hints and PPTP/MPPE
David Batterham
dbatt at ee.unimelb.edu.au
Tue Jun 14 11:55:09 CEST 2005
Hi All,
I'm trying to get hints and huntgroups working with PPTP using MPPE
MSCHAPv2.
I want users to be able to login with uname or uname.suffix. When
logging in with uname.suffix, the suffix is stripped and a hint is set
using the hints file. They are also set in a huntgroup.
The users file as a DEFAULT entry for that hint and huntgroup.
This *works* when users connect a certain way (ipsec using clear text
passwords), but fails on PPTP connections using MPPE.
When connecting via PPTP, the DEFAULT entry does not get hit and it
falls through to the DEFAULT entry with Auth-Type := Reject. The correct
entry is hit when connecting via IPSEC.
Despite this, it still sends an Access-Accept (albeit with the
Reply-Message in the Reject).
My suspicion is that MS Windows is generating MPPE keys based on the
username with the suffix, and freeradius is correctly authenticating
against the system (SMBPASSWD file) without the suffix, but generating
MPPE responses also without the SUFFIX, therefore windows drops the
connection.
Version is 1.0.3.
Any ideas?
Regs,
Dave
--
-----------------------------------------------------------------------------
David Batterham
Information Systems & Services Manager
Department of Electrical & Electronic Engineering
The University of Melbourne, Victoria 3010
Email: d.batterham at ee.mu.oz.au
Phone: +61 3 8344 3366
Fax: +61 3 8344 6678
More information about the Freeradius-Users
mailing list