Almost there... Radiusclient not sending password with MSChapv2

Tue Dec 8 00:31:44 CET 2009

> I almost have a working Radius setup...

It's working.

> Well almost, because when I try to setup a pptp tunnel with my Windows XP,
> I see the following om my radius server:
>
> Packet number 1 has just been sniffed
>         From:    127.0.0.1:54717
>         To:      127.0.0.1:1812
>         Type:    Access-Request
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
>         User-Name = "wim"
>         MS-CHAP-Challenge = 0x75a4e7aeb06f3c93be685de0afae4cc2
>         MS-CHAP2-Response =
> 0x60007f150b2e344755f9e0462ded8d7d68520000000000000000cf323d8cd21faeb820272ccadd6b188a8ae287bd7481f1c4
>         Calling-Station-Id = "8.08"
>         NAS-IP-Address = XX.XX.XX.XX
>         NAS-Port = 0
> Packet number 2 has just been sniffed
>         From:    127.0.0.1:1812
>         To:      127.0.0.1:54717
>         Type:    Access-Accept
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
>         Framed-IP-Address = 172.16.2.10
>         Framed-IP-Netmask = 255.255.255.0
>         MS-CHAP2-Success =
> 0x60533d45314438443736334142433330343132383837384533434639323534413541373639313346443535
>         MS-MPPE-Recv-Key =
> 0x97fc624e0e2ff930716882df647c7ec4fc8a2d9c946e54d2befdc26d5292aec3562a
>         MS-MPPE-Send-Key =
> 0x9ca67e3969c47454af91493d646e4cdf8fd93dcf3435868ffd42fb3c6c992fb5b989
>         MS-MPPE-Encryption-Policy = 0x00000002
>         MS-MPPE-Encryption-Types = 0x00000004
>

See. Access-Accept with MPPE keys. That all looks fine.

> My XP tells me that the username/password is invalid (Error 961). I
> suspect the password attibute to be empty..

There is no password attribute in mschap. Problem is with your NAS - for
some reason it is not creating the tunnel. Debug ppp on your NAS.

Ivan Kalik