one script for pap/chap and manual authentication

one script for pap/chap and manual authentication

Post by Ming Ching Ti » Tue, 14 Sep 2004 12:42:41



I am using pppd and chat for doing a modem dialup
ppp. I am wondering if it is possible to write
a chat script which can be used for both chap/pap
authentication and manual ( user/password )
authentication, ie I would like to combine this two
script into one script :-

Manual Authentication
----------------------
''                  AT
'OK-+++\c-OK'       ATH0
TIMEOUT             60
OK          ATDT${TELEPHONE}
CONNECT             '\d\c'
gin:  username
word: password

Chap/PAP Authentication
----------------------
''                  AT
'OK-+++\c-OK'       ATH0
TIMEOUT             60
OK          ATDT${TELEPHONE}
CONNECT             '\d\c'

 
 
 

one script for pap/chap and manual authentication

Post by Moe Tr » Wed, 15 Sep 2004 07:51:21




>I am using pppd and chat for doing a modem dialup
>ppp. I am wondering if it is possible to write
>a chat script which can be used for both chap/pap
>authentication and manual ( user/password )
>authentication, ie I would like to combine this two
>script into one script :-

Why?   Nearly all ISPs in the world are set up to allow connections
from windoze "Dial Up Networking" - and that application doesn't
care about a manual login. There are ISPs that have mis-configured
terminal servers that will present a login prompt if you kick them,
but often this leads to a dead end.    Just set up for PAP (or CHAP
depending on your ISP) and don't worry about it. Windoze doesn't.

Quote:>Manual Authentication
>----------------------
>''                  AT
>'OK-+++\c-OK'       ATH0
>TIMEOUT             60
>OK          ATDT${TELEPHONE}

I realize you may be copying something from the ancient ppp-on-dialer
script that for some strange reason hasn't been altered since 1994, or
you are using stuff derived from Robert Hart's original PPP-HOWTO which
may be even older, but you really need to read your modem manual and
the 'chat' man page to see those commands actually do.

   ''                  AT

Wait for nothing (the '') then send a Hayes command prefix. This does
nothing useful to the modem.

   'OK-+++\c-OK'       ATH0

Wait for the modem to respond with 'OK' and if it doesn't, send the
Hayes command escape code, then wait a second, and hope for the 'OK.
IF you get this, send ATH0 which tells the modem to hang up the phone.
Now honestly, if the modem is keeping the phone busy, you are going to
get a terrible surprise when you see the telephone charges next month.

   TIMEOUT             60

Set the CHAT timeout to 60 seconds (the default is 45). Fairly useless,
as a normal call is connected within 30 seconds.

   OK          ATDT${TELEPHONE}

Wait for the modem to respond with OK, and then dial using the
contents of a shell variable.  This might work, but who knows what
the status of the modem is - you didn't initialize it.  

   CONNECT             '\d\c'

For the manual authentication, this is useless. Remove the line. Note
that some terminal servers actually want you so send _something_ at
this point to get them into text mode. Usually, that's the wrong
thing to do.

Now, compare the mess above, with this:

ABORT BUSY ABORT 'NO CARRIER' "" AT&F1 OK ATDT2662902 CONNECT \d\c

This script sets two abort conditions (the line is busy, or something
Other than a modem answers), then waits for nothing ( "" ) and sends
an init string (check your modem manual). When the modem responds with
OK, it dials the phone number, and waits for the modem to report
establishing a connection. The script then waits one second ( \d )
and exits without sending the normal newline character ( \c ).

        Old guy

 
 
 

one script for pap/chap and manual authentication

Post by Ming-Ching Tie » Wed, 15 Sep 2004 10:29:40



> Why?   Nearly all ISPs in the world are set up to allow connections
> from windoze "Dial Up Networking" - and that application doesn't
> care about a manual login. There are ISPs that have mis-configured
> terminal servers that will present a login prompt if you kick them,
> but often this leads to a dead end.    Just set up for PAP (or CHAP
> depending on your ISP) and don't worry about it. Windoze doesn't.

Well I used your script to deal with a ISP here ( which I know
they show login/passwd prompt ), it does not connect; while
if I used my script which does the manual authentication, it
successfully connects.

So my question now is how does Windows does it if it does
not send login/password ?

I suspect the chating capability in Windows is far more smarter
than the 'chat' program on Linux, ie it looks for login/password,
if present, it assume manual authentication; otherwise it does
pap/chap; something which the Linux chat program cannot do.
Perhaps wvdial does it.

 
 
 

one script for pap/chap and manual authentication

Post by Clifford Kit » Thu, 16 Sep 2004 03:32:48



> I suspect the chating capability in Windows is far more smarter
> than the 'chat' program on Linux, ie it looks for login/password,
> if present, it assume manual authentication; otherwise it does
> pap/chap; something which the Linux chat program cannot do.
> Perhaps wvdial does it.

I think wvdial might work for you; it does look for a login prompt if
the Stupid mode is not turned on.  But if wvdial finds a login prompt
then it will expect to do a login/password authentication and afterwards
start PPP.  Some ISPs present a login/password prompt but don't really
want customers to use it.  The prompt may be legacy, or a way for ISP
personnel to login and do something, but a customer needs to start PPP
immediately instead doing the login/password dance first.  A customer
using software that tries that dance first with such an ISP may not be
able to connect with PPP.

--

PPP-Q&A links, downloads:                      http://ckite.no-ip.net/

 
 
 

one script for pap/chap and manual authentication

Post by Moe Tr » Thu, 16 Sep 2004 09:12:56



>Well I used your script to deal with a ISP here ( which I know
>they show login/passwd prompt ), it does not connect; while
>if I used my script which does the manual authentication, it
>successfully connects.

   http://axion.physics.ubc.ca/ppp-linux.html
   http://www.theory.physics.ubc.ca/ppp-linux.html

That page will show how to get log data.  Did you remember to set the
'user mingching.tiew' option to pppd, so that it knows who to say is
calling? Did you set up /etc/ppp/pap-secrets correctly?

Quote:>So my question now is how does Windows does it if it does
>not send login/password ?

DUN (the tool where you fill in the blanks, then press the OK button
_before_ the modem dials, and you do nothing further to get connected)
can't use scripts.  Are you using some other application?

Quote:>I suspect the chating capability in Windows is far more smarter
>than the 'chat' program on Linux, ie it looks for login/password,

I would doubt that _very_ much. You don't identify which version of
windoze you are using, and each version is different with how you set
up a log, but you should look at that.  Here are three suggestions
I've seen used to set up logging in windoze. These are copies of
a series of Usenet posts - so watch the quoting levels:

----------------
Go to Control Panel/Modems/Properties/Connection/Advanced. Check Record a
log file.

Quote:>system called Modemlog.txt. Can't find it.  Any suggestions?

That's the file name in Windows 95.  Windows 98 uses the modem's name
as the file name.  For example, mine is:

C:\WINDOWS\U.S. Robotics 56K FAX Win INT.log
-----------------
c:\windoze\ppplog.txt file (very large)
In your DUN folder, right click your ISP's icon and choose Properties.
Select the Server Types tab. On that window, you should ONLY have
Enable software compression checked, and TCP/IP in protocols. You
will see a box that says Record a log file for this connection. That
box, if checked, will start the ppplog.txt file. It can be used for
troubleshooting serious protocol problems, but most users will never
need that log. A word of caution, don't post that log without first
editing out your login and password information, which appears in
plain text. If you don't have a check in that log box, and you do
have a ppplog.txt file, check it's date. It can be deleted if is
old information.
-------------------

Quote:>Try turning on PPP logging.  I'm not sure offhand how to do this in XP;
>you might try the Win2k method:
>http://support.microsoft.com/default.aspx?scid=kb;[LN];234014

Yes, that's it, it also works in WinXP Pro.
-------------------

Quote:>if present, it assume manual authentication; otherwise it does
>pap/chap; something which the Linux chat program cannot do.
>Perhaps wvdial does it.

Searching the newsgroups comp.os.linux.networking and comp.protocols.ppp,
you will find that this often fails. As mentioned, ISPs set up for
windoze using PAP authentication, and ignore the text based login. This
is because that requires a login _shell_ on the terminal server, and
that's extra work to set up. Additionally, most windoze users wouldn't
know what to do once they sent a login/password, unless the ISP auto
starts pppd. So, given that authentication is built in to pppd, why
should the ISP worry about doing it the hard way?

As for wvdial - it defaults to looking for a login prompt and this sometimes
leads to failure, which is why wvdial includes a "stupid mode". The author
of that application is living in the 1980s, and hasn't recognized that
windoze killed the login prompt method. See the man page.

        Old guy

 
 
 

one script for pap/chap and manual authentication

Post by Bill Unr » Sun, 19 Sep 2004 07:51:35



]I am using pppd and chat for doing a modem dialup
]ppp. I am wondering if it is possible to write
]a chat script which can be used for both chap/pap
]authentication and manual ( user/password )
]authentication, ie I would like to combine this two
]script into one script :-

Already done by the wvdial program. Why do you want to reinvent the wheel?
Any such program will be flakey on some ISPs. Do you really forsee changing
ISPs that often? Just set up a script for each ISP and be much happier.

]Manual Authentication
]----------------------
]''                  AT
]'OK-+++\c-OK'       ATH0
]TIMEOUT             60
]OK          ATDT${TELEPHONE}
]CONNECT             '\d\c'

BAd Bad idea. The far side has no way of knowing to send you the
login/password. Use CONNECT '' instead.

]gin:  username
]word: password

]Chap/PAP Authentication
]----------------------
]''                  AT
]'OK-+++\c-OK'       ATH0
]TIMEOUT             60
]OK          ATDT${TELEPHONE}
]CONNECT             '\d\c'

Fine.

 
 
 

one script for pap/chap and manual authentication

Post by Bill Unr » Sun, 19 Sep 2004 07:55:38


]> Why?   Nearly all ISPs in the world are set up to allow connections
]> from windoze "Dial Up Networking" - and that application doesn't
]> care about a manual login. There are ISPs that have mis-configured
]> terminal servers that will present a login prompt if you kick them,
]> but often this leads to a dead end.    Just set up for PAP (or CHAP
]> depending on your ISP) and don't worry about it. Windoze doesn't.
]>

]Well I used your script to deal with a ISP here ( which I know
]they show login/passwd prompt ), it does not connect; while
]if I used my script which does the manual authentication, it
]successfully connects.

Since you show us nothing we cannot either believe you or disbelieve you.
Almost no ISPs use logon/password authentication. You might have one of the
very rare ones that do, or you might have something misconfigured.

]So my question now is how does Windows does it if it does
]not send login/password ?

]I suspect the chating capability in Windows is far more smarter
]than the 'chat' program on Linux, ie it looks for login/password,
]if present, it assume manual authentication; otherwise it does
]pap/chap; something which the Linux chat program cannot do.

Nope. The windows program is just as stupid as chat.

]Perhaps wvdial does it.

It tries. Often it works. sometimes it makes a complete hash of things.

 
 
 

1. pppd - PAP, CHAP, MS-CHAP, MS-CHAP-v2 protocol negotiation

Hi,

We have clients connecting to pppd 2.4.2b1.
Clients are able to connect using PAP, CHAP, MS-CHAP, MS-CHAP-v2 if
the pppd configuration is set up to require a specific protocol, eg:

If we change /etc/ppp/options to not request a specific protocol,
clients can only connect using PAP or MS-CHAP-V2. Client trying to
connect through CHAP or MS-CHAP fail and Pppd logs the error "peer
refused to authenticate: terminating link"

pppd configuration:

We'd like our clients to be able to connect using PAP, CHAP, MS-CHAP
or MS-CHAP-v2, the protocol being negotiated by server and client...

I suppose it's a pppd configuration issue; any help is highly
appreciated.
Thx.
dan

2. getrusage bug?

3. PAP & CHAP authentication in PPP

4. SB16 P-N-P sound card driver in 2.0.30 kernel

5. Pap/Chap authentication with Suse Linux

6. add a locale in SOLARIS 8 environnement

7. CHAP or PAP authentication

8. amd & anonymous ftp

9. Problem with authentication - PAP/CHAP

10. Is it possible to make PPP use authentication server vs PAP/CHAP?

11. CHAP and PAP authentication

12. Howto dial ISP running NT4 - chap, pap, ms-chap?

13. Request for Help with pap/chap pppd dial-in script