Ok, I have the following files available here: http://xhost.ath.cx:81/list/ [ ] dictionary 15-Apr-2005 02:07 7.5K [ ] dictionary.microsoft 14-Apr-2005 23:07 2.6K [ ] options.pptpd 14-Apr-2005 23:07 178 [ ] radiusd.conf 14-Apr-2005 23:07 56K [ ] users 14-Apr-2005 23:07 6.8K I am trying to setup either pam authentication, or just regular plain text authentication. Ok, let's start with the problems with pam first. I added a user test via adduser test. Then I changed the password to testpass. Now let me test it with radtest: [root@server ppp-2.4.3]# radtest test testpass localhost 1873 testing123 Sending Access-Request of id 239 to 127.0.0.1:1812 User-Name = "test" User-Password = "testpass" NAS-IP-Address = rickp4a.inscyber.net NAS-Port = 1873 rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=239, length=20 Ok, cool, now let me try it from my windows xp box and the built in vpn client.. doesn't work: In radiusd -X I get: Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_unix: Attribute "User-Password" is required for authentication. modcall[authenticate]: module "unix" returns invalid for request 0 modcall: group authenticate returns invalid for request 0 auth: Failed to validate the user. And in /var/log/messages I get: Apr 15 14:13:39 rickp4a pppd[12286]: Peer test failed CHAP authentication (that's the only bad line I see) And on the windows xp client I get this: Verifying username and password... Access was denied because the username and/or password was invalid on the domain. Ok, now that doesn't work.. ultimately I'd like to use that, but if I had to use clear text I wouldn't mind either. Now I am going to try bob/bob. You can see the entry I added in users... [root@server ppp-2.4.3]# cat /etc/raddb/users | head -n 4 bob Password == "bob" Reply-Message = "Hello, bob" Let's test it with radtest to make sure it works: [root@rickp4a root]# radtest bob bob localhost 1873 testing123 Sending Access-Request of id 40 to 127.0.0.1:1812 User-Name = "bob" User-Password = "bob" NAS-IP-Address = rickp4a.inscyber.net NAS-Port = 1873 rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=40, length=32 Reply-Message = "Hello, bob" Cool, it works. Now let me try it from my windows xp vpn client... here is the results: Here is a snippet from /var/log/messages first that doesn't look right... Apr 15 14:27:06 rickp4a pppd[12342]: MPPE required, but keys are not available. Possible plugin problem? ... Apr 15 14:27:06 rickp4a pptpd[12341]: GRE: read(fd=6,buffer=804eb00,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs And here is radiusd -X: Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 0 rlm_mschap: Told to do MS-CHAPv2 for bob with NT-Password modcall[authenticate]: module "mschap" returns ok for request 0 modcall: group Auth-Type returns ok for request 0 radius_xlat: 'Hello, bob' Sending Access-Accept of id 77 to 127.0.0.1:32825 Reply-Message = "Hello, bob" MS-CHAP2-Success = 0xa0533d31463232414342304538354230364334363238463030324232323245313645463943434143413838 And now the windows xp vpn client says: Verifying username and password... The PPP link control protocol was terminated Ok, so it looks like it works with radtest (locally) but not remotely? Is ppp not talking to radiusd correctly? Here are some version numbers: pppd version 2.4.3 Poptop v1.2.1 radiusd: FreeRADIUS Version 1.0.1, for host , built on Oct 28 2004 at 09:38:42 I've been as verbose as possible... any comments/advice is appreciated. Thank you, Bob _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
