Windows -> VPN -> Radius

Roberto Greiner mrgreiner at gmail.com
Tue Jul 5 17:22:54 CEST 2005


> >   If the request contained MSCHAP, yes, the mschap module should
> > return ok.  Since the request doesn't contain MSCHAP, the mschap
> > module returns noop.
> >
> >   Make the client send MSCHAP, or CHAP-Password, or User-Password.  No
> > amount of playing with radiusd.conf will fix the client.
> 
> Now THAT would be a nice trick. How do you convince Windows to do what
> you wan't (or expect) it to do??????? :-P
> 
> Well, I tried to change the (few) options the windows VPN client gives
> for authentication/security, and none made windows send me the
> CHAP-Password in the request. Anyway, I will try to google some other
> options.

Well, I think I finally found what's happening. Windows IS sending the
proper password. The problem is with radiusclient, the program that my
VPN server (poptop) uses to interface with radius. It does not have a
dictionary.microsoft file by default, and due to this it's discarding
some of the pairs Windows is sending. Do I need to say that the pairs
discarded are the ones with the password???

I'm trying to solve this problem, but the dictionary.microsoft files
I've tried didn't work. The one that comes with freeradius isn't
understood by radiusclient, and the one I found in the radiusclient
site didn't work properly (did overwrite non-Vendor pairs)

Does somebody know where I can get properly working dictionary files
for this case? (I know this is not a freeradius question, but I need
it to make the client work properly. Sorry)

Thank you very much,

Marcos Roberto Greiner




More information about the Freeradius-Users mailing list