MPPE with PPTP - external module (P K)
S y s C o / developer
developer at sysco.ch
Wed Apr 2 10:57:28 CEST 2014
Hi Alan,
How can I do that multiOTP either supply the NT-Password to FreeRADIUS (the
best option for me), or how to supply the derived attributes
MS-MPPE-Recv-Key, MS-MPPE-Send-Key etc. directly. As multiOTP is doing two
factor authentication, the NT-Password is not sensitive, as a new is created
each time.
I already fixed that with TeKRADIUS by supplying the clear one time password
back to TekRADIUS.
Regards,
Andre
> P K wrote:
>> VPN works fine with CHAP & MSCHAP with multiotp. The trouble is
>> encryption (PPTP with MPPE). When encryption is selected by the user,
>> VPN fails. The problem is that radius will not send the required MPPE
>> responses(MS-MPPE-Recv-Key, MS-MPPE-Send-Key etc.) to NAS.
> Because the multiotp program isn't supplying them to FreeRADIUS.
>> I note that mschap module has options like use_mppe,
>> require_encryption etc.. How can I get radius to send those when I'm
>> using multiotp module to perform chap/mschap so that PPTP with MPPE
>> works?
> Make the multiotp program supply them to FreeRADIUS.
> The keys are derived from the NT-Password, and the MS-CHAP information.
Since FreeRADIUS doesn't have the NT-Password, it can't derive the keys.
> Alan DeKok.
More information about the Freeradius-Users
mailing list