Mark H. Mabry wrote: > Hi, > I'm trying to connect to my work's WinNT RAS server. During initial > negotiations between the machines, I get this problem with the CHAP > authentication:
How surprising (but read on). > Jan 16 09:44:36 crimson pppd[18696]: sent [LCP ConfReq id=0x1 <mru 1500> > <asyncmap 0x0> <magic 0x9951290e> <pcomp> <accomp>] > Jan 16 09:44:36 crimson pppd[18696]: rcvd [LCP ConfReq id=0x0 <asyncmap 0x0> > <auth chap msoft> <magic 0x420> <pcomp> <accomp>] > Jan 16 09:44:36 crimson pppd[18696]: sent [LCP ConfRej id=0x0 <auth chap > msoft> > ] > Jan 16 09:44:36 crimson pppd[18696]: rcvd [LCP ConfAck id=0x1 <mru 1500> > <asyncmap 0x0> <magic 0x9951290e> <pcomp> <accomp>] > Jan 16 09:44:36 crimson pppd[18696]: rcvd [LCP TermReq id=0x1 00 00 02 dc] > Jan 16 09:44:36 crimson pppd[18696]: sent [LCP TermAck id=0x1] > > Looks to me like my machine is rejecting the request to use Microsoft CHAP > authentication. Is that correct? Has anyone else seen this? This is indeed correct. I believe the latest HAMM ppp package includes support for ms-chap. If you like to run stable software though and still have bo (I do) then there *is* a solution. If you're using the RAS which came with NT 4.0 (even if you have Service Pak 3) NT you may have to get into the registry. But first you can try the following. You need to set your ppp options so that pap authentication is possible. I use something like the following command line: /usr/sbin/pppd /dev/ttyS0 38400 user DOMAIN\\username crtscts lock modem connect "/usr/sbin/chat -v -t 120 ABORT BUSY ABORT 'NO CARRIER' '' ATZ OK ATE0V1 OK ATDT555-1212 CONNECT" Note that I use DOMAIN\\username for the 'user' parameter because I'm logging into an NT box that wants me to log on as a domain user. If your user is defined locally then you don't need to DOMAIN\\ part. You will also need to add your password to the /etc/ppp/pap-secrets file. You'll need a line like: DOMAIN\\user * password When you dial in thus to the NT box you'll get logs like: Jan 14 17:19:20 chilin pppd[22286]: sent [LCP ConfReq id=0x1 <mru 1500> <magic 0 xf2c0d760> <pcomp> <accomp>] Jan 14 17:19:21 chilin pppd[22286]: rcvd [LCP ConfReq id=0x0 <asyncmap 0x0> <aut h chap msoft> <magic 0x7f95> <pcomp> <accomp>] Jan 14 17:19:21 chilin pppd[22286]: sent [LCP ConfNak id=0x0 <auth pap>] Jan 14 17:19:21 chilin pppd[22286]: rcvd [LCP ConfAck id=0x1 <mru 1500> <magic 0 xf2c0d760> <pcomp> <accomp>] Jan 14 17:19:21 chilin pppd[22286]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <aut h pap> <magic 0x7f95> <pcomp> <accomp>] Note how this time the client ConfNak's, suggesting instead auth pap? That's the stuff you're after. If this doesn't work, you probably have to modify the registry on the NT box to effectively disable ms-chap. Start up regedt32 and go to \\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RasMan\PPP. There you'll see two values, ForceEncryptedPassword and ForceStrongEncryption. Set them both to zero. Then try again. If that doesn't do the trick. Go back to the same spot in the registry. There should be a subkey there called CHAP. Delete the whole subkey. Then try again. Make sure you stop/start the RAS service after you change settings in the registry. This should work. Note that there is an article in the M$ Knowledge Base. You should look it up on their web page for more in depth info on the problem. > > > I'm using ppp-2.2.0f-23, and kernel v2.0.27. > > Thanks, > > -- > Mark Mabry > [EMAIL PROTECTED] > > PGP public key on web page > > ------------------------------------------------------------------------ > > Part 1.2 Type: application/pgp-signature -- Jens B. Jorgensen [EMAIL PROTECTED] -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
