On Mon, 17 Jan 2000, Mattias Zhabinskiy wrote:
|I decided to try PoPToP 1.0.0 - pptp server for linux -
|on RH 6.1 running 2.2.13 kernel and pppd 2.3.11
|(without MSCHAPv2 and MPPE 40-128 bit RC4 encryption
|patches).
Dunno much about PPTP.
|/etc/ppp/options.server file is:
|
|-detach
|asyncmap 0
|modem
|crtscts
|idle 720
|lock
|require-pap
|refuse-chap
The last two options above require that pppd request the peer authenticate
itself to pppd with PAP, and that pppd to refuse to use CHAP (of any kind)
to authenticate itself to the peer.
...
|Jan 14 12:40:15 dial1 pppd[16400]: pppd 2.3.11 started by , uid 0
|Jan 14 12:40:15 dial1 pppd[16400]: Using interface ppp0
|Jan 14 12:40:15 dial1 pppd[16400]: Connect: ppp0 <--> /dev/pts/1
|Jan 14 12:40:15 dial1 pppd[16400]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
|<auth pap> <magic 0x6e2f4556> <pcomp> <accomp>]
^^^^^^^^
Pppd requests that the peer authenticate using PAP.
|Jan 14 12:40:15 dial1 pppd[16400]: rcvd [LCP ConfReq id=0x0 <magic 0x3b9d>
|<pcomp> <accomp> <callback CBCP> < 11 04 06 4e> < 13 09 03 0\
|0 a0 c9 71 16 be>]
|Jan 14 12:40:15 dial1 pppd[16400]: sent [LCP ConfRej id=0x0 <callback CBCP> <
|11 04 06 4e> < 13 09 03 00 a0 c9 71 16 be>]
|Jan 14 12:40:15 dial1 pppd[16400]: rcvd [LCP ConfNak id=0x1 <auth chap m$oft>]
The peer NAKs the pppd PAP request and requests that it use MS-CHAP
(m$soft) to authenticate itself to pppd. Pppd is denied ACKing this
because of the refuse-chap option.
|Jan 14 12:40:15 dial1 pppd[16400]: sent [LCP ConfReq id=0x2 <asyncmap 0x0>
|<magic 0x6e2f4556> <pcomp> <accomp>]
|Jan 14 12:40:15 dial1 pppd[16400]: rcvd [LCP ConfReq id=0x1 <magic 0x3b9d>
|<pcomp> <accomp>]
|Jan 14 12:40:15 dial1 pppd[16400]: sent [LCP ConfAck id=0x1 <magic 0x3b9d>
|<pcomp> <accomp>]
|Jan 14 12:40:15 dial1 pppd[16400]: rcvd [LCP ConfAck id=0x2 <asyncmap 0x0>
|<magic 0x6e2f4556> <pcomp> <accomp>]
Pppd drops the authentication option from it's LCP request and the NT ACKs
the request with no authentication specified.
It seems strange for pppd to drop all authentication since it has the
require-pap option. A Paul Mackerras question: Does that happen because
the login option is also used or because pppd is run as root?
Apparently the NT can't complete the connection without authenticating
itself to you. It could end the PPP link gracefully with a LCP terminate
request but does not.
|Jan 14 12:40:15 dial1 pppd[16400]: sent [IPCP ConfReq id=0x1 <addr
|192.168.128.2> <compress VJ 0f 01>]
|Jan 14 12:40:15 dial1 pppd[16400]: sent [CCP ConfReq id=0x1 <deflate 15>
|<deflate(old#) 15> <bsd v1 15>]
|Jan 14 12:40:15 dial1 pppd[16400]: rcvd [LCP code=0xc id=0x2 00 00 3b 9d 4d 53
|52 41 53 56 34 2e 30 30]
The informational message reads MSRASV4.00. (I don't know why pppd doesn't
have the informational code implemented.)
---
Clifford Kite Not a guru. (tm)
-
To unsubscribe from this list: send the line "unsubscribe linux-ppp" in
the body of a message to [EMAIL PROTECTED]
