pppd authentication problems.

pppd authentication problems.

Post by joao coel » Wed, 11 Feb 2004 02:37:05



I am getting a message when i try pppd.  The message says: "Peer
refused to authenticate: terminating link." . Then i get another
message following this one which says that "Peer rejected our demand
for 0xc023 (Password Authentication Protocol)
Connection Terminated."
I have the pap-secrets file with the following: myname  * * * on both
the dial out machine and the dial-in machine.  I had this working
today but now i am getting these messages.  Does anyone have any ideas
or suggestions? Thanks.
 
 
 

pppd authentication problems.

Post by James Carlso » Thu, 12 Feb 2004 00:04:56



> I am getting a message when i try pppd.  The message says: "Peer
> refused to authenticate: terminating link." . Then i get another
> message following this one which says that "Peer rejected our demand
> for 0xc023 (Password Authentication Protocol)
> Connection Terminated."

Please post debug logs.

At a guess, you're demanding authentication from a peer that refuses
to supply it.  If that peer is your ISP, then you really should have
"noauth" in your pppd configuration.

Quote:> I have the pap-secrets file with the following: myname  * * * on both
> the dial out machine and the dial-in machine.

That doesn't look right.  You should have something like this on the
client machine:

        clientname * "client password"

and on the server side:

        clientname * "client password" *

or just "" on the server side if the "login" option is in use, or a
crypt(3c) string if "papcrypt" is in use.

"*" alone as a password doesn't make sense to me.

The client side will also likely need the pppd "user clientname"
option to specify the name to use when authenticating to the peer,
unless that happens to be identical to the system's hostname.

If you're really trying to do bidirection authentication (both sides
authenticating the other's identity), then you'll need two sets of
secrets on each end; one for each direction.

Quote:>  I had this working
> today but now i am getting these messages.  Does anyone have any ideas
> or suggestions? Thanks.

Debug logs and complete configuration files, please.

--

Sun Microsystems / 1 Network Drive         71.234W   Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757   42.497N   Fax +1 781 442 1677

 
 
 

pppd authentication problems.

Post by joao coel » Thu, 12 Feb 2004 08:31:24


James thanks i will post the logs. But i have not been able to figure
out how to make the debug post the logs to the /var/log/ppppdebug.  I
followed the instructions in the manuals (sun docs ) but it does not
seem to work. What i have been able to do is to make the pppd print
out the debug messages.  I have posted another question just today and
will see if i can work on some of your suggestions, else i will post
the logs that i get from the debug.  Thanks again.


> > I am getting a message when i try pppd.  The message says: "Peer
> > refused to authenticate: terminating link." . Then i get another
> > message following this one which says that "Peer rejected our demand
> > for 0xc023 (Password Authentication Protocol)
> > Connection Terminated."

> Please post debug logs.

> At a guess, you're demanding authentication from a peer that refuses
> to supply it.  If that peer is your ISP, then you really should have
> "noauth" in your pppd configuration.

> > I have the pap-secrets file with the following: myname  * * * on both
> > the dial out machine and the dial-in machine.

> That doesn't look right.  You should have something like this on the
> client machine:

>         clientname * "client password"

> and on the server side:

>         clientname * "client password" *

> or just "" on the server side if the "login" option is in use, or a
> crypt(3c) string if "papcrypt" is in use.

> "*" alone as a password doesn't make sense to me.

> The client side will also likely need the pppd "user clientname"
> option to specify the name to use when authenticating to the peer,
> unless that happens to be identical to the system's hostname.

> If you're really trying to do bidirection authentication (both sides
> authenticating the other's identity), then you'll need two sets of
> secrets on each end; one for each direction.

> >  I had this working
> > today but now i am getting these messages.  Does anyone have any ideas
> > or suggestions? Thanks.

> Debug logs and complete configuration files, please.

 
 
 

pppd authentication problems.

Post by joao coel » Thu, 12 Feb 2004 23:17:54


Quote:> > That doesn't look right.  You should have something like this on the
> > client machine:

> >         clientname * "client password"

> > and on the server side:

> >         clientname * "client password" *

When we use clientname * * * on the server and client side as i
indicated it works when i do this manually.
 
 
 

pppd authentication problems.

Post by joao coel » Fri, 13 Feb 2004 00:29:55


James,
Here is the output i get when i run my program.  What happens is that
if i do this manually i have no problems, even with the pap-secrets
set up the way i showed it.   But when i run the program, it does not
work.  The pppd call and options is set up the same way in both the
program and manually.  Anyway
here is the output.

serial speed set to 38400 bps
connect option: 'chat -v  "" "AT&F1"  OK ATDT8888888  CONNECT \c
ogin: cdf1_ppp  assword: cdf1_ppp  "" "exec pppd" \c ' started (pid
551)
Serial connection established.
serial speed set to 38400 bps
Using interface sppp0
Connect: sppp0 <--> /dev/cua/b
/etc/ppp/chap-secrets is apparently empty
sent [LCP ConfReq id=0x86 <asyncmap 0x0> <auth pap> <magic 0x49e4fc89>
<pcomp> <accomp>]
rcvd [LCP ConfReq id=0x86 <asyncmap 0x0> <auth pap> <magic 0x49e4fc89>
<pcomp> <accomp>]
sent [LCP ConfNak id=0x86 <magic 0x9f260ad>]
rcvd [LCP ConfNak id=0x86 <magic 0x9f260ad>]
sent [LCP ConfReq id=0x87 <asyncmap 0x0> <auth pap> <magic 0xa57133fb>
<pcomp> <accomp>]
rcvd [LCP ConfReq id=0x87 <asyncmap 0x0> <auth pap> <magic 0xa57133fb>
<pcomp> <accomp>]
sent [LCP ConfNak id=0x87 <magic 0x2de83565>]
rcvd [LCP ConfNak id=0x87 <magic 0x2de83565>]
sent [LCP ConfReq id=0x88 <asyncmap 0x0> <auth pap> <magic 0x3a446dd>
<pcomp> <accomp>]
rcvd [LCP ConfReq id=0x88 <asyncmap 0x0> <auth pap> <magic 0x3a446dd>
<pcomp> <accomp>]
sent [LCP ConfNak id=0x88 <magic 0xc4f8ceb0>]
rcvd [LCP ConfNak id=0x88 <magic 0xc4f8ceb0>]
sent [LCP ConfReq id=0x89 <asyncmap 0x0> <auth pap> <magic 0xe048c38>
<pcomp> <accomp>]
sent [LCP ConfReq id=0x89 <asyncmap 0x0> <auth pap> <magic 0xe048c38>
<pcomp> <accomp>]
sent [LCP ConfReq id=0x89 <asyncmap 0x0> <auth pap> <magic 0xe048c38>
<pcomp> <accomp>]
sent [LCP ConfReq id=0x89 <asyncmap 0x0> <auth pap> <magic 0xe048c38>
<pcomp> <accomp>]
sent [LCP ConfReq id=0x89 <asyncmap 0x0> <auth pap> <magic 0xe048c38>
<pcomp> <accomp>]
sent [LCP ConfReq id=0x89 <asyncmap 0x0> <auth pap> <magic 0xe048c38>
<pcomp> <accomp>]
sent [LCP ConfReq id=0x89 <asyncmap 0x0> <auth pap> <magic 0xe048c38>
<pcomp> <accomp>]
sent [LCP ConfReq id=0x89 <asyncmap 0x0> <auth pap> <magic 0xe048c38>
<pcomp> <accomp>]
sent [LCP ConfReq id=0x89 <asyncmap 0x0> <auth pap> <magic 0xe048c38>
<pcomp> <accomp>]
sent [LCP ConfReq id=0x89 <asyncmap 0x0> <auth pap> <magic 0xe048c38>
<pcomp> <accomp>]
LCP: timeout sending Config-Requests
Connection terminated.

 
 
 

pppd authentication problems.

Post by James Carlso » Fri, 13 Feb 2004 23:09:20



> serial speed set to 38400 bps
> connect option: 'chat -v  "" "AT&F1"  OK ATDT8888888  CONNECT \c
> ogin: cdf1_ppp  assword: cdf1_ppp  "" "exec pppd" \c ' started (pid
> 551)
> Serial connection established.
> serial speed set to 38400 bps
> Using interface sppp0
> Connect: sppp0 <--> /dev/cua/b
> /etc/ppp/chap-secrets is apparently empty
> sent [LCP ConfReq id=0x86 <asyncmap 0x0> <auth pap> <magic 0x49e4fc89>
> <pcomp> <accomp>]
> rcvd [LCP ConfReq id=0x86 <asyncmap 0x0> <auth pap> <magic 0x49e4fc89>
> <pcomp> <accomp>]
> sent [LCP ConfNak id=0x86 <magic 0x9f260ad>]
> rcvd [LCP ConfNak id=0x86 <magic 0x9f260ad>]

This is a broken connection.  You're talking to yourself.  The peer is
*NOT* running PPP at all.

At a guess, the chat script isn't working right.  I suspect that this
sequence is the problem:

        "" "exec pppd"

That says "don't wait for anything, just send 'exec pppd' right away."
That means it doesn't wait for a prompt, and the string is probably
just getting discarded by the peer.  This would be better as either
"$" "exec pppd" or "%" "exec pppd", depending on what that remote
shell prompt looks like.

Assuming that the peer really wants you to log in first (either mgetty
or setting that user's shell to /usr/bin/pppd might be a better answer
here)

--

Sun Microsystems / 1 Network Drive         71.234W   Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757   42.497N   Fax +1 781 442 1677

 
 
 

pppd authentication problems.

Post by James Carlso » Fri, 13 Feb 2004 23:11:47



> James thanks i will post the logs. But i have not been able to figure
> out how to make the debug post the logs to the /var/log/ppppdebug.

You should have something like this in /etc/syslog.conf:

        daemon.debug;local2.debug       /var/log/pppdebug

and then do this to tell syslog to reread that file and start logging:

        # touch /var/log/pppdebug
        # pkill -HUP syslogd

Note that syslogd won't write to a file that doesn't exist first.

Quote:>  I
> followed the instructions in the manuals (sun docs ) but it does not
> seem to work. What i have been able to do is to make the pppd print
> out the debug messages.  I have posted another question just today and
> will see if i can work on some of your suggestions, else i will post
> the logs that i get from the debug.  Thanks again.

OK.  The nice thing about syslog is that you also get timestamps,
which can be useful in diagnosing problems.  But it's probably not
crucial here.

--

Sun Microsystems / 1 Network Drive         71.234W   Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757   42.497N   Fax +1 781 442 1677

 
 
 

pppd authentication problems.

Post by joao coel » Tue, 17 Feb 2004 04:50:12


Quote:> At a guess, the chat script isn't working right.  I suspect that this
> sequence is the problem:

>         "" "exec pppd"

> That says "don't wait for anything, just send 'exec pppd' right away."
> That means it doesn't wait for a prompt, and the string is probably
> just getting discarded by the peer.  This would be better as either
> "$" "exec pppd" or "%" "exec pppd", depending on what that remote
> shell prompt looks like.
> Assuming that the peer really wants you to log in first (either mgetty
> or setting that user's shell to /usr/bin/pppd might be a better answer
> here)

That's what i did, set up the user's shell to /usr/bin/pppd . Then
what is the best way to do the exec pppd.  I basically just used the
above from some examples. If i should not be using "" "exec pppd" than
what should one use assuming that the user's shell is set to
/usr/bin/pppd as you mentioned.  Thanks.
 
 
 

pppd authentication problems.

Post by joao coel » Tue, 17 Feb 2004 23:52:16


I had seen your name on amazon.com while looking for books on ppp,
looks like there are only two books.  I had bought the book by Andrew
Sun, and the light finally went off in my head. I noticed the name and
realized you are the guy who wrote the other book, just so i decided
to purchase it.  Thanks for the help, at this time i am just going
over the logs trying to figure out what's going on.


> > James thanks i will post the logs. But i have not been able to figure
> > out how to make the debug post the logs to the /var/log/ppppdebug.

> You should have something like this in /etc/syslog.conf:

>         daemon.debug;local2.debug       /var/log/pppdebug

> and then do this to tell syslog to reread that file and start logging:

>         # touch /var/log/pppdebug
>         # pkill -HUP syslogd

> Note that syslogd won't write to a file that doesn't exist first.

> >  I
> > followed the instructions in the manuals (sun docs ) but it does not
> > seem to work. What i have been able to do is to make the pppd print
> > out the debug messages.  I have posted another question just today and
> > will see if i can work on some of your suggestions, else i will post
> > the logs that i get from the debug.  Thanks again.

> OK.  The nice thing about syslog is that you also get timestamps,
> which can be useful in diagnosing problems.  But it's probably not
> crucial here.

 
 
 

pppd authentication problems.

Post by James Carlso » Thu, 19 Feb 2004 00:17:35



> That's what i did, set up the user's shell to /usr/bin/pppd . Then
> what is the best way to do the exec pppd.  I basically just used the
> above from some examples. If i should not be using "" "exec pppd" than
> what should one use assuming that the user's shell is set to
> /usr/bin/pppd as you mentioned.  Thanks.

If it were set to that instead, then you wouldn't have any shell
interaction at all.  You'd just dial the modem with chat.

Something like this:

        "" "AT&F1" OK "ATDT555-1212" CONNECT "\c"

... but you may need to tailor for your particular modem.

--

Sun Microsystems / 1 Network Drive         71.234W   Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757   42.497N   Fax +1 781 442 1677

 
 
 

pppd authentication problems.

Post by James Carlso » Thu, 19 Feb 2004 00:19:53



> I had seen your name on amazon.com while looking for books on ppp,
> looks like there are only two books.  I had bought the book by Andrew
> Sun, and the light finally went off in my head. I noticed the name and
> realized you are the guy who wrote the other book, just so i decided
> to purchase it.  Thanks for the help, at this time i am just going
> over the logs trying to figure out what's going on.

Well, thanks.  I certainly appreciate it, but my book is really aimed
at developers who are interested in PPP, rather than at users of PPP.

You'd be much better served by looking around the web for FAQs if the
existing documentation is somehow incomplete.  Bill Unruh, for
instance, has a well-known and well-written FAQ for pppd users that
might be helpful.

        http://axion.physics.ubc.ca/ppp-linux.html

--

Sun Microsystems / 1 Network Drive         71.234W   Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757   42.497N   Fax +1 781 442 1677