hints and PPTP/MPPE

David Batterham dbatt at ee.unimelb.edu.au
Tue Jun 14 11:55:09 CEST 2005

Hi All,

I'm trying to get hints and huntgroups working with PPTP using MPPE 

I want users to be able to login with uname or uname.suffix. When 
logging in with uname.suffix, the suffix is stripped and a hint is set 
using the hints file. They are also set in a huntgroup.

The users file as a DEFAULT entry for that hint and huntgroup.

This *works* when users connect a certain way (ipsec using clear text 
passwords), but fails on PPTP connections using MPPE.

When connecting via PPTP, the DEFAULT entry does not get hit and it 
falls through to the DEFAULT entry with Auth-Type := Reject. The correct 
entry is hit when connecting via IPSEC.

Despite this, it still sends an Access-Accept (albeit with the 
Reply-Message in the Reject).

My suspicion is that MS Windows is generating MPPE keys based on the 
username with the suffix, and freeradius is correctly authenticating 
against the system (SMBPASSWD file) without the suffix, but generating 
MPPE responses also without the SUFFIX, therefore windows drops the 

Version is 1.0.3.

Any ideas?

David Batterham
Information Systems & Services Manager
Department of Electrical & Electronic Engineering
The University of Melbourne, Victoria 3010
Email: d.batterham at ee.mu.oz.au
Phone: +61 3 8344 3366
Fax: +61 3 8344 6678

More information about the Freeradius-Users mailing list