Values for MySQL tables for pptpd ?

Matthew Newton mcn4 at leicester.ac.uk
Wed May 23 13:56:19 CEST 2012


On Wed, May 23, 2012 at 01:42:56PM +0300, Ali Jawad wrote:
> I got it to work "at least half way", I did change pptpd options from
> 
> -chap
> -mschap
> +mschap-v2
> require-mppe
> 
> TO
> 
> +chap
> +mschap
> +mschap-v2
> #require-mppe

That's a lot of changes in one go (unless you tested each one
individually). I'd check you've got the right entries in the
microsoft dictionary for radiusclient (MS-MPPE-Send-Key,
MS-MPPE-Recv-Key etc).

For what it's worth, we got l2tp/ipsec working recently with
radiusclient. The pppd options include:

refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2

and you can connect from Windows just fine. No need for
CHAP/MSCHAP, or to disable encryption. I'd imagine pptp is similar
(albeit the final solution less secure - I don't believe anyone
has recommended pptp for new deployments for at least the last
five years).

However, radiusclient and radius.so are, from what I can tell,
ancient and seem in rather need of an overhaul. The dictionary
support is nasty, compared to the recent dictionary format.

I'm not sure who looks after them now, or if they are maintained.
I've just found radiusclient-ng, which looks more recent, but have
no experience of it.

But this is all mildly off-topic for FreeRADIUS...

Matthew


-- 
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>


More information about the Freeradius-Users mailing list