Hi Alan,<div><br></div><div>thanks for your quick reply. I have re-look the configs and readme, and figure it out the issue why connection was not established. It was the pptp config file misconfiguration. I got the successfull connection. Then i tested with ldap authentication - configured /etc/modules/ldap section according to my ldap stuff and in sites-enabled/default enabled the ldap part. </div>
<div>After that, restarted pptpd and re-run radiusd -X mode. </div><div><br></div><div>itested with ldap account in localhost commandline as : </div><div><br></div><div><div>localhost#radtest radiustest thepassword localhost 1812 testing123</div>
<div>Sending Access-Request of id 211 to 127.0.0.1 port 1812</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>User-Name = "radiustest"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>User-Password = "thepassword"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-IP-Address = 192.168.1.1</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-Port = 1812</div><div>rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=211, length=20</div>
</div><div><br></div><div>So this looks good, then I tried from windows machine and i get authentication failed. </div><div><br></div><div><div>WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?</div>
<div>[ldap] user nemandi authorized to use remote access</div><div> [ldap] ldap_release_conn: Release Id: 0</div><div>++[ldap] returns ok</div><div>++[expiration] returns noop</div><div>++[logintime] returns noop</div><div>
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.</div><div>++[pap] returns noop</div><div>Found Auth-Type = MSCHAP</div><div># Executing group from file /etc/raddb/sites-enabled/default</div>
<div>+- entering group MS-CHAP {...}</div><div>[mschap] No Cleartext-Password configured. Cannot create LM-Password.</div><div>[mschap] No Cleartext-Password configured. Cannot create NT-Password.</div><div>[mschap] Creating challenge hash with username: radiustest</div>
<div>[mschap] Told to do MS-CHAPv2 for radiustest with NT-Password</div><div>[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.</div><div>[mschap] FAILED: MS-CHAP2-Response is incorrect</div><div>++[mschap] returns reject</div>
<div>Failed to authenticate the user.</div><div>Using Post-Auth-Type Reject</div><div><br></div><div>As per log it mschap need cleartext password, and ldap does not store password in clear text. I do not want to integrate to windows server or samba stuff if possible. How can I achieve ldap authentication without installing samba and adding radius server into active directory ? </div>
<div><br></div><div>Regards,</div><div>Khapare</div><div><br></div><div class="gmail_quote">On Sat, Apr 28, 2012 at 5:26 PM, Alan DeKok <span dir="ltr"><<a href="mailto:aland@deployingradius.com" target="_blank">aland@deployingradius.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">Khapare Joshi wrote:<br>
> i think radius and pptp are talking together now, but when i connect to<br>
> vpn server from windows machine it looks authentication is working -<br>
> however it doesnt get connected "it says registering your comptuer on<br>
> the network" and returns back.<br>
><br>
> What I am missing here.<br>
<br>
</div> The RADIUS server is returning Access-Accept. This means that it<br>
thinks the user is OK.<br>
<div class="im"><br>
> Apr 27 16:40:33 ioj-d00 pppd[2869]: LCP terminated by peer<br>
> (^@M-h^NM-^Z^@<M-Mt^@^@^@^@)<br>
<br>
</div> PPPD thinks that the PC is closing the connection.<br>
<div class="im"><br>
> what i am missing !!<br>
<br>
</div> Not much. Find out why the PC is closing the connection.<br>
<span class="HOEnZb"><font color="#888888"><br>
Alan DeKok.<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</div></div></blockquote></div><br></div>