PPP using CHAP not PAP

PPP using CHAP not PAP

Post by Lee Shakespear » Wed, 11 Mar 1998 04:00:00



Hi Folks.

I'm trying to connect a Linux box (Slackware, 2.0.33, pppd 2.2.0g) via
an ISDN line to UUNet's new ISDN Messenger service in the UK.   The
service is designed for NT and Netware machines (I'm assured it's a
regular PPP connection, no MS extensions), but I'd rather use Linux.  
The problem I have is associated with the LCP negotiation.

To test the service I used minicom to dialup, exit, then run pppd from a
shell.  I run pppd with "pppd -d /dev/cua1 name USERNAME", and my
options file contains only :

asyncmap 0
lock
crtscts
modem

At first the negotiation is fine, the pppd's talk happily and agree not
to use compression.  The remote machine specifies chap md5, but my
machine insists on using pap!  I have a chap-secrets file with the
account details and the correct permissions.  

Can anyone enlighten me as to why my machine only wants to use pap?  Any
help would be very gratefully received.

Here's the output from syslog :

pppd[1216]: sent [LCP ConfReq id=0x1 <mru 1500> <asyncmap 0x0> <magic
0x915bbaf3> <pcomp> <accomp>]
pppd[1216]: rcvd [LCP ConfRej id=0x1 <pcomp> <accomp>]
pppd[1216]: sent [LCP ConfReq id=0x2 <mru 1500> <asyncmap 0x0> <magic
0x915bbaf3>]
pppd[1216]: rcvd [LCP ConfReq id=0xa <asyncmap 0x0> <auth pap> <magic
0xd212d38f>]
pppd[1216]: sent [LCP ConfNak id=0xa <auth chap md5>]
pppd[1216]: rcvd [LCP ConfAck id=0x2 <mru 1500> <asyncmap 0x0> <magic
0x915bbaf3>]
pppd[1216]: rcvd [LCP ConfReq id=0xb <asyncmap 0x0> <auth pap> <magic
0xd212d38f>]
pppd[1216]: sent [LCP ConfNak id=0xb <auth chap md5>]
pppd[1216]: rcvd [LCP ConfReq id=0xc <asyncmap 0x0> <auth pap> <magic
0xd212d38f>]
pppd[1216]: sent [LCP ConfNak id=0xc <auth chap md5>]
pppd[1216]: rcvd [LCP ConfReq id=0xd <asyncmap 0x0> <auth pap> <magic
0xd212d38f>]
...................
REPEAT

Regards,
 Lee

--

 
 
 

PPP using CHAP not PAP

Post by Patrick Kl » Wed, 11 Mar 1998 04:00:00




Quote:>At first the negotiation is fine, the pppd's talk happily and agree not
>to use compression.  The remote machine specifies chap md5, but my
>machine insists on using pap!  I have a chap-secrets file with the
>account details and the correct permissions.  

>Can anyone enlighten me as to why my machine only wants to use pap?  Any
>help would be very gratefully received.

You need to make a "pap-secrets" file.  Without it, pppd will NOT agree
to authenticate using PAP.  From "man pppd":

       The  default behaviour of pppd is to agree to authenticate
       if requested, and to not require authentication  from  the
       peer.  However, pppd will not agree to authenticate itself
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       with a particular protocol if  it  has  no  secrets  which
       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       could be used to do so.
       ^^^^^^^^^^^^^^^^^^^^^^
============================================================================

    Klos Technologies, Inc.                Voice: (603) 424-8300
    604 Daniel Webster Highway             FAX:   (603) 424-9300
    Merrimack, New Hampshire  03054        Web:   http://www.klos.com/
============================================================================

 
 
 

PPP using CHAP not PAP

Post by James Carlso » Wed, 11 Mar 1998 04:00:00



> At first the negotiation is fine, the pppd's talk happily and agree not
> to use compression.  The remote machine specifies chap md5, but my
> machine insists on using pap!  I have a chap-secrets file with the
> account details and the correct permissions.  

> Can anyone enlighten me as to why my machine only wants to use pap?  Any
> help would be very gratefully received.

Other way around -- your system is insisting on using CHAP.  They want
you to use PAP.

Quote:> pppd[1216]: sent [LCP ConfReq id=0x1 <mru 1500> <asyncmap 0x0> <magic
> 0x915bbaf3> <pcomp> <accomp>]
> pppd[1216]: rcvd [LCP ConfRej id=0x1 <pcomp> <accomp>]
> pppd[1216]: sent [LCP ConfReq id=0x2 <mru 1500> <asyncmap 0x0> <magic
> 0x915bbaf3>]
> pppd[1216]: rcvd [LCP ConfReq id=0xa <asyncmap 0x0> <auth pap> <magic
> 0xd212d38f>]
> pppd[1216]: sent [LCP ConfNak id=0xa <auth chap md5>]

              ^^^^

"sent" means that your system sent this message requesting CHAP
instead of PAP.

--

IronBridge Networks / 55 Hayden Avenue  71.246W    Vox:  +1 781 402 8032
Lexington MA  02173-7999 / USA          42.423N    Fax:  +1 781 402 8092
"PPP Design and Debugging" ------- http://id.wing.net/People/carlson/ppp

 
 
 

PPP using CHAP not PAP

Post by Soren Riis » Wed, 11 Mar 1998 04:00:00



> Hi Folks.

> I'm trying to connect a Linux box (Slackware, 2.0.33, pppd 2.2.0g) via
> ....
> Can anyone enlighten me as to why my machine only wants to use pap?  Any
> help would be very gratefully received.

Try to specify the refuse-pap option (I am using pppd.2.3.3, so check your
man pppd page), and
remove the /etc/ppp/pap-secrets file.

Soren

 
 
 

PPP using CHAP not PAP

Post by Lee Shakespear » Thu, 12 Mar 1998 04:00:00




> > At first the negotiation is fine, the pppd's talk happily and agree not
> > to use compression.  The remote machine specifies chap md5, but my
> > machine insists on using pap!  I have a chap-secrets file with the
> > account details and the correct permissions.

> > Can anyone enlighten me as to why my machine only wants to use pap?  Any
> > help would be very gratefully received.

> Other way around -- your system is insisting on using CHAP.  They want
> you to use PAP.

Thanks to everyone for the help with the problem.  Adding the user
account details to the pap-secrets file solved the problem.  Next time I
won't be so quick to believe UUNet's UK support.  I'll also stop
assuming that the log files are telling me what I want to see. :)

Regards,
 Lee.

--

 
 
 

1. pppd - PAP, CHAP, MS-CHAP, MS-CHAP-v2 protocol negotiation

Hi,

We have clients connecting to pppd 2.4.2b1.
Clients are able to connect using PAP, CHAP, MS-CHAP, MS-CHAP-v2 if
the pppd configuration is set up to require a specific protocol, eg:

If we change /etc/ppp/options to not request a specific protocol,
clients can only connect using PAP or MS-CHAP-V2. Client trying to
connect through CHAP or MS-CHAP fail and Pppd logs the error "peer
refused to authenticate: terminating link"

pppd configuration:

We'd like our clients to be able to connect using PAP, CHAP, MS-CHAP
or MS-CHAP-v2, the protocol being negotiated by server and client...

I suppose it's a pppd configuration issue; any help is highly
appreciated.
Thx.
dan

2. Linux Video conferencing

3. Setting up PPP (possibly using PAP/CHAP) on Redhat 7.1

4. change mail settings

5. Problems with PPP using CHAP and PAP

6. firewire and linux

7. using getty and ppp for pap/chap logins

8. Ether transfer rate

9. Howto dial ISP running NT4 - chap, pap, ms-chap?

10. SWBell PPP/PAP/CHAP/Whatthehell? RH 5.0

11. PPP script for client callback with PAP/CHAP

12. PPP, PAP, CHAP in plain english

13. PAP, CHAP or PPP ?