Very Computer

by dn » Tue, 17 Dec 2002 17:28:16

Hi,

We have clients connecting to pppd 2.4.2b1.
Clients are able to connect using PAP, CHAP, MS-CHAP, MS-CHAP-v2 if
the pppd configuration is set up to require a specific protocol, eg:

Quote:>vi /etc/ppp/options
>lock
>nodefaultroute
>auth
>debug
>ms-dns 212.56.227.10
>idle 900
>plugin /home/e/ppp/pppd/plugins/radius/radius.so
>plugin /home/e/ppp/pppd/plugins/radius/radattr.so
>require-chap

If we change /etc/ppp/options to not request a specific protocol,
clients can only connect using PAP or MS-CHAP-V2. Client trying to
connect through CHAP or MS-CHAP fail and Pppd logs the error "peer
refused to authenticate: terminating link"

pppd configuration:

Quote:>vi /etc/ppp/options
>lock
>nodefaultroute
>auth
>debug
>ms-dns 212.56.227.10
>idle 900
>plugin /home/e/ppp/pppd/plugins/radius/radius.so
>plugin /home/e/ppp/pppd/plugins/radius/radattr.so

We'd like our clients to be able to connect using PAP, CHAP, MS-CHAP
or MS-CHAP-v2, the protocol being negotiated by server and client...

I suppose it's a pppd configuration issue; any help is highly
appreciated.
Thx.
dan

by **Bill Unr** » Wed, 18 Dec 2002 02:31:51

]Hi,

]We have clients connecting to pppd 2.4.2b1.
]Clients are able to connect using PAP, CHAP, MS-CHAP, MS-CHAP-v2 if
]the pppd configuration is set up to require a specific protocol, eg:

]>vi /etc/ppp/options
]>lock
]>nodefaultroute
]>auth
]>debug
]>ms-dns 212.56.227.10
]>idle 900
]>plugin /home/e/ppp/pppd/plugins/radius/radius.so
]>plugin /home/e/ppp/pppd/plugins/radius/radattr.so
]>require-chap

]If we change /etc/ppp/options to not request a specific protocol,
]clients can only connect using PAP or MS-CHAP-V2. Client trying to
]connect through CHAP or MS-CHAP fail and Pppd logs the error "peer
]refused to authenticate: terminating link"

You give no information. Post the debug logs on some failed situations
with mschap or chap. Remember there is no way that pppd can intuit what
method the far side can use. It is up to them to conf-nak what they can
use.

]pppd configuration:
]>vi /etc/ppp/options
]>lock
]>nodefaultroute
]>auth
]>debug
]>ms-dns 212.56.227.10
]>idle 900
]>plugin /home/e/ppp/pppd/plugins/radius/radius.so
]>plugin /home/e/ppp/pppd/plugins/radius/radattr.so

]We'd like our clients to be able to connect using PAP, CHAP, MS-CHAP
]or MS-CHAP-v2, the protocol being negotiated by server and client...

]I suppose it's a pppd configuration issue; any help is highly
]appreciated.
]Thx.
]dan

by **Clifford Kit** » Wed, 18 Dec 2002 02:28:14

> We have clients connecting to pppd 2.4.2b1.

It sounds like a bug to me. The "b" in 2.4.2b1 is for "beta," this is
really a question for the maintainer or you can post it on the ppp-linux

Quote:> Clients are able to connect using PAP, CHAP, MS-CHAP, MS-CHAP-v2 if
> the pppd configuration is set up to require a specific protocol, eg:
>>require-chap
> If we change /etc/ppp/options to not request a specific protocol,
> clients can only connect using PAP or MS-CHAP-V2. Client trying to
> connect through CHAP or MS-CHAP fail and Pppd logs the error "peer
> refused to authenticate: terminating link"
>>auth
> We'd like our clients to be able to connect using PAP, CHAP, MS-CHAP
> or MS-CHAP-v2, the protocol being negotiated by server and client...

PPP-Q&A links, downloads: http://users3.ev1.net/~ckite/public_html/

by dn » Thu, 19 Dec 2002 19:14:20

Thanks for your answer. According to your reply, it seems to be a pppd
bug (pppd logs "rcvd [LCP ConfNak id=0x9 <auth chap MS>]")...

This posting provides 3 example logs of the previously described
problem:
1. A FAILED chap MS connection (with all protocols enabled in
/etc/ppp/options)
2. A successful chap MS connection (with all protocols enabled in
/etc/ppp/options)
3. A successful chap MS-v2 connection (with "require-mschap" set in
/etc/ppp/options)

------------------------------------------------------------------------------
1. A FAILED chap MS connection (with all protocols enabled in
/etc/ppp/options)
------------------------------------------------------------------------------
Dec 18 09:40:37 curhsi02 pppd[2342]: Plugin
/home/user/ppp/pppd/plugins/radius/radius.so loaded.
Dec 18 09:40:37 curhsi02 pppd[2342]: RADIUS plugin initialized.
Dec 18 09:40:37 curhsi02 pppd[2342]: Plugin
/home/user/ppp/pppd/plugins/radius/radattr.so loaded.
Dec 18 09:40:37 curhsi02 pppd[2342]: RADATTR plugin initialized.
Dec 18 09:40:37 curhsi02 pppd[2342]: pppd 2.4.2b1 started by root, uid
0
Dec 18 09:40:37 curhsi02 pppd[2342]: using channel 284
Dec 18 09:40:37 curhsi02 pppd[2342]: Using interface ppp0
Dec 18 09:40:37 curhsi02 pppd[2342]: Connect: ppp0 <--> /dev/pts/3
Dec 18 09:40:38 curhsi02 pppd[2342]: sent [LCP ConfReq id=0x1
<asyncmap 0x0> <auth eap> <magic 0x4585b54f> <pcomp

> <accomp>]

Dec 18 09:40:38 curhsi02 pptpd[2341]: GRE: Bad checksum from pppd
Dec 18 09:40:38 curhsi02 pppd[2342]: rcvd [LCP ConfReq id=0x0 <magic
0x16f25d92> <pcomp> <accomp> <callback CBCP>
<mrru 1614> <endpoint
[local:7e.af.86.e3.9e.29.42.1d.81.b3.91.0d.76.3d.89.e1.00.00.00.04]>]
Dec 18 09:40:38 curhsi02 pppd[2342]: sent [LCP ConfRej id=0x0
<callback CBCP> <mrru 1614>]
Dec 18 09:40:38 curhsi02 pppd[2342]: rcvd [LCP ConfReq id=0x1 <magic
0x16f25d92> <pcomp> <accomp> <endpoint [loca
l:7e.af.86.e3.9e.29.42.1d.81.b3.91.0d.76.3d.89.e1.00.00.00.04]>]
Dec 18 09:40:38 curhsi02 pppd[2342]: sent [LCP ConfAck id=0x1 <magic
0x16f25d92> <pcomp> <accomp> <endpoint [loca
l:7e.af.86.e3.9e.29.42.1d.81.b3.91.0d.76.3d.89.e1.00.00.00.04]>]
Dec 18 09:40:41 curhsi02 pppd[2342]: sent [LCP ConfReq id=0x1
<asyncmap 0x0> <auth eap> <magic 0x4585b54f> <pcomp

> <accomp>]

Dec 18 09:40:41 curhsi02 pppd[2342]: rcvd [LCP ConfNak id=0x1 <auth
chap MS>]
Dec 18 09:40:41 curhsi02 pppd[2342]: sent [LCP ConfReq id=0x2
<asyncmap 0x0> <auth chap MS-v2> <magic 0x4585b54f>
<pcomp> <accomp>]
Dec 18 09:40:41 curhsi02 pppd[2342]: rcvd [LCP ConfNak id=0x2 <auth
chap MS>]
Dec 18 09:40:41 curhsi02 pppd[2342]: sent [LCP ConfReq id=0x3
<asyncmap 0x0> <auth chap MS-v2> <magic 0x4585b54f>
<pcomp> <accomp>]
Dec 18 09:40:41 curhsi02 pppd[2342]: rcvd [LCP ConfNak id=0x3 <auth
chap MS>]
Dec 18 09:40:41 curhsi02 pppd[2342]: sent [LCP ConfReq id=0x4
<asyncmap 0x0> <auth chap MS-v2> <magic 0x4585b54f>
<pcomp> <accomp>]
Dec 18 09:40:41 curhsi02 pppd[2342]: rcvd [LCP ConfNak id=0x4 <auth
chap MS>]
Dec 18 09:40:41 curhsi02 pppd[2342]: sent [LCP ConfReq id=0x5
<asyncmap 0x0> <auth chap MS-v2> <magic 0x4585b54f>
<pcomp> <accomp>]
Dec 18 09:40:41 curhsi02 pppd[2342]: rcvd [LCP ConfNak id=0x5 <auth
chap MS>]
Dec 18 09:40:41 curhsi02 pppd[2342]: sent [LCP ConfReq id=0x6
<asyncmap 0x0> <auth chap MS-v2> <magic 0x4585b54f>
<pcomp> <accomp>]
Dec 18 09:40:41 curhsi02 pppd[2342]: rcvd [LCP ConfNak id=0x6 <auth
chap MS>]
Dec 18 09:40:41 curhsi02 pppd[2342]: sent [LCP ConfReq id=0x7
<asyncmap 0x0> <auth chap MS-v2> <magic 0x4585b54f>
<pcomp> <accomp>]
Dec 18 09:40:41 curhsi02 pppd[2342]: rcvd [LCP ConfNak id=0x7 <auth
chap MS>]
Dec 18 09:40:41 curhsi02 pppd[2342]: sent [LCP ConfReq id=0x8
<asyncmap 0x0> <auth chap MS-v2> <magic 0x4585b54f>
<pcomp> <accomp>]
Dec 18 09:40:41 curhsi02 pppd[2342]: rcvd [LCP ConfNak id=0x8 <auth
chap MS>]
Dec 18 09:40:41 curhsi02 pppd[2342]: sent [LCP ConfReq id=0x9
<asyncmap 0x0> <auth chap MS-v2> <magic 0x4585b54f>
<pcomp> <accomp>]
Dec 18 09:40:41 curhsi02 pppd[2342]: rcvd [LCP ConfNak id=0x9 <auth
chap MS>]
Dec 18 09:40:41 curhsi02 pppd[2342]: sent [LCP ConfReq id=0xa
<asyncmap 0x0> <auth chap MS-v2> <magic 0x4585b54f>
<pcomp> <accomp>]
Dec 18 09:40:41 curhsi02 pppd[2342]: rcvd [LCP ConfNak id=0xa <auth
chap MS>]
Dec 18 09:40:41 curhsi02 pppd[2342]: sent [LCP ConfReq id=0xb
<asyncmap 0x0> <auth chap MS-v2> <magic 0x4585b54f>
<pcomp> <accomp>]
Dec 18 09:40:41 curhsi02 pppd[2342]: rcvd [LCP ConfRej id=0xb <auth
chap MS-v2>]
Dec 18 09:40:41 curhsi02 pppd[2342]: sent [LCP ConfReq id=0xc
<asyncmap 0x0> <magic 0x4585b54f> <pcomp> <accomp>]
Dec 18 09:40:41 curhsi02 pptpd[2341]: CTRL: Ignored a SET LINK INFO
packet with real ACCMs!
Dec 18 09:40:41 curhsi02 pppd[2342]: rcvd [LCP ConfAck id=0xc
<asyncmap 0x0> <magic 0x4585b54f> <pcomp> <accomp>]
Dec 18 09:40:41 curhsi02 pppd[2342]: peer refused to authenticate:
terminating link
Dec 18 09:40:41 curhsi02 pppd[2342]: sent [LCP TermReq id=0xd "peer
refused to authenticate"]
Dec 18 09:40:41 curhsi02 pppd[2342]: rcvd [LCP code=0xc id=0x2 16 f2
5d 92 4d 53 52 41 53 56 35 2e 30 30]
Dec 18 09:40:41 curhsi02 pppd[2342]: sent [LCP CodeRej id=0xe 0c 02 00
12 16 f2 5d 92 4d 53 52 41 53 56 35 2e 30
30]
Dec 18 09:40:41 curhsi02 pppd[2342]: rcvd [LCP code=0xc id=0x3 16 f2
5d 92 4d 53 52 41 53 2d 31 2d 5a 45 45]
Dec 18 09:40:41 curhsi02 pptpd[2341]: GRE: read error: Bad file
descriptor
Dec 18 09:40:41 curhsi02 pppd[2342]: sent [LCP CodeRej id=0xf 0c 03 00
13 16 f2 5d 92 4d 53 52 41 53 2d 31 2d 5a
45 45]
Dec 18 09:40:41 curhsi02 pptpd[2341]: CTRL: PTY read or GRE write
failed (pty,gre)=(-1,-1)
Dec 18 09:40:41 curhsi02 pppd[2342]: rcvd [LCP TermAck id=0xd "peer
refused to authenticate"]
Dec 18 09:40:41 curhsi02 pptpd[2341]: CTRL: Client 192.168.37.137
control connection finished
Dec 18 09:40:41 curhsi02 pppd[2342]: Connection terminated.
Dec 18 09:40:41 curhsi02 pppd[2342]: tcflush failed: Input/output
error
Dec 18 09:40:41 curhsi02 pppd[2342]: Exit.

------------------------------------------------------------------------------
2. A successful chap MS connection (with all protocols enabled in
/etc/ppp/options)
------------------------------------------------------------------------------
Dec 18 09:55:50 curhsi02 pppd[2407]: Plugin
/home/user/ppp/pppd/plugins/radius/radius.so loaded.
Dec 18 09:55:50 curhsi02 pppd[2407]: RADIUS plugin initialized.
Dec 18 09:55:50 curhsi02 pppd[2407]: Plugin
/home/user/ppp/pppd/plugins/radius/radattr.so loaded.
Dec 18 09:55:50 curhsi02 pppd[2407]: RADATTR plugin initialized.
Dec 18 09:55:50 curhsi02 pppd[2407]: pppd 2.4.2b1 started by root, uid
0
Dec 18 09:55:50 curhsi02 pppd[2407]: using channel 285
Dec 18 09:55:50 curhsi02 pppd[2407]: Using interface ppp0
Dec 18 09:55:50 curhsi02 pppd[2407]: Connect: ppp0 <--> /dev/pts/3
Dec 18 09:55:50 curhsi02 pppd[2407]: sent [LCP ConfReq id=0x1
<asyncmap 0x0> <auth chap MS> <magic 0x9ef6cc4> <pcomp> <ac
comp>]
Dec 18 09:55:50 curhsi02 pptpd[2406]: GRE: Bad checksum from pppd
Dec 18 09:55:50 curhsi02 pppd[2407]: rcvd [LCP ConfReq id=0x0 <magic
0x132f4fa6> <pcomp> <accomp> <callback CBCP> <mrru 1
614> <endpoint [local:7e.af.86.e3.9e.29.42.1d.81.b3.91.0d.76.3d.89.e1.00.00.00.05]>]
Dec 18 09:55:50 curhsi02 pppd[2407]: sent [LCP ConfRej id=0x0
<callback CBCP> <mrru 1614>]
Dec 18 09:55:50 curhsi02 pppd[2407]: rcvd [LCP ConfReq id=0x1 <magic
0x132f4fa6> <pcomp> <accomp> <endpoint [local:7e.af.
86.e3.9e.29.42.1d.81.b3.91.0d.76.3d.89.e1.00.00.00.05]>]
Dec 18 09:55:50 curhsi02 pppd[2407]: sent [LCP ConfAck id=0x1 <magic
0x132f4fa6> <pcomp> <accomp> <endpoint [local:7e.af.
86.e3.9e.29.42.1d.81.b3.91.0d.76.3d.89.e1.00.00.00.05]>]
Dec 18 09:55:53 curhsi02 pppd[2407]: sent [LCP ConfReq id=0x1
<asyncmap 0x0> <auth chap MS> <magic 0x9ef6cc4> <pcomp> <ac
comp>]
Dec 18 09:55:53 curhsi02 pptpd[2406]: CTRL: Ignored a SET LINK INFO
packet with real ACCMs!
Dec 18 09:55:53 curhsi02 pppd[2407]: rcvd [LCP ConfAck id=0x1
<asyncmap 0x0> <auth chap MS> <magic 0x9ef6cc4> <pcomp> <ac
comp>]
Dec 18 09:55:53 curhsi02 pppd[2407]: sent [CHAP Challenge id=0x1
<da630c6af8082dfc>, name = "curhsi02.eng.astra-net.com"]
Dec 18 09:55:53 curhsi02 pppd[2407]: rcvd [LCP code=0xc id=0x2 13 2f
4f a6 4d 53 52 41 53 56 35 2e 30 30]
Dec 18 09:55:53 curhsi02 pppd[2407]: sent [LCP CodeRej id=0x2 0c 02 00
12 13 2f 4f a6 4d 53 52 41 53 56 35 2e 30 30]
Dec 18 09:55:53 curhsi02 pppd[2407]: rcvd [LCP code=0xc id=0x3 13 2f
4f a6 4d 53 52 41 53 2d 31 2d 5a 45 45]
Dec 18 09:55:53 curhsi02 pppd[2407]: sent [LCP CodeRej id=0x3 0c 03 00
13 13 2f 4f a6 4d 53 52 41 53 2d 31 2d 5a 45 45]
Dec 18 09:55:53 curhsi02 pppd[2407]: rcvd [CHAP Response id=0x1
<00000000000000000000000000000000000000000000000020f78a97
bb6b915f885289c669a981bbe5a078cc113a6dbb01>, name = "joel4"]
Dec 18 09:55:53 curhsi02 pppd[2407]: sent [CHAP Success id=0x1
"Welcome to curhsi02.eng.astra-net.com."]
Dec 18 09:55:53 curhsi02 pppd[2407]: sent [CCP ConfReq id=0x1 <deflate
15> <deflate(old#) 15> <bsd v1 15>]
Dec 18 09:55:53 curhsi02 pppd[2407]: sent [IPCP ConfReq id=0x1
<compress VJ 0f 01> <addr 212.56.228.9>]
Dec 18 09:55:53 curhsi02 pppd[2407]: CHAP peer authentication
succeeded for joel4
Dec 18 09:55:53 curhsi02 pppd[2407]: rcvd [CCP ConfReq id=0x4 <mppe +H
-M -S -L -D +C>]
Dec 18 09:55:53 curhsi02 pppd[2407]: sent [CCP ConfRej id=0x4 <mppe +H
-M -S -L -D +C>]
Dec 18 09:55:53 curhsi02 pppd[2407]: rcvd [IPCP ConfReq id=0x5 <addr
0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns
3 0.0.0.0> <ms-wins 0.0.0.0>]
Dec 18 09:55:53 curhsi02 pppd[2407]: sent [IPCP ConfRej id=0x5
<ms-wins 0.0.0.0> <ms-wins 0.0.0.0>]
Dec 18 09:55:53 curhsi02 pppd[2407]: rcvd [CCP ConfRej id=0x1 <deflate
15> <deflate(old#) 15> <bsd v1 15>]
Dec 18 09:55:53 curhsi02 pppd[2407]: sent [CCP ConfReq id=0x2]
Dec 18 09:55:53 curhsi02 pppd[2407]: rcvd [IPCP ConfRej id=0x1
<compress VJ 0f 01>]
Dec 18 09:55:53 curhsi02 pppd[2407]: sent [IPCP ConfReq id=0x2 <addr
212.56.228.9>]
Dec 18 09:55:53 curhsi02 pppd[2407]: rcvd [CCP TermReq id=0x6 13 2f 4f
a6 00 3c cd 74 00 00 02 dc]
Dec 18 09:55:53 curhsi02 pppd[2407]: sent ...

read more »

by **Clifford Kit** » Thu, 19 Dec 2002 23:55:22

> Thanks for your answer. According to your reply, it seems to be a pppd
> bug (pppd logs "rcvd [LCP ConfNak id=0x9 <auth chap MS>]")...
> This posting provides 3 example logs of the previously described
> problem:
> 1. A FAILED chap MS connection (with all protocols enabled in
> /etc/ppp/options)
> 2. A successful chap MS connection (with all protocols enabled in
> /etc/ppp/options)
> 3. A successful chap MS-v2 connection (with "require-mschap" set in
> /etc/ppp/options)
> --------------------------------------
> 1. A FAILED chap MS connection (with all protocols enabled in
> /etc/ppp/options)
> --------------------------------------

...

Quote:> Dec 18 09:40:37 curhsi02 pppd[2342]: Using interface ppp0
> Dec 18 09:40:37 curhsi02 pppd[2342]: Connect: ppp0 <--> /dev/pts/3
> Dec 18 09:40:38 curhsi02 pppd[2342]: sent [LCP ConfReq id=0x1
> <asyncmap 0x0> <auth eap> <magic 0x4585b54f> <pcomp> <accomp>]

The "eap" is a new one on me. It's in this log and the last log but
not in the second log, curious.

Quote:> Dec 18 09:40:41 curhsi02 pppd[2342]: rcvd [LCP ConfNak id=0x1 <auth
> chap MS>]
> Dec 18 09:40:41 curhsi02 pppd[2342]: sent [LCP ConfReq id=0x2
> <asyncmap 0x0> <auth chap MS-v2> <magic 0x4585b54f>
> <pcomp> <accomp>]
> Dec 18 09:40:41 curhsi02 pppd[2342]: rcvd [LCP ConfNak id=0x2 <auth
> chap MS>]

This is repeated many times and then pppd terminates the negotiations.
The peer is configured to request only MSCHAP-v1 and pppd either has
a bug, or the pppd MSCHAP-v1 implementation is incomplete and pppd
currently simply refuses to use it.

Quote:> --------------------------------------
> 2. A successful chap MS connection (with all protocols enabled in
> /etc/ppp/options)
> --------------------------------------

...

Quote:> Dec 18 09:55:50 curhsi02 pppd[2407]: Connect: ppp0 <--> /dev/pts/3
> Dec 18 09:55:50 curhsi02 pppd[2407]: sent [LCP ConfReq id=0x1
> <asyncmap 0x0> <auth chap MS> <magic 0x9ef6cc4> <pcomp> <ac> comp>]

No "eap" but instead the initial pppd request is for MSCHAP. If the
configuration is the same ("all protocols enabled") for pppd here
as in the first instance then why is this happening? The initial
authentication option, which is the very first LCP message by either
side, requested by pppd should not have changed.

Quote:> Dec 18 09:55:53 curhsi02 pptpd[2406]: CTRL: Ignored a SET LINK INFO
> packet with real ACCMs!
> Dec 18 09:55:53 curhsi02 pppd[2407]: rcvd [LCP ConfAck id=0x1
> <asyncmap 0x0> <auth chap MS> <magic 0x9ef6cc4> <pcomp> <ac
> comp>]

The peer is now configured to accept MSCHAP-v1, pppd ACKs the request,
and the PPP link is then successful - so this pppd *is* capable of
using MSCHAP-v1. This could be connected with the absence of "eap"
in this instance. Something *had* to change in the pppd configuration
to make "eap" go away. It's too much to believe that pppd randomly
changes the initial authentication option in the LCP negotiations.

...

Quote:> --------------------------------------
> 3. A successful chap MS-v2 connection (with "require-mschap" set in
> /etc/ppp/options)
> --------------------------------------

...

Quote:> Dec 18 09:40:10 curhsi02 pppd[2337]: Connect: ppp0 <--> /dev/pts/3
> Dec 18 09:40:10 curhsi02 pppd[2337]: sent [LCP ConfReq id=0x1
> <asyncmap 0x0> <auth eap> <magic 0xeccb49ea> <pcomp
>> <accomp>]

Here "eap" is back as the initial authentication option pppd requests. :/
...

Quote:> Dec 18 09:40:13 curhsi02 pppd[2337]: rcvd [LCP ConfNak id=0x1 <auth
> chap MS-v2>]
> Dec 18 09:40:13 curhsi02 pppd[2337]: sent [LCP ConfReq id=0x2
> <asyncmap 0x0> <auth chap MS-v2> <magic 0xeccb49ea>
> <pcomp> <accomp>]

No mystery here, this version of pppd can do MSCHAP-v2 and that's what
the peer requested.

Something's not in Kansas anymore and I'm not entirely sure that
it's pppd. :)

PPP-Q&A links, downloads: http://users3.ev1.net/~ckite/public_html/

by dn » Fri, 20 Dec 2002 17:59:08

oops, just noticed I made some mistakes in the log descriptions.
Sorry! Here's what it should be like:

1. A FAILED chap MS connection (with all protocols enabled in
/etc/ppp/options)
2. A successful chap MS connection (with "require-mschap" set in
/etc/ppp/options)
3. A successful chap MS-v2 connection (with all protocols enabled in
/etc/ppp/options)

> > Thanks for your answer. According to your reply, it seems to be a pppd
> > bug (pppd logs "rcvd [LCP ConfNak id=0x9 <auth chap MS>]")...

> > This posting provides 3 example logs of the previously described
> > problem:
> > 1. A FAILED chap MS connection (with all protocols enabled in
> > /etc/ppp/options)
> > 2. A successful chap MS connection (with all protocols enabled in
> > /etc/ppp/options)
> > 3. A successful chap MS-v2 connection (with "require-mschap" set in
> > /etc/ppp/options)

> > --------------------------------------
> > 1. A FAILED chap MS connection (with all protocols enabled in
> > /etc/ppp/options)
> > --------------------------------------
> ...

> > Dec 18 09:40:37 curhsi02 pppd[2342]: Using interface ppp0
> > Dec 18 09:40:37 curhsi02 pppd[2342]: Connect: ppp0 <--> /dev/pts/3
> > Dec 18 09:40:38 curhsi02 pppd[2342]: sent [LCP ConfReq id=0x1
> > <asyncmap 0x0> <auth eap> <magic 0x4585b54f> <pcomp> <accomp>]

> The "eap" is a new one on me. It's in this log and the last log but
> not in the second log, curious.

> > Dec 18 09:40:41 curhsi02 pppd[2342]: rcvd [LCP ConfNak id=0x1 <auth
> > chap MS>]
> > Dec 18 09:40:41 curhsi02 pppd[2342]: sent [LCP ConfReq id=0x2
> > <asyncmap 0x0> <auth chap MS-v2> <magic 0x4585b54f>
> > <pcomp> <accomp>]
> > Dec 18 09:40:41 curhsi02 pppd[2342]: rcvd [LCP ConfNak id=0x2 <auth
> > chap MS>]

> This is repeated many times and then pppd terminates the negotiations.
> The peer is configured to request only MSCHAP-v1 and pppd either has
> a bug, or the pppd MSCHAP-v1 implementation is incomplete and pppd
> currently simply refuses to use it.

> > --------------------------------------
> > 2. A successful chap MS connection (with all protocols enabled in
> > /etc/ppp/options)
> > --------------------------------------
> ...

> > Dec 18 09:55:50 curhsi02 pppd[2407]: Connect: ppp0 <--> /dev/pts/3
> > Dec 18 09:55:50 curhsi02 pppd[2407]: sent [LCP ConfReq id=0x1
> > <asyncmap 0x0> <auth chap MS> <magic 0x9ef6cc4> <pcomp> <ac> comp>]

> No "eap" but instead the initial pppd request is for MSCHAP. If the
> configuration is the same ("all protocols enabled") for pppd here
> as in the first instance then why is this happening? The initial
> authentication option, which is the very first LCP message by either
> side, requested by pppd should not have changed.

> > Dec 18 09:55:53 curhsi02 pptpd[2406]: CTRL: Ignored a SET LINK INFO
> > packet with real ACCMs!
> > Dec 18 09:55:53 curhsi02 pppd[2407]: rcvd [LCP ConfAck id=0x1
> > <asyncmap 0x0> <auth chap MS> <magic 0x9ef6cc4> <pcomp> <ac
> > comp>]

> The peer is now configured to accept MSCHAP-v1, pppd ACKs the request,
> and the PPP link is then successful - so this pppd *is* capable of
> using MSCHAP-v1. This could be connected with the absence of "eap"
> in this instance. Something *had* to change in the pppd configuration
> to make "eap" go away. It's too much to believe that pppd randomly
> changes the initial authentication option in the LCP negotiations.

> ...

> > --------------------------------------
> > 3. A successful chap MS-v2 connection (with "require-mschap" set in
> > /etc/ppp/options)
> > --------------------------------------
> ...

> > Dec 18 09:40:10 curhsi02 pppd[2337]: Connect: ppp0 <--> /dev/pts/3
> > Dec 18 09:40:10 curhsi02 pppd[2337]: sent [LCP ConfReq id=0x1
> > <asyncmap 0x0> <auth eap> <magic 0xeccb49ea> <pcomp
> >> <accomp>]

> Here "eap" is back as the initial authentication option pppd requests. :/
> ...

> > Dec 18 09:40:13 curhsi02 pppd[2337]: rcvd [LCP ConfNak id=0x1 <auth
> > chap MS-v2>]
> > Dec 18 09:40:13 curhsi02 pppd[2337]: sent [LCP ConfReq id=0x2
> > <asyncmap 0x0> <auth chap MS-v2> <magic 0xeccb49ea>
> > <pcomp> <accomp>]

> No mystery here, this version of pppd can do MSCHAP-v2 and that's what
> the peer requested.

> Something's not in Kansas anymore and I'm not entirely sure that
> it's pppd. :)

> PPP-Q&A links, downloads: http://users3.ev1.net/~ckite/public_html/

Very Computer

pppd - PAP, CHAP, MS-CHAP, MS-CHAP-v2 protocol negotiation

pppd - PAP, CHAP, MS-CHAP, MS-CHAP-v2 protocol negotiation

pppd - PAP, CHAP, MS-CHAP, MS-CHAP-v2 protocol negotiation

pppd - PAP, CHAP, MS-CHAP, MS-CHAP-v2 protocol negotiation

pppd - PAP, CHAP, MS-CHAP, MS-CHAP-v2 protocol negotiation

pppd - PAP, CHAP, MS-CHAP, MS-CHAP-v2 protocol negotiation

pppd - PAP, CHAP, MS-CHAP, MS-CHAP-v2 protocol negotiation