End-User notification of a failed PAP authentication.

End-User notification of a failed PAP authentication.

Post by Vernon Schryv » Tue, 09 Jan 1996 04:00:00




>Most PPP stacks I dealt with give users meaningless  error messages on
>failed PAP authentication - something to the effect
>that PPP initialization failed.  Apparently, NAK that PPP server
>returns on incorrect user id/password may have other meanings,
>such as desire to do CHAP.

>Is this a correct assessment ?

Not if I understand the assessment.

The system that wants to check the identity of the other system first
sends LCP Configure-Requests asking for PAP or CHAP.  The other system
responds with an LCP Configure-Ack (agreeing with the requestor), a
Configure-Reject (refusing), or a Configure-Nak (suggesting an
alternative).  In the second two cases, the system with the security
concern sends another Configure-Request, possibly using the alternative
suggested with the Nak.  Eventually the other system must answer with
a Configure-Ack, or the concerned system must hang up the phone.
Finally, the other system sends a suitable PAP password-requests or
CHAP response to prove it knows the secret known only by the good guy.
If the secret is the wrong one, then the concerned system is supposed
to send a message to that effect and hang up the phone.

Note that things are symmetric.  The other system can demand authentication
in the same way.

See RFC 1334.


 
 
 

End-User notification of a failed PAP authentication.

Post by Mark Bergstro » Tue, 09 Jan 1996 04:00:00


Is CHAP or PAP really running?  Or do you have a mystery a your dialer
end?

The only way to debug both ends is on the /usr/etc/ppp (or wherever it is
on your server and dialer ends) is to run with -d or -ddd enabled so you
can go to the SYSLOG file or ppp.log and see exactly what happened.  

 
 
 

End-User notification of a failed PAP authentication.

Post by TLWV.. » Tue, 09 Jan 1996 04:00:00


Most PPP stacks I dealt with give users meaningless  error messages on
failed PAP authentication - something to the effect
that PPP initialization failed.  Apparently, NAK that PPP server
returns on incorrect user id/password may have other meanings,
such as desire to do CHAP.

Is this a correct assessment ?

Oleg Vishnepolsky

 
 
 

1. What does it mean: "PAP: Failed request for PAP credentials."

I get this message when trying to log in to a remote ACC congo:

   PAP: Failed request for PAP credentials.  Username XXX

XXX is the name of the cisco.

I interpret this message as coming from the cisco, not the congo,
is this correct?

The cisco uses tacacs for usernames and XXX is in tacacs.conf.

When the congo dials up everything is fine, but not when the cisco
dials up.

I have tried setting "callin" after "ppp authentication chap pap".
I use dialers in the cisco.

Thanks for your time!


2. ( Compileable Source ) Address of class changes.....

3. Reason 413: User authentication failed.

4. Brother HL660 printing problem

5. VPN Client 3.6.3(Rel) "The user authentication application failed to start"

6. running a batch file at logoff

7. PAP only authenticates first user in pap-secrets

8. RFI: USR Robotics(3com) Message Plus AT commands

9. Failed Authentication, Status "Unsupported Authentication Algorithm"

10. CWSI end-user PC monitoring

11. RADIUS end-user security

12. Looking Distributor for VoIP end-user Device

13. End-user purchase of Panasonic KXT-D system?