At 10:00 AM 10/31/2001 -0500, Matt Nowina wrote:
>Hi Again,
>
>I've finally succeeded in successfully setting up MS-CHAP authentication
>for pptp clients (Thanks to Alan for his assistance with the rlm_mschap
>module),
Excellent! :)
>but I have hit a snag negotiating mppe encryption. It appears
>that the cisco router doesn't understand or is not receiving mppe keys
>from the radius server.
>
>In looking through the RFC for MS-CHAP, it states that the access-accept
>packet should contain one or no instances of the following:
>
>7 MS-MPPE-Encryption-Policy
>8 MS-MPPE-Encryption-Type
>12 MS-CHAP-MPPE-Keys
>16 MS-MPPE-Send-Key
>17 MS-MPPE-Recv-Key
>
>Although I can set these values under the 'users' file to send back
>during the negotiation, I cant seem to figure out the proper syntax to
>declare them in octet form.
What are the dictionary entires you have currently, and what does your
users file look like now for the value?
>The 2 other questions I had were first, is
>the des function included with rlm_mschap able to negotiate 40bit &
>128bit encryption or is it limited to 56-bit?
Not sure on this one, as I'm not as familiar with that module.
>And secondly whether there
>is a way to use the radius server only for authentication and then punt
>the encryption process back to the router after a user has been
>successfully authenticated?
Not quite sure what you mean by this. Can you elaborate a little more?
-Chris
--
\\\|||/// \ Chris Parker - Manager, Development Engineering
\ ~ ~ / \ WX *is* Wireless! \ [EMAIL PROTECTED]
| @ @ | \ http://www.starnetwx.net \ (847) 963-0116
oOo---(_)---oOo--\------------------------------------------------------
\ Without C we would have 'obol', 'basi', and 'pasal'
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
