frames, i will need some kind of a
    > proxy to make sent information usable and sendable i would imagine...


    I don't know what you mean by "proxy."

    LCP Identification frames are sent by LCP itself, which is one
    component of a PPP implementation. If you want to change LCP, you'll
    need access to the source code of the PPP implementation you're
    using. Contact your vendor, or switch to a vendor that does supply
    source code.

    --
    James Carlson, KISS Network
    Sun Microsystems / 1 Network Drive 71.234W Vox +1 781 442 2084
    MS UBUR02-212 / Burlington MA 01803-2757 42.497N Fax +1 781 442 1677

  5. Re: Vendor specific authentication protocol

    In article <1120031250.584874.146300@o13g2000cwo.googlegroups. com>,
    GREG wrote:
    >Thank you for your answer!
    >
    >Well, i don't have to use necessarily my own kind of authentication.
    >What i want is to send specific data while the link negotiation phase.
    >I also read rfc 1570 about additional lcp packets/frames like
    >identification frames (code 12) which are commonly used to identify
    >itself to the peer. It should be possible to send such frames at any
    >time also before LCP is in opened state, am i right?
    >
    >So if its possible to send those frames, i will need some kind of a
    >proxy to make sent information usable and sendable i would imagine...


    It's not likely that Windows RAS has a mechanism to allow you to inject
    your own LCP packets onto the serial connection.

    What specifically are you trying to accomplish and why does it have to
    take place "during" the link negottiation phase?? Is it possible you can
    simply send a UDP packet with your special information right after the
    link comes up?

    ========= For LAN/WAN Protocol Analysis, check out PacketView Pro! =========
    Patrick Klos Email: patrick@klos.com
    Klos Technologies, Inc. Web: http://www.klos.com/
    ==== I don't think infinity is as big as it seems - P.Klos, 20-Mar-2005 ====

  6. Re: Vendor specific authentication protocol

    Thank you for your answer!
    What want to do is exchange data in some way befor the authentication
    phase of ppp takes place. As I read about this vendor specific
    authentication and the LCP Frame types which allow an additional amount
    of data to be included in the Data field whose use is not strictly
    described by the protocol i thought this could be a solution to my
    problem. But it seems to be quite dificult. Now I am thinking about
    using these .scp dial up scripts which are used for automatical login.
    But its also an Issue to find a good description about this - what
    options are possible-what instructions are possible. When i was
    searching for Information about these scripts i was always finding
    example scripts but no description about the possibilities.
    Do you know where to find such Information about those scripts?
    Thank you!


  7. Re: Vendor specific authentication protocol

    "GREG" writes:
    > Thank you for your answer!
    > What want to do is exchange data in some way befor the authentication
    > phase of ppp takes place. As I read about this vendor specific
    > authentication and the LCP Frame types which allow an additional amount
    > of data to be included in the Data field whose use is not strictly
    > described by the protocol i thought this could be a solution to my
    > problem. But it seems to be quite dificult.


    It depends. If your vendor will give (or sell) you source code, you
    should be able to do it. (With a cooperative vendor, it might even be
    "easy," for some value of "easy.")

    But since exchanging information before authentication takes place is
    a rather dicey concept at best, and since I don't know what your
    broader application looks like (i.e., what actual problem are you
    trying to solve?), it's hard to give a good recommendation.

    > Now I am thinking about
    > using these .scp dial up scripts which are used for automatical login.
    > But its also an Issue to find a good description about this - what
    > options are possible-what instructions are possible. When i was
    > searching for Information about these scripts i was always finding
    > example scripts but no description about the possibilities.
    > Do you know where to find such Information about those scripts?


    Those are a Windows implementation detail, not part of PPP. You'll
    probably want to visit the Microsoft web site and prowl around
    Windows-related newsgroups instead. A local bookstore or library
    might also be helpful.

    --
    James Carlson, KISS Network
    Sun Microsystems / 1 Network Drive 71.234W Vox +1 781 442 2084
    MS UBUR02-212 / Burlington MA 01803-2757 42.497N Fax +1 781 442 1677

  8. Re: Vendor specific authentication protocol

    "GREG" writes:

    >Thank you for your answer!
    >What want to do is exchange data in some way befor the authentication
    >phase of ppp takes place. As I read about this vendor specific


    What kind of data?

    >authentication and the LCP Frame types which allow an additional amount
    >of data to be included in the Data field whose use is not strictly
    >described by the protocol i thought this could be a solution to my
    >problem. But it seems to be quite dificult. Now I am thinking about


    No.

    >using these .scp dial up scripts which are used for automatical login.


    What are ".scp dialup scripts"? if you mean chat type dialup scripts, then
    they are well described in
    man chat

    >But its also an Issue to find a good description about this - what
    >options are possible-what instructions are possible. When i was
    >searching for Information about these scripts i was always finding
    >example scripts but no description about the possibilities.
    >Do you know where to find such Information about those scripts?
    >Thank you!



  9. Re: Vendor specific authentication protocol

    In article news:1121373183.380063.127840@z14g2000cwz.googlegr oups.com,
    GREG wrote:
    [...]
    > to my problem. But it seems to be quite dificult. Now I am thinking
    > about using these .scp dial up scripts which are used for automatical
    > login. But its also an Issue to find a good description about this -
    > what options are possible-what instructions are possible. When i was
    > searching for Information about these scripts i was always finding
    > example scripts but no description about the possibilities.
    > Do you know where to find such Information about those scripts?
    > Thank you!
    >

    Is there anything pertinent in either
    http://www.microsoft.com/technet/arc.../ras.mspx#EFAA
    (etc) or
    http://www.microsoft.com/resources/d...scripting.mspx
    --
    Alan J. McFarlane
    http://www.alanjmcf.me.uk/
    Please follow-up in the newsgroup for the benefit of all.


  10. Re: Vendor specific authentication protocol

    Unruh schrieb:
    > "GREG" writes:
    >
    > >Thank you for your answer!
    > >What want to do is exchange data in some way befor the authentication
    > >phase of ppp takes place. As I read about this vendor specific

    >
    > What kind of data?


    Well it is just text.
    >
    > >authentication and the LCP Frame types which allow an additional amount
    > >of data to be included in the Data field whose use is not strictly
    > >described by the protocol i thought this could be a solution to my
    > >problem. But it seems to be quite dificult. Now I am thinking about

    >
    > No.


    What did you mean, by saying no? I don't understand...
    >
    > >using these .scp dial up scripts which are used for automatical login.

    >
    > What are ".scp dialup scripts"? if you mean chat type dialup scripts, then
    > they are well described in man chat


    Yes that scripts. What the chat script for linux are the .scp scripts
    for windows i would say. It's just for automatically authenticate with
    username and password used in windows. I read the man page for chat and
    chat can do more than i can do with an .scp script. chat offers a
    option -E, and with that it is possible to use an environment variable
    $xxx, i don't find that possibility with .scp scripts. So from my point
    of view, i can transmit anything written in an environment variable
    with a chat script, by using the -E option. This is something i can't
    do with .scp scripts, there i can only use a few system variables
    ($userid,$password,$success,$Failure) and no other. i can transmit
    strings but i can not use any other variables.


  11. Re: Vendor specific authentication protocol

    Yes, after writing down these text above i found those links also.
    Don't know why, but before i didn't find anything helpful :-)

    Thank you anyway!


  12. Re: Vendor specific authentication protocol

    "GREG" writes:

    >Unruh schrieb:
    >> "GREG" writes:
    >>
    >> >Thank you for your answer!
    >> >What want to do is exchange data in some way befor the authentication
    >> >phase of ppp takes place. As I read about this vendor specific

    >>
    >> What kind of data?


    >Well it is just text.


    Why would you want to exchange text before the authentication phase rather
    than afterwards. what will the machines do with that text? ppp
    negotiationis a very specific set of negotiations, in which both sides have
    to understand what is being negotiatiate. You can of course send anything
    you want but that is useless if the other side does not understand what it
    is.
    You can hack ppp but then on windows you do not have source code so you
    cannot. If you told us what it was you wre trying to accomplish, we might
    be able to show how you could accompish that. Somehow" sending a message to
    the remote machine which is trown away by that machine" does not sound like
    what you actually want to accomplish.

    >>
    >> >authentication and the LCP Frame types which allow an additional amount
    >> >of data to be included in the Data field whose use is not strictly
    >> >described by the protocol i thought this could be a solution to my
    >> >problem. But it seems to be quite dificult. Now I am thinking about

    >>
    >> No.


    No, it is not a solution to your problem because both systems have to
    understand what is being communicated and what is to be done with that
    data. So let us say you hack machine A to send the data. What is B to do
    with that data? It has no idea what this LCP frame is all about since the
    writter of software had never heard about the use you want to put it to,



    >What did you mean, by saying no? I don't understand...
    >>
    >> >using these .scp dial up scripts which are used for automatical login.

    >>
    >> What are ".scp dialup scripts"? if you mean chat type dialup scripts, then
    >> they are well described in man chat


    >Yes that scripts. What the chat script for linux are the .scp scripts
    >for windows i would say. It's just for automatically authenticate with


    Ah, yes, I only realised after you wrote thta .scp is probably a windows
    thing, which makes your project even harder since you have no access to the
    software. But I am certainly the wrong person to comment on what you can
    with the windows script. Now,m you could use the authentication ( username,
    password) to convey messages, but you would have to have much beter control
    of one or the other sides to do that. Ie, if one side was a Linux machine
    it could ask in the preliminary scripty for authentication and use what was
    sent over the username and/of password to make decisions. That is of course
    not part of ppp. It would happen before ppp ever got started on either
    side.

    But without a more detailed description of what you want to do, of why you
    want to exchange this data, noone is going to be able to help you.

    >username and password used in windows. I read the man page for chat and
    >chat can do more than i can do with an .scp script. chat offers a
    >option -E, and with that it is possible to use an environment variable
    >$xxx, i don't find that possibility with .scp scripts. So from my point
    >of view, i can transmit anything written in an environment variable
    >with a chat script, by using the -E option. This is something i can't
    >do with .scp scripts, there i can only use a few system variables
    >($userid,$password,$success,$Failure) and no other. i can transmit
    >strings but i can not use any other variables.



+ Reply to Thread