PPTP + FreeRadius + LDAP
Douglas Macedo
dmacedo at gmail.com
Thu Nov 27 17:37:23 CET 2008
Hey guys,
i force in WIndows Client to use only mschap2, but the problem continue:
-
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 150.162.67.254:32858, id=109,
length=53
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "douglas"
NAS-IP-Address = 1.1.1.1
NAS-Port = 0
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "douglas", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
modcall: leaving group authorize (returns ok) for request 0
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
Login incorrect: [douglas] (from client access-vpn port 0)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--
In PPTP debug show:
--
Nov 27 11:35:39 epiderme pptpd[12253]: MGR: Launching /usr/sbin/pptpctrl to
handle client
Nov 27 11:35:39 epiderme pptpd[12253]: CTRL: local address = 150.162.67.200
Nov 27 11:35:39 epiderme pptpd[12253]: CTRL: remote address = 150.162.67.201
Nov 27 11:35:39 epiderme pptpd[12253]: CTRL: pppd options file =
/etc/ppp/pptpd-options
Nov 27 11:35:39 epiderme pptpd[12253]: CTRL: Client 150.162.67.54 control
connection started
Nov 27 11:35:39 epiderme pptpd[12253]: CTRL: Received PPTP Control Message
(type: 1)
Nov 27 11:35:39 epiderme pptpd[12253]: CTRL: Made a START CTRL CONN RPLY
packet
Nov 27 11:35:39 epiderme pptpd[12253]: CTRL: I wrote 156 bytes to the
client.
Nov 27 11:35:39 epiderme pptpd[12253]: CTRL: Sent packet to client
Nov 27 11:35:39 epiderme pptpd[12253]: CTRL: Received PPTP Control Message
(type: 7)
Nov 27 11:35:39 epiderme pptpd[12253]: CTRL: Set parameters to 100000000
maxbps, 64 window size
Nov 27 11:35:39 epiderme pptpd[12253]: CTRL: Made a OUT CALL RPLY packet
Nov 27 11:35:39 epiderme pptpd[12253]: CTRL: Starting call (launching pppd,
opening GRE)
Nov 27 11:35:39 epiderme pptpd[12253]: CTRL: pty_fd = 6
Nov 27 11:35:39 epiderme pptpd[12253]: CTRL: tty_fd = 7
Nov 27 11:35:39 epiderme pptpd[12254]: CTRL (PPPD Launcher): program binary
= /usr/sbin/pppd
Nov 27 11:35:39 epiderme pptpd[12254]: CTRL (PPPD Launcher): local address =
150.162.67.200
Nov 27 11:35:39 epiderme pptpd[12254]: CTRL (PPPD Launcher): remote address
= 150.162.67.201
Nov 27 11:35:39 epiderme pppd[12254]: Plugin radius.so loaded.
Nov 27 11:35:39 epiderme pppd[12254]: RADIUS plugin initialized.
Nov 27 11:35:39 epiderme pppd[12254]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so
loaded.
Nov 27 11:35:39 epiderme pppd[12254]: pptpd-logwtmp: $Version$
Nov 27 11:35:39 epiderme pppd[12254]: pppd 2.4.4 started by root, uid 0
Nov 27 11:35:39 epiderme pptpd[12253]: CTRL: I wrote 32 bytes to the client.
Nov 27 11:35:39 epiderme pptpd[12253]: CTRL: Sent packet to client
Nov 27 11:35:39 epiderme pppd[12254]: using channel 291
Nov 27 11:35:39 epiderme pppd[12254]: Using interface ppp0
Nov 27 11:35:39 epiderme pppd[12254]: Connect: ppp0 <--> /dev/pts/1
Nov 27 11:35:39 epiderme pppd[12254]: sent [LCP ConfReq id=0x1 <asyncmap
0x0> <auth chap MS-v2> <magic 0x7ba9ed09> <pcomp> <accomp>]
Nov 27 11:35:39 epiderme pptpd[12253]: GRE: Bad checksum from pppd.
Nov 27 11:35:39 epiderme pptpd[12253]: CTRL: Received PPTP Control Message
(type: 15)
Nov 27 11:35:39 epiderme pptpd[12253]: CTRL: Got a SET LINK INFO packet with
standard ACCMs
Nov 27 11:35:39 epiderme pptpd[12253]: GRE: accepting packet #0
Nov 27 11:35:39 epiderme pptpd[12253]: GRE: accepting packet #1
Nov 27 11:35:39 epiderme pppd[12254]: rcvd [LCP ConfReq id=0x0 <mru 1400>
<magic 0x2f814697> <pcomp> <accomp> <callback CBCP>]
Nov 27 11:35:39 epiderme pppd[12254]: sent [LCP ConfRej id=0x0 <callback
CBCP>]
Nov 27 11:35:39 epiderme pppd[12254]: rcvd [LCP ConfAck id=0x1 <asyncmap
0x0> <auth chap MS-v2> <magic 0x7ba9ed09> <pcomp> <accomp>]
Nov 27 11:35:39 epiderme pptpd[12253]: GRE: accepting packet #2
Nov 27 11:35:39 epiderme pppd[12254]: rcvd [LCP ConfReq id=0x1 <mru 1400>
<magic 0x2f814697> <pcomp> <accomp>]
Nov 27 11:35:39 epiderme pppd[12254]: sent [LCP ConfAck id=0x1 <mru 1400>
<magic 0x2f814697> <pcomp> <accomp>]
Nov 27 11:35:39 epiderme pppd[12254]: sent [LCP EchoReq id=0x0
magic=0x7ba9ed09]
Nov 27 11:35:39 epiderme pppd[12254]: sent [CHAP Challenge id=0xed
<f0334ca2b790e04dd584cd16234b2d12>, name = "pptpd"]
Nov 27 11:35:39 epiderme pptpd[12253]: GRE: accepting packet #3
Nov 27 11:35:39 epiderme pptpd[12253]: GRE: accepting packet #4
Nov 27 11:35:39 epiderme pptpd[12253]: GRE: accepting packet #5
Nov 27 11:35:39 epiderme pppd[12254]: rcvd [LCP Ident id=0x2
magic=0x2f814697 "MSRASV5.10"]
Nov 27 11:35:39 epiderme pppd[12254]: rcvd [LCP Ident id=0x3
magic=0x2f814697 "MSRAS-0-MOLAR"]
Nov 27 11:35:39 epiderme pppd[12254]: rcvd [LCP Ident id=0x2
magic=0x2f814697 "MSRASV5.10"]
Nov 27 11:35:39 epiderme pppd[12254]: rcvd [LCP Ident id=0x3
magic=0x2f814697 "MSRAS-0-MOLAR"]
Nov 27 11:35:39 epiderme pppd[12254]: rcvd [LCP EchoRep id=0x0
magic=0x2f814697]
Nov 27 11:35:39 epiderme pptpd[12253]: GRE: accepting packet #6
Nov 27 11:35:39 epiderme pppd[12254]: rcvd [CHAP Response id=0xed
<4231ee0d3b4c2d2ae9cfb13528b2449a0000000000000000a70bfbedcf96842050bbf5c9ebcb329e326d29c3190e5d1a00>,
name = "douglas"]
Nov 27 11:35:39 epiderme pppd[12254]: rc_avpair_new: unknown attribute 11
Nov 27 11:35:39 epiderme pppd[12254]: rc_avpair_new: unknown attribute 25
Nov 27 11:35:39 epiderme pptpd[12253]: CTRL: Received PPTP Control Message
(type: 15)
Nov 27 11:35:39 epiderme pptpd[12253]: CTRL: Ignored a SET LINK INFO packet
with real ACCMs!
Nov 27 11:35:41 epiderme pptpd[12253]: GRE: accepting packet #7
Nov 27 11:35:41 epiderme pppd[12254]: Peer douglas failed CHAP
authentication
Nov 27 11:35:41 epiderme pppd[12254]: sent [CHAP Failure id=0xed ""]
Nov 27 11:35:41 epiderme pppd[12254]: sent [LCP TermReq id=0x2
"Authentication failed"]
Nov 27 11:35:41 epiderme pppd[12254]: rcvd [CHAP Response id=0xed
<4231ee0d3b4c2d2ae9cfb13528b2449a0000000000000000a70bfbedcf96842050bbf5c9ebcb329e326d29c3190e5d1a00>,
name = "douglas"]
Nov 27 11:35:41 epiderme pppd[12254]: Discarded non-LCP packet when LCP not
open
Nov 27 11:35:41 epiderme pptpd[12253]: CTRL: Received PPTP Control Message
(type: 15)
Nov 27 11:35:41 epiderme pptpd[12253]: CTRL: Got a SET LINK INFO packet with
standard ACCMs
Nov 27 11:35:41 epiderme pptpd[12253]: GRE: accepting packet #8
Nov 27 11:35:41 epiderme pppd[12254]: rcvd [LCP TermAck id=0x2
"Authentication failed"]
Nov 27 11:35:41 epiderme pppd[12254]: Connection terminated.
Nov 27 11:35:41 epiderme pptpd[12253]: CTRL: Received PPTP Control Message
(type: 12)
Nov 27 11:35:41 epiderme pptpd[12253]: CTRL: Made a CALL DISCONNECT RPLY
packet
Nov 27 11:35:41 epiderme pptpd[12253]: CTRL: Received CALL CLR request
(closing call)
Nov 27 11:35:41 epiderme pptpd[12253]: CTRL: Reaping child PPP[12254]
Nov 27 11:35:41 epiderme pppd[12254]: Exit.
Nov 27 11:35:41 epiderme pptpd[12253]: CTRL: Client 150.162.67.54 control
connection finished
Nov 27 11:35:41 epiderme pptpd[12253]: CTRL: Exiting now
Nov 27 11:35:41 epiderme pptpd[11948]: MGR: Reaped child 12253
--
My pptp-options:
--
epiderme:/etc/ppp# cat pptpd-options
lock
debug
name pptpd
proxyarp
asyncmap 0
-chap
-mschap
+mschap-v2
require-mppe
lcp-echo-failure 30
lcp-echo-interval 5
ipcp-accept-local
ipcp-accept-remote
plugin radius.so
radius-config-file /etc/radiusclient/radiusclient.conf
--
Anyone can help me? Please ...
Thanks in advanced,
Douglas
On Wed, Nov 26, 2008 at 7:34 PM, <tnt at kalik.net> wrote:
> >if I try mschapv2 in Windons client:
> >
> >--
> >rad_recv: Access-Request packet from host 150.162.67.254:32839, id=46,
> >length=52
> > Service-Type = Framed-User
> > Framed-Protocol = PPP
> > User-Name = "nobody"
> > NAS-IP-Address = 1.1.1.1
> > NAS-Port = 0
>
> This is not an mschap request.
>
>
> http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ#How_do_I_make_Windows_XP_clients_use_only_PAP_.28Not_CHAP.29
>
> In your case, leave only mschapv2. That will force Windows to use it (if
> mschapv2 is not enabled on the pptp server connection will fail without
> authentication).
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
--
Douglas Macedo
dmacedo at gmail.com
--
Avalia-se a inteligência de um indivíduo pela quantidade de incertezas que
ele é capaz de suportar.
(Immanuel Kant)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20081127/42e794c2/attachment.html>
More information about the Freeradius-Users
mailing list