Trying to create a PPTP / L2TP dial up pool via MPd5

[Dave Yadallee]

Here is my config:
default:
#load radius
load l2tp_server
load pptp_server

Define dynamic IP address pool.

    set ippool add pool1 10.10.0.2 10.10.255.254

Create clonable bundle template named B

    create bundle template B_pptp
    set iface enable proxy-arp
    set iface idle 1800
    set iface enable tcpmssfix
    set ipcp yes vjcomp

Specify IP address pool for dynamic assigment.

    set ipcp ranges 10.10.0.1/32 ippool pool1
    set ipcp dns 192.168.81.1
    #set ipcp nbns 192.168.81.3

The five lines below enable Microsoft Point-to-Point encryption

(MPPE) using the ng_mppc(8) netgraph node type.

    set bundle enable compression
    set ccp yes mppc
    set mppc yes e40
    set mppc yes e128
    set mppc yes stateless

Create clonable link template named L

    create link template L_pptp pptp

Set bundle template to use

    set link action bundle B_pptp

Multilink adds some overhead, but gives full 1500 MTU.

    set link enable multilink
    set link yes acfcomp protocomp
    set link no pap chap eap
    set link enable pap
    set link enable eap

We can use use RADIUS authentication/accounting by including

another config section with label 'radius'.

    load radius
    set link keep-alive 10 60

Enable utmp/wtmp logging

    set auth enable system-acct

We reducing link mtu to avoid GRE packet fragmentation.

    set link mtu 1460

Configure PPTP

    set pptp self 0.0.0.0

Allow to accept calls

    set link enable incoming

l2tp_server:

Define dynamic IP address pool.

    set ippool add pool2 10.12.0.2 10.12.255.254

Create clonable bundle template named B

    create bundle template B_l2tp
    set bundle enable compression
    set iface enable proxy-arp
    set iface enable tcpmssfix
    #set ifce mtu 1280
    set ipcp yes vjcomp

Specify IP address pool for dynamic assigment.

    set ipcp ranges 10.12.0.1/32 ippool pool_l2tp
    set ipcp dns 192.168.81.1

Create clonable link template named L

    create link template L_l2tp l2tp
    set link action bundle B_l2tp
    set link keep-alive 0 0
    set link yes acfcomp protocomp
    set link no pap chap eap
    set link enable pap
    set link enable chap

We can use use RADIUS authentication/accounting by including

another config section with label 'radius'.

    load radius
    set link keep-alive 10 60

Enable utmp/wtmp logging

    set auth enable system-acct

Configure L2TP

    set l2tp self 0.0.0.0
    set l2tp disable dataseq

Allow to accept calls

    set link enable incoming

 radius:

You can use radius.conf(5), its useful, because you can share the

same config with userland-ppp and other apps.

    #set radius config /etc/radius.conf
    #set radius config /usr/gnurad/etc/raddb/config

or specify the server directly here

    set radius server 192.168.81.1 MySecret 1645 1646
    set radius retries 3
    set radius timeout 3

send the given IP in the RAD_NAS_IP_ADDRESS attribute to the server.

    set radius me 192.168.81.1

send accounting updates every 5 minutes

    set auth acct-update 300

enable RADIUS, and fallback to mpd.secret, if RADIUS auth failed

    set auth enable radius-auth

enable RADIUS accounting

    set auth enable radius-acct

protect our requests with the message-authenticator

    set radius enable message-authentic

Aim is set up a 'dial in pool' for PPTP L2TP using radius authenication by system password file .

What is not configured correctly?

[Eugene Grosbein]

Why are you asking, doesn't it work? Testing should show if it is right configuration for you.

Looking at the configuration, I suggest you do not skip "startup:" section (look at example in distribution sample config file). It's handy to configure console for run-time daemon control. And you may find useful put "set global l2tptimeout" command there.

Also, I recommend to enable more detailed logging for initial testing period:
log +echo +iface +iface2 +link +auth +bund +lcp +lcp2 +phys +phys2 +radius +radius2

Setup your /etc/syslog.conf to write mpd logs to a file:

!mpd
*.* /var/log/mpd.log

Read the log after mpd5 is (re-)started because it describes obvious configuration errors there, if any.

Also you may like setting interface descriptions:
set iface description "%t: %U %A %o %O"

You set extra "set link keep-alive 0 0" parameters overriden with later command. And no need to specify "set pptp self 0.0.0.0", that's default. Same for l2tp.

You really need to use "set pptp disable windowing", otherwise PPtP will get you troubles.

Also, you may share single IP pool for PPtP and L2TP, if you wish. The pool created once may be referenced multiple times.

[Dave Yadallee]

Sorry about the deay. never got a notice about your replay.

[Dave Yadallee]

From the Log:

Jun 20 09:45:17 doctor mpd[44831]: [L_pptp-2] Accepting PPTP connection
Jun 20 09:45:17 doctor mpd[44831]: [L_pptp-2] Link: OPEN event
Jun 20 09:45:17 doctor mpd[44831]: [L_pptp-2] LCP: Open event
Jun 20 09:45:17 doctor mpd[44831]: [L_pptp-2] LCP: state change Initial --> Starting
Jun 20 09:45:17 doctor mpd[44831]: [L_pptp-2] LCP: LayerStart
Jun 20 09:45:17 doctor mpd[44831]: [L_pptp-2] PPTP: attaching to peer's outgoing call
Jun 20 09:45:17 doctor mpd[44831]: [L_pptp-2] Link: UP event
Jun 20 09:45:17 doctor mpd[44831]: [L_pptp-2] LCP: Up event
Jun 20 09:45:17 doctor mpd[44831]: [L_pptp-2] LCP: state change Starting --> Req-Sent
Jun 20 09:45:17 doctor mpd[44831]: [L_pptp-2] LCP: SendConfigReq #1
Jun 20 09:45:17 doctor mpd[44831]: [L_pptp-2] ACFCOMP
Jun 20 09:45:17 doctor mpd[44831]: [L_pptp-2] PROTOCOMP
Jun 20 09:45:17 doctor mpd[44831]: [L_pptp-2] MRU 1500
Jun 20 09:45:17 doctor mpd[44831]: [L_pptp-2] MAGICNUM 0xb3caa23b
Jun 20 09:45:17 doctor mpd[44831]: [L_pptp-2] AUTHPROTO CHAP MSOFTv2
Jun 20 09:45:17 doctor mpd[44831]: [L_pptp-2] MP MRRU 2048
Jun 20 09:45:17 doctor mpd[44831]: [L_pptp-2] MP SHORTSEQ
Jun 20 09:45:17 doctor mpd[44831]: [L_pptp-2] ENDPOINTDISC [802.1] 0c c4 7a ac 51 1e
Jun 20 09:45:17 doctor mpd[44831]: [L_pptp-2] LCP: rec'd Configure Request #0 (Req-Sent)
Jun 20 09:45:17 doctor mpd[44831]: [L_pptp-2] MRU 1400
Jun 20 09:45:17 doctor mpd[44831]: [L_pptp-2] MAGICNUM 0x515275bc
Jun 20 09:45:17 doctor mpd[44831]: [L_pptp-2] PROTOCOMP
Jun 20 09:45:17 doctor mpd[44831]: [L_pptp-2] ACFCOMP
Jun 20 09:45:17 doctor mpd[44831]: [L_pptp-2] CALLBACK 6
Jun 20 09:45:17 doctor mpd[44831]: [L_pptp-2] LCP: SendConfigRej #0
Jun 20 09:45:17 doctor mpd[44831]: [L_pptp-2] CALLBACK 6
Jun 20 09:45:17 doctor mpd[44831]: [L_pptp-2] LCP: rec'd Configure Request #1 (Req-Sent)
Jun 20 09:45:17 doctor mpd[44831]: [L_pptp-2] MRU 1400
Jun 20 09:45:17 doctor mpd[44831]: [L_pptp-2] MAGICNUM 0x515275bc
Jun 20 09:45:17 doctor mpd[44831]: [L_pptp-2] PROTOCOMP
Jun 20 09:45:17 doctor mpd[44831]: [L_pptp-2] ACFCOMP
Jun 20 09:45:17 doctor mpd[44831]: [L_pptp-2] LCP: SendConfigAck #1
Jun 20 09:45:17 doctor mpd[44831]: [L_pptp-2] MRU 1400
Jun 20 09:45:17 doctor mpd[44831]: [L_pptp-2] MAGICNUM 0x515275bc
Jun 20 09:45:17 doctor mpd[44831]: [L_pptp-2] PROTOCOMP
Jun 20 09:45:17 doctor mpd[44831]: [L_pptp-2] ACFCOMP
Jun 20 09:45:17 doctor mpd[44831]: [L_pptp-2] LCP: state change Req-Sent --> Ack-Sent
Jun 20 09:45:19 doctor mpd[44831]: [L_pptp-2] LCP: SendConfigReq #2
Jun 20 09:45:19 doctor mpd[44831]: [L_pptp-2] ACFCOMP
Jun 20 09:45:19 doctor mpd[44831]: [L_pptp-2] PROTOCOMP
Jun 20 09:45:19 doctor mpd[44831]: [L_pptp-2] MRU 1500
Jun 20 09:45:19 doctor mpd[44831]: [L_pptp-2] MAGICNUM 0xb3caa23b
Jun 20 09:45:19 doctor mpd[44831]: [L_pptp-2] AUTHPROTO CHAP MSOFTv2
Jun 20 09:45:19 doctor mpd[44831]: [L_pptp-2] MP MRRU 2048
Jun 20 09:45:19 doctor mpd[44831]: [L_pptp-2] MP SHORTSEQ
Jun 20 09:45:19 doctor mpd[44831]: [L_pptp-2] ENDPOINTDISC [802.1] 0c c4 7a ac 51 1e
Jun 20 09:45:19 doctor mpd[44831]: [L_pptp-2] LCP: rec'd Configure Reject #2 (Ack-Sent)
Jun 20 09:45:19 doctor mpd[44831]: [L_pptp-2] MP MRRU 2048
Jun 20 09:45:19 doctor mpd[44831]: [L_pptp-2] MP SHORTSEQ
Jun 20 09:45:19 doctor mpd[44831]: [L_pptp-2] ENDPOINTDISC [802.1] 0c c4 7a ac 51 1e
Jun 20 09:45:19 doctor mpd[44831]: [L_pptp-2] LCP: SendConfigReq #3
Jun 20 09:45:19 doctor mpd[44831]: [L_pptp-2] ACFCOMP
Jun 20 09:45:19 doctor mpd[44831]: [L_pptp-2] PROTOCOMP
Jun 20 09:45:19 doctor mpd[44831]: [L_pptp-2] MRU 1500
Jun 20 09:45:19 doctor mpd[44831]: [L_pptp-2] MAGICNUM 0xb3caa23b
Jun 20 09:45:19 doctor mpd[44831]: [L_pptp-2] AUTHPROTO CHAP MSOFTv2
Jun 20 09:45:19 doctor mpd[44831]: [L_pptp-2] LCP: rec'd Configure Ack #3 (Ack-Sent)
Jun 20 09:45:19 doctor mpd[44831]: [L_pptp-2] ACFCOMP
Jun 20 09:45:19 doctor mpd[44831]: [L_pptp-2] PROTOCOMP
Jun 20 09:45:19 doctor mpd[44831]: [L_pptp-2] MRU 1500
Jun 20 09:45:19 doctor mpd[44831]: [L_pptp-2] MAGICNUM 0xb3caa23b
Jun 20 09:45:19 doctor mpd[44831]: [L_pptp-2] AUTHPROTO CHAP MSOFTv2
Jun 20 09:45:19 doctor mpd[44831]: [L_pptp-2] LCP: state change Ack-Sent --> Opened
Jun 20 09:45:19 doctor mpd[44831]: [L_pptp-2] LCP: auth: peer wants nothing, I want CHAP
Jun 20 09:45:19 doctor mpd[44831]: [L_pptp-2] CHAP: sending CHALLENGE #1 len: 21
Jun 20 09:45:19 doctor mpd[44831]: [L_pptp-2] LCP: LayerUp
Jun 20 09:45:19 doctor mpd[44831]: [L_pptp-2] LCP: rec'd Ident #2 (Opened)
Jun 20 09:45:19 doctor mpd[44831]: [L_pptp-2] MESG: MSRASV5.20
Jun 20 09:45:19 doctor mpd[44831]: [L_pptp-2] LCP: rec'd Ident #3 (Opened)
Jun 20 09:45:19 doctor mpd[44831]: [L_pptp-2] MESG: MSRAS-0-DESKTOP-NLNAQH7
Jun 20 09:45:19 doctor mpd[44831]: [L_pptp-2] LCP: rec'd Ident #4 (Opened)
Jun 20 09:45:19 doctor mpd[44831]: [L_pptp-2] MESG: <fb>a`<e4>kM-^\JD<af>Oby
<a0><ef>1M-^R
Jun 20 09:45:19 doctor mpd[44831]: [L_pptp-2] CHAP: rec'd RESPONSE #1 len: 58
Jun 20 09:45:19 doctor mpd[44831]: [L_pptp-2] Name: "aboo"
Jun 20 09:45:19 doctor mpd[44831]: [L_pptp-2] AUTH: Trying RADIUS
Jun 20 09:45:19 doctor mpd[44831]: [L_pptp-2] RADIUS: Authenticating user 'aboo'
Jun 20 09:45:21 doctor mpd[44831]: [L_pptp-2] CHAP: rec'd RESPONSE #1 len: 58
Jun 20 09:45:21 doctor mpd[44831]: [L_pptp-2] Name: "aboo"
Jun 20 09:45:21 doctor mpd[44831]: [L_pptp-2] CHAP: Auth return status: busy
Jun 20 09:45:22 doctor mpd[44831]: [L_pptp-2] RADIUS: rad_send_request for user 'aboo' failed: No valid RADIUS responses received
Jun 20 09:45:22 doctor mpd[44831]: [L_pptp-2] AUTH: RADIUS returned error
Jun 20 09:45:22 doctor mpd[44831]: [L_pptp-2] AUTH: Trying INTERNAL
Jun 20 09:45:22 doctor mpd[44831]: [L_pptp-2] AUTH: User "aboo" not found in secret file
Jun 20 09:45:22 doctor mpd[44831]: [L_pptp-2] AUTH: INTERNAL returned: failed
Jun 20 09:45:22 doctor mpd[44831]: [L_pptp-2] AUTH: ran out of backends
Jun 20 09:45:22 doctor mpd[44831]: [L_pptp-2] CHAP: Auth return status: failed
Jun 20 09:45:22 doctor mpd[44831]: [L_pptp-2] CHAP: Reply message: E=691 R=0 M=Login incorrect
Jun 20 09:45:22 doctor mpd[44831]: [L_pptp-2] CHAP: sending FAILURE #1 len: 31
Jun 20 09:45:22 doctor mpd[44831]: [L_pptp-2] LCP: authorization failed
Jun 20 09:45:22 doctor mpd[44831]: [L_pptp-2] LCP: parameter negotiation failed
Jun 20 09:45:22 doctor mpd[44831]: [L_pptp-2] LCP: state change Opened --> Stopping
Jun 20 09:45:22 doctor mpd[44831]: [L_pptp-2] LCP: SendTerminateReq #4
Jun 20 09:45:22 doctor mpd[44831]: [L_pptp-2] LCP: LayerDown
Jun 20 09:45:22 doctor mpd[44831]: [L_pptp-2] LCP: rec'd Terminate Ack #4 (Stopping)
Jun 20 09:45:22 doctor mpd[44831]: [L_pptp-2] LCP: state change Stopping --> Stopped
Jun 20 09:45:22 doctor mpd[44831]: [L_pptp-2] LCP: LayerFinish
Jun 20 09:45:22 doctor mpd[44831]: [L_pptp-2] PPTP call terminated
Jun 20 09:45:22 doctor mpd[44831]: [L_pptp-2] Link: DOWN event
Jun 20 09:45:22 doctor mpd[44831]: [L_pptp-2] LCP: Close event
Jun 20 09:45:22 doctor mpd[44831]: [L_pptp-2] LCP: state change Stopped --> Closed
Jun 20 09:45:22 doctor mpd[44831]: [L_pptp-2] LCP: Down event
Jun 20 09:45:22 doctor mpd[44831]: [L_pptp-2] LCP: state change Closed --> Initial
Jun 20 09:45:22 doctor mpd[44831]: [L_pptp-2] Link: SHUTDOWN event
Jun 20 09:45:22 doctor mpd[44831]: [L_pptp-2] Link: Shutdown</ef></a0></af></e4></fb>

[Eugene Grosbein]

Jun 20 09:45:21 doctor mpd[44831]: [L_pptp-2] CHAP: Auth return status: busy
Jun 20 09:45:22 doctor mpd[44831]: [L_pptp-2] RADIUS: rad_send_request for user 'aboo' failed: No valid RADIUS responses received
Jun 20 09:45:22 doctor mpd[44831]: [L_pptp-2] AUTH: RADIUS returned error
Jun 20 09:45:22 doctor mpd[44831]: [L_pptp-2] AUTH: Trying INTERNAL
Jun 20 09:45:22 doctor mpd[44831]: [L_pptp-2] AUTH: User "aboo" not found in secret file

Please try reading the log. It clearly states that your RADIUS server does not respond and user not found in the mpd.secret, so authorization failes. Fix it and you will be OK.

[Dave Yadallee]

Just getting rid of Internal, I got i.e. set auth disable interal ,

I got
Jun 20 12:21:35 doctor mpd[19241]: [L_pptp-2] Accepting PPTP connection
Jun 20 12:21:35 doctor mpd[19241]: [L_pptp-2] Link: OPEN event
Jun 20 12:21:35 doctor mpd[19241]: [L_pptp-2] LCP: Open event
Jun 20 12:21:35 doctor mpd[19241]: [L_pptp-2] LCP: state change Initial --> Star
ting
Jun 20 12:21:35 doctor mpd[19241]: [L_pptp-2] LCP: LayerStart
Jun 20 12:21:35 doctor mpd[19241]: [L_pptp-2] PPTP: attaching to peer's outgoing
call
Jun 20 12:21:35 doctor mpd[19241]: [L_pptp-2] Link: UP event
Jun 20 12:21:35 doctor mpd[19241]: [L_pptp-2] LCP: Up event
Jun 20 12:21:35 doctor mpd[19241]: [L_pptp-2] LCP: state change Starting --> Req
-Sent
Jun 20 12:21:35 doctor mpd[19241]: [L_pptp-2] LCP: SendConfigReq #1
Jun 20 12:21:35 doctor mpd[19241]: [L_pptp-2] ACFCOMP
Jun 20 12:21:35 doctor mpd[19241]: [L_pptp-2] PROTOCOMP
Jun 20 12:21:35 doctor mpd[19241]: [L_pptp-2] MRU 1500
Jun 20 12:21:35 doctor mpd[19241]: [L_pptp-2] MAGICNUM 0xda94ee37
Jun 20 12:21:35 doctor mpd[19241]: [L_pptp-2] AUTHPROTO CHAP MSOFTv2
Jun 20 12:21:35 doctor mpd[19241]: [L_pptp-2] MP MRRU 2048
Jun 20 12:21:35 doctor mpd[19241]: [L_pptp-2] MP SHORTSEQ
Jun 20 12:21:35 doctor mpd[19241]: [L_pptp-2] ENDPOINTDISC [802.1] 0c c4 7a ac
51 1e
Jun 20 12:21:35 doctor mpd[19241]: [L_pptp-2] LCP: rec'd Configure Request #0 (R
eq-Sent)
Jun 20 12:21:35 doctor mpd[19241]: [L_pptp-2] MRU 1400
Jun 20 12:21:35 doctor mpd[19241]: [L_pptp-2] MAGICNUM 0x1c7839d2
Jun 20 12:21:35 doctor mpd[19241]: [L_pptp-2] PROTOCOMP
Jun 20 12:21:35 doctor mpd[19241]: [L_pptp-2] ACFCOMP
Jun 20 12:21:35 doctor mpd[19241]: [L_pptp-2] CALLBACK 6
Jun 20 12:21:35 doctor mpd[19241]: [L_pptp-2] LCP: SendConfigRej #0
Jun 20 12:21:35 doctor mpd[19241]: [L_pptp-2] CALLBACK 6
Jun 20 12:21:35 doctor mpd[19241]: [L_pptp-2] LCP: rec'd Configure Request #1 (R
eq-Sent)
Jun 20 12:21:35 doctor mpd[19241]: [L_pptp-2] MRU 1400
Jun 20 12:21:35 doctor mpd[19241]: [L_pptp-2] MAGICNUM 0x1c7839d2
Jun 20 12:21:35 doctor mpd[19241]: [L_pptp-2] PROTOCOMP
Jun 20 12:21:35 doctor mpd[19241]: [L_pptp-2] ACFCOMP
Jun 20 12:21:35 doctor mpd[19241]: [L_pptp-2] LCP: SendConfigAck #1
Jun 20 12:21:35 doctor mpd[19241]: [L_pptp-2] MRU 1400
Jun 20 12:21:35 doctor mpd[19241]: [L_pptp-2] MAGICNUM 0x1c7839d2
Jun 20 12:21:35 doctor mpd[19241]: [L_pptp-2] PROTOCOMP
Jun 20 12:21:35 doctor mpd[19241]: [L_pptp-2] ACFCOMP
Jun 20 12:21:35 doctor mpd[19241]: [L_pptp-2] LCP: state change Req-Sent --> Ack-Sent
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] LCP: SendConfigReq #2
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] ACFCOMP
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] PROTOCOMP
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] MRU 1500
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] MAGICNUM 0xda94ee37
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] AUTHPROTO CHAP MSOFTv2
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] MP MRRU 2048
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] MP SHORTSEQ
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] ENDPOINTDISC [802.1] 0c c4 7a ac 51 1e
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] LCP: rec'd Configure Reject #2 (Ack-Sent)
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] MP MRRU 2048
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] MP SHORTSEQ
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] ENDPOINTDISC [802.1] 0c c4 7a ac 51 1e
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] LCP: SendConfigReq #3
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] ACFCOMP
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] PROTOCOMP
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] MRU 1500
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] MAGICNUM 0xda94ee37
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] AUTHPROTO CHAP MSOFTv2
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] LCP: rec'd Configure Ack #3 (Ack-Sent)
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] ACFCOMP
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] PROTOCOMP
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] MRU 1500
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] MAGICNUM 0xda94ee37
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] AUTHPROTO CHAP MSOFTv2
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] LCP: state change Ack-Sent --> Opened
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] LCP: auth: peer wants nothing, I want CHAP
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] CHAP: sending CHALLENGE #1 len: 21
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] LCP: LayerUp
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] LCP: rec'd Ident #2 (Opened)
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] MESG: MSRASV5.20
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] LCP: rec'd Ident #3 (Opened)
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] MESG: MSRAS-0-DESKTOP-NLNAQH7
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] LCP: rec'd Ident #4 (Opened)
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] MESG: Â$EÇ3¬1A½M-^A«M-^BwM-^EäØ
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] CHAP: rec'd RESPONSE #1 len: 58
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] Name: "aboo"
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] AUTH: Trying RADIUS
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] RADIUS: Authenticating user 'aboo'
Jun 20 12:21:39 doctor mpd[19241]: [L_pptp-2] CHAP: rec'd RESPONSE #1 len: 58
Jun 20 12:21:39 doctor mpd[19241]: [L_pptp-2] Name: "aboo"
Jun 20 12:21:39 doctor mpd[19241]: [L_pptp-2] CHAP: Auth return status: busy
Jun 20 12:21:40 doctor mpd[19241]: [L_pptp-2] RADIUS: rad_send_request for user 'aboo' failed: No valid RADIUS responses received
Jun 20 12:21:40 doctor mpd[19241]: [L_pptp-2] AUTH: RADIUS returned error
Jun 20 12:21:40 doctor mpd[19241]: [L_pptp-2] AUTH: ran out of backends
Jun 20 12:21:40 doctor mpd[19241]: [L_pptp-2] CHAP: Auth return status: failed
Jun 20 12:21:40 doctor mpd[19241]: [L_pptp-2] CHAP: Reply message: E=691 R=0 M=Login incorrect
Jun 20 12:21:40 doctor mpd[19241]: [L_pptp-2] CHAP: sending FAILURE #1 len: 31
Jun 20 12:21:40 doctor mpd[19241]: [L_pptp-2] LCP: authorization failed
Jun 20 12:21:40 doctor mpd[19241]: [L_pptp-2] LCP: parameter negotiation failed
Jun 20 12:21:40 doctor mpd[19241]: [L_pptp-2] LCP: state change Opened --> Stopping
Jun 20 12:21:40 doctor mpd[19241]: [L_pptp-2] LCP: SendTerminateReq #4
Jun 20 12:21:40 doctor mpd[19241]: [L_pptp-2] LCP: LayerDown
Jun 20 12:21:40 doctor mpd[19241]: [L_pptp-2] LCP: rec'd Terminate Ack #4 (Stopping)
Jun 20 12:21:40 doctor mpd[19241]: [L_pptp-2] LCP: state change Stopping --> Stopped
Jun 20 12:21:40 doctor mpd[19241]: [L_pptp-2] LCP: LayerFinish
Jun 20 12:21:40 doctor mpd[19241]: [L_pptp-2] PPTP call terminated
Jun 20 12:21:40 doctor mpd[19241]: [L_pptp-2] Link: DOWN event
Jun 20 12:21:40 doctor mpd[19241]: [L_pptp-2] LCP: Close event
Jun 20 12:21:40 doctor mpd[19241]: [L_pptp-2] LCP: state change Stopped --> Closed
Jun 20 12:21:40 doctor mpd[19241]: [L_pptp-2] LCP: Down event
Jun 20 12:21:40 doctor mpd[19241]: [L_pptp-2] LCP: state change Closed --> Initial
Jun 20 12:21:40 doctor mpd[19241]: [L_pptp-2] Link: SHUTDOWN event
Jun 20 12:21:40 doctor mpd[19241]: [L_pptp-2] Link: Shutdown
Jun 20 12:24:56 doctor mpd[19241]: [L_pptp-2] Accepting PPTP connection
Jun 20 12:24:56 doctor mpd[19241]: [L_pptp-2] Link: OPEN event
Jun 20 12:24:56 doctor mpd[19241]: [L_pptp-2] LCP: Open event
Jun 20 12:24:56 doctor mpd[19241]: [L_pptp-2] LCP: state change Initial --> Starting
Jun 20 12:24:56 doctor mpd[19241]: [L_pptp-2] LCP: LayerStart
Jun 20 12:24:56 doctor mpd[19241]: [L_pptp-2] PPTP: attaching to peer's outgoing call
Jun 20 12:24:56 doctor mpd[19241]: [L_pptp-2] Link: UP event
Jun 20 12:24:56 doctor mpd[19241]: [L_pptp-2] LCP: Up event
Jun 20 12:24:56 doctor mpd[19241]: [L_pptp-2] LCP: state change Starting --> Req-Sent
Jun 20 12:24:56 doctor mpd[19241]: [L_pptp-2] LCP: SendConfigReq #1
Jun 20 12:24:56 doctor mpd[19241]: [L_pptp-2] ACFCOMP
Jun 20 12:24:56 doctor mpd[19241]: [L_pptp-2] PROTOCOMP
Jun 20 12:24:56 doctor mpd[19241]: [L_pptp-2] MRU 1500
Jun 20 12:24:56 doctor mpd[19241]: [L_pptp-2] MAGICNUM 0x8b2f2071
Jun 20 12:24:56 doctor mpd[19241]: [L_pptp-2] AUTHPROTO CHAP MSOFTv2
Jun 20 12:24:56 doctor mpd[19241]: [L_pptp-2] MP MRRU 2048
Jun 20 12:24:56 doctor mpd[19241]: [L_pptp-2] MP SHORTSEQ
Jun 20 12:24:56 doctor mpd[19241]: [L_pptp-2] ENDPOINTDISC [802.1] 0c c4 7a ac 51 1e
Jun 20 12:24:58 doctor mpd[19241]: [L_pptp-2] LCP: SendConfigReq #2
Jun 20 12:24:58 doctor mpd[19241]: [L_pptp-2] ACFCOMP
Jun 20 12:24:58 doctor mpd[19241]: [L_pptp-2] PROTOCOMP
Jun 20 12:24:58 doctor mpd[19241]: [L_pptp-2] MRU 1500
Jun 20 12:24:58 doctor mpd[19241]: [L_pptp-2] MAGICNUM 0x8b2f2071
Jun 20 12:24:58 doctor mpd[19241]: [L_pptp-2] AUTHPROTO CHAP MSOFTv2
Jun 20 12:24:58 doctor mpd[19241]: [L_pptp-2] MP MRRU 2048
Jun 20 12:24:58 doctor mpd[19241]: [L_pptp-2] MP SHORTSEQ
Jun 20 12:24:58 doctor mpd[19241]: [L_pptp-2] ENDPOINTDISC [802.1] 0c c4 7a ac 51 1e
Jun 20 12:24:59 doctor mpd[19241]: [L_pptp-2] PPTP call terminated
Jun 20 12:24:59 doctor mpd[19241]: [L_pptp-2] Link: DOWN event
Jun 20 12:24:59 doctor mpd[19241]: [L_pptp-2] LCP: Close event
Jun 20 12:24:59 doctor mpd[19241]: [L_pptp-2] LCP: state change Req-Sent --> Closing
Jun 20 12:24:59 doctor mpd[19241]: [L_pptp-2] LCP: SendTerminateReq #3
Jun 20 12:24:59 doctor mpd[19241]: [L_pptp-2] LCP: Down event
Jun 20 12:24:59 doctor mpd[19241]: [L_pptp-2] LCP: LayerFinish
Jun 20 12:24:59 doctor mpd[19241]: [L_pptp-2] LCP: state change Closing --> Initial
Jun 20 12:24:59 doctor mpd[19241]: [L_pptp-2] Link: SHUTDOWN event
Jun 20 12:24:59 doctor mpd[19241]: [L_pptp-2] Link: Shutdown
(END)

just noting

Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] CHAP: rec'd RESPONSE #1 len: 58
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] Name: "aboo"
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] AUTH: Trying RADIUS
Jun 20 12:21:37 doctor mpd[19241]: [L_pptp-2] RADIUS: Authenticating user 'aboo'
Jun 20 12:21:39 doctor mpd[19241]: [L_pptp-2] CHAP: rec'd RESPONSE #1 len: 58
Jun 20 12:21:39 doctor mpd[19241]: [L_pptp-2] Name: "aboo"
Jun 20 12:21:39 doctor mpd[19241]: [L_pptp-2] CHAP: Auth return status: busy
Jun 20 12:21:40 doctor mpd[19241]: [L_pptp-2] RADIUS: rad_send_request for user
'aboo' failed: No valid RADIUS responses received
Jun 20 12:21:40 doctor mpd[19241]: [L_pptp-2] AUTH: RADIUS returned error
Jun 20 12:21:40 doctor mpd[19241]: [L_pptp-2] AUTH: ran out of backends
Jun 20 12:21:40 doctor mpd[19241]: [L_pptp-2] CHAP: Auth return status: failed
Jun 20 12:21:40 doctor mpd[19241]: [L_pptp-2] CHAP: Reply message: E=691 R=0 M=L
ogin incorrect
Jun 20 12:21:40 doctor mpd[19241]: [L_pptp-2] CHAP: sending FAILURE #1 len: 31

I wonder the default is if you are using GNU radius against the passwd file?

[Eugene Grosbein]

RADIUS server is completely distinct software, you need to debug it separately. Look at its logs etc. Also check your firewall so it allows UDP traffic for RADIUS ports.

Also, you did not follow my suggestion to make logs of mpd5 more detailed with "log ..." command containing +radius2 option that logs attributes sent to RADIUS server.

[Dave Yadallee]

Just need to know where to add the log line

[Dave Yadallee]

I just added the log line to startup and here is what I got from radius:
Jun 20 13:11:05 doctor mpd[76976]: [L_pptp-2] LCP: state change Ack-Sent --> Ope
ned
Jun 20 13:11:05 doctor mpd[76976]: [L_pptp-2] LCP: phase shift ESTABLISH --> AUT
HENTICATE
Jun 20 13:11:05 doctor mpd[76976]: [L_pptp-2] LCP: auth: peer wants nothing, I w
ant CHAP
Jun 20 13:11:05 doctor mpd[76976]: [L_pptp-2] CHAP: sending CHALLENGE #1 len: 21
Jun 20 13:11:05 doctor mpd[76976]: [L_pptp-2] LCP: LayerUp
Jun 20 13:11:05 doctor mpd[76976]: [L_pptp-2] LCP: rec'd Ident #2 (Opened)
Jun 20 13:11:05 doctor mpd[76976]: [L_pptp-2] MESG: MSRASV5.20
Jun 20 13:11:05 doctor mpd[76976]: [L_pptp-2] LCP: rec'd Ident #3 (Opened)
Jun 20 13:11:05 doctor mpd[76976]: [L_pptp-2] MESG: MSRAS-0-DESKTOP-NLNAQH7
Jun 20 13:11:05 doctor mpd[76976]: [L_pptp-2] LCP: rec'd Ident #4 (Opened)
Jun 20 13:11:05 doctor mpd[76976]: [L_pptp-2] MESG: <d8><eb>M-^UM- i<af> O<b8>
p<a6>g<a3><ff>M-^^9
Jun 20 13:11:05 doctor mpd[76976]: [L_pptp-2] CHAP: rec'd RESPONSE #1 len: 58
Jun 20 13:11:05 doctor mpd[76976]: [L_pptp-2] Name: "aboo"
Jun 20 13:11:05 doctor mpd[76976]: [L_pptp-2] AUTH: Trying RADIUS
Jun 20 13:11:05 doctor mpd[76976]: [L_pptp-2] RADIUS: Authenticating user 'aboo'
Jun 20 13:11:05 doctor mpd[76976]: [L_pptp-2] RADIUS: Adding server 204.209.81.1
1645
Jun 20 13:11:05 doctor mpd[76976]: [L_pptp-2] RADIUS: Put RAD_NAS_IDENTIFIER: do
ctor.nl2k.ab.ca
Jun 20 13:11:05 doctor mpd[76976]: [L_pptp-2] RADIUS: Put RAD_NAS_IP_ADDRESS: 20
4.209.81.1
Jun 20 13:11:05 doctor mpd[76976]: [L_pptp-2] RADIUS: Put Message Authenticator
Jun 20 13:11:05 doctor mpd[76976]: [L_pptp-2] RADIUS: Put RAD_ACCT_SESSION_ID: 2
680265-L_pptp-2
Jun 20 13:11:05 doctor mpd[76976]: [L_pptp-2] RADIUS: Put RAD_NAS_PORT: 2
Jun 20 13:11:05 doctor mpd[76976]: [L_pptp-2] RADIUS: Put RAD_NAS_PORT_TYPE: 5
Jun 20 13:11:05 doctor mpd[76976]: [L_pptp-2] RADIUS: Put RAD_SERVICE_TYPE: RAD_
FRAMED
Jun 20 13:11:05 doctor mpd[76976]: [L_pptp-2] RADIUS: Put RAD_FRAMED_PROTOCOL: R
AD_PPP
Jun 20 13:11:05 doctor mpd[76976]: [L_pptp-2] RADIUS: Put RAD_CALLING_STATION_ID
:
Jun 20 13:11:05 doctor mpd[76976]: [L_pptp-2] RADIUS: Put RAD_CALLED_STATION_ID:</ff></a3></a6></b8></af></eb></d8>

Jun 20 13:11:05 doctor mpd[76976]: [L_pptp-2] RADIUS: Put RAD_MPD_LINK: L_pptp-2
Jun 20 13:11:05 doctor mpd[76976]: [L_pptp-2] RADIUS: Put RAD_MPD_PEER_IDENT: MSRASV5.20 MSRAS-0-DESKTOP-NLNAQH7 <d8><eb>M-^UM- i<af> O<b8>p<a6>g<a3><ff>M-^^9
Jun 20 13:11:05 doctor mpd[76976]: [L_pptp-2] RADIUS: Put RAD_TUNNEL_TYPE: 1
Jun 20 13:11:05 doctor mpd[76976]: [L_pptp-2] RADIUS: Put RAD_TUNNEL_MEDIUM_TYPE: 1
Jun 20 13:11:05 doctor mpd[76976]: [L_pptp-2] RADIUS: Put RAD_TUNNEL_SERVER_ENDPOINT: 204.209.81.1
Jun 20 13:11:05 doctor mpd[76976]: [L_pptp-2] RADIUS: Put RAD_TUNNEL_CLIENT_ENDPOINT: 75.156.190.254
Jun 20 13:11:05 doctor mpd[76976]: [L_pptp-2] RADIUS: Put RAD_TUNNEL_SERVER_AUTH_ID: doctor.nl2k.ab.ca
Jun 20 13:11:05 doctor mpd[76976]: [L_pptp-2] RADIUS: Put RAD_USER_NAME: aboo
Jun 20 13:11:05 doctor mpd[76976]: [L_pptp-2] RADIUS: Put RAD_MICROSOFT_MS_CHAP_CHALLENGE
Jun 20 13:11:05 doctor mpd[76976]: [L_pptp-2] RADIUS: Put RAD_MICROSOFT_MS_CHAP2_RESPONSE
Jun 20 13:11:05 doctor mpd[76976]: [L_pptp-2] RADIUS: Send request for user 'aboo'
Jun 20 13:11:05 doctor mpd[76976]: [L_pptp-2] RADIUS: Sending request for user 'aboo'
Jun 20 13:11:05 doctor syslogd: last message repeated 1 times
Jun 20 13:11:07 doctor mpd[76976]: [L_pptp-2] CHAP: rec'd RESPONSE #1 len: 58
Jun 20 13:11:07 doctor mpd[76976]: [L_pptp-2] Name: "aboo"
Jun 20 13:11:07 doctor mpd[76976]: [L_pptp-2] CHAP: Auth return status: busy
Jun 20 13:11:08 doctor mpd[76976]: [L_pptp-2] RADIUS: Sending request for user 'aboo'
Jun 20 13:11:08 doctor mpd[76976]: [L_pptp-2] RADIUS: rad_send_request for user 'aboo' failed: No valid RADIUS responses received
Jun 20 13:11:08 doctor mpd[76976]: [L_pptp-2] AUTH: RADIUS returned error
Jun 20 13:11:08 doctor mpd[76976]: [L_pptp-2] AUTH: ran out of backends
Jun 20 13:11:08 doctor mpd[76976]: [L_pptp-2] CHAP: Auth return status: failed
Jun 20 13:11:08 doctor mpd[76976]: [L_pptp-2] CHAP: Reply message: E=691 R=0 M=Login incorrect
Jun 20 13:11:08 doctor mpd[76976]: [L_pptp-2] CHAP: sending FAILURE #1 len: 31
Jun 20 13:11:08 doctor mpd[76976]: [L_pptp-2] LCP: authorization failed
Jun 20 13:11:08 doctor mpd[76976]: [L_pptp-2] LCP: parameter negotiation failed
Jun 20 13:11:08 doctor mpd[76976]: [L_pptp-2] LCP: state change Opened --> Stopping
Jun 20 13:11:08 doctor mpd[76976]: [L_pptp-2] LCP: phase shift AUTHENTICATE --> TERMINATE
Jun 20 13:11:08 doctor mpd[76976]: [L_pptp-2] LCP: SendTerminateReq #4
Jun 20 13:11:08 doctor mpd[76976]: [L_pptp-2] LCP: LayerDown
Jun 20 13:11:08 doctor mpd[76976]: [L_pptp-2] LCP: rec'd Terminate Ack #4 (Stopping)
Jun 20 13:11:08 doctor mpd[76976]: [L_pptp-2] LCP: state change Stopping --> Stopped
Jun 20 13:11:08 doctor mpd[76976]: [L_pptp-2] LCP: phase shift TERMINATE --> ESTABLISH
Jun 20 13:11:08 doctor mpd[76976]: [L_pptp-2] LCP: LayerFinish
Jun 20 13:11:08 doctor mpd[76976]: [L_pptp-2] device: CLOSE event
Jun 20 13:11:08 doctor mpd[76976]: pptp0-0: clearing call
Jun 20 13:11:08 doctor mpd[76976]: pptp0-0: killing channel</ff></a3></a6></b8></af></eb></d8>

[Dave Yadallee]

And I found this in the radius.log for gnu radius

Jun 20 13:11:05 Auth.notice: (Access-Request 204.209.81.1 169 "aboo" CLID= CSID=
): Login incorrect [aboo/]
Jun 20 13:11:05 Auth.notice: (Access-Request 204.209.81.1 169 "aboo" CLID= CSID=
): Retransmitting AUTH reply
Jun 20 13:11:05 Auth.notice: (Access-Request 204.209.81.1 169 "aboo" CLID= CSID=
): Dropping packet: duplicate request

Why is a / being added at the end?

[Eugene Grosbein]

Jun 20 13:11:05 doctor mpd[76976]: [L_pptp-2] RADIUS: Put RAD_USER_NAME: aboo

mpd5 always sends unmodified login name to RADIUS server, and you can see that in quoted line of its log. You should refer to your RADIUS configuration to debug that.

[Eugene Grosbein]

Also, double check if responses of RADIUS server allowed to reach mpd5 by your packet filters. If not, mpd5 won't get "accept" packets from the RADIUS.

[Dave Yadallee]

I do have the correct ports open for radius old and new. Also where is this CLID and CSID coming from?

[Eugene Grosbein]

Also where is this CLID and CSID coming from?

You'll see all RADIUS attributes sent by mpd5 in its log. Any other entity is not from mpd5.

[Dave Yadallee]

I am also getting in touch with gnu-radius. I found a detail-auth which is sending junk, I.E.

Sat Jun 20 13:28:58 2020
NAS-Identifier = doctor.nl2k.ab.ca
NAS-IP-Address = 204.209.81.1
Message-Authenticator =
+\003^9L_V\212\161\036\302\103\155\166\225\324\303
Acct-Session-Id = 2681338-L_pptp-2
NAS-Port-Id = 2
NAS-Port-Type = 5
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id =
Called-Station-Id =
Tunnel-Type = PPTP
Tunnel-Medium-Type = IP
Tunnel-Server-Endpoint = 204.209.81.1
Acct-Tunnel-Client-Endpoint = 75.156.190.254
Tunnel-Server-Auth-Id = doctor.nl2k.ab.ca
User-Name = legituser
Vendor-Specific =
+V311\013\022\273\036\150\003\025\157\255\036\165\026\164\331\304\001\264\243
Vendor-Specific =
+V311\031\064\001\000\167\036\027\135\360\072\053\143\306\366\315\041\102\374\31
+2\140\000\000\000\000\000\000\000\000\366\203\345\045\015\123\133\274\063\234\0
+57\302\124\017\033\026\053\167\016\206\244\367\0023
Timestamp = 1592681338
Request-Authenticator = None

[Dave Yadallee]

back at it. I converted to freeradius. What next?

[Eugene Grosbein]

mpd5 will just work if you setup any RADIUS server correctly. That is, your RADIUS server should correctly respond with AccessAccept/AccessReject messages of RADIUS protocol to mpd5's requests.

[Dave Yadallee]

I just have to work on that. At least with Freeradius someone is answering the phone.

[Dave Yadallee]

odd! I just a a tcpdump on port 1645. Radius from computone no
problem; mpd5 to radius does not show up.

[Dave Yadallee]

all right what about pap?

[Eugene Grosbein]

mpd5 supports PAP but it's less secure. PAP sends cleartext password over PPP. You better use CHAP that is compatible with RADIUS, too.

[Dave Yadallee]

Well here are the results:

Wed Jun 24 00:51:03 2020
Packet-Type = Access-Request
NAS-Identifier = "doctor.nl2k.ab.ca"
NAS-IP-Address = 204.209.81.1
Message-Authenticator = 0xb8e285095cd002fc8b09a0de52a003fe
Acct-Session-Id = "2981463-L_pptp-2"
NAS-Port = 2
NAS-Port-Type = Virtual
Service-Type = Framed-User
Framed-Protocol = PPP
Attr-26.12341.12 = 0x4c5f707074702d32
Attr-26.12341.19 = 0x4d5352415356352e3230204d535241532d302d4445534b544f502d4e4c4e4151483720bc8b7ae61465d8429d104db8604819ff
Tunnel-Type:0 = PPTP
Tunnel-Medium-Type:0 = IPv4
Tunnel-Server-Endpoint:0 = "204.209.81.1"
Tunnel-Client-Endpoint:0 = "75.156.190.254"
Tunnel-Server-Auth-Id:0 = "doctor.nl2k.ab.ca"
User-Name = "aboo"
MS-CHAP-Challenge = 0xbb1e68763c2a7a421bdfb865f10fe18f
MS-CHAP2-Response = 0x01000d5262d4fce3d68368aa254bd63f8a050000000000000000ca14180259e5e660d07e2ed4cb83c4f0b9d1f8dd85159d9b
Event-Timestamp = "Jun 24 2020 00:51:03 MDT"
Timestamp = 1592981463

I am now using freeradius. Can CHAP read an /etc/passwd file?

[Dave Yadallee]

Well here are the results:

Wed Jun 24 00:51:03 2020
Packet-Type = Access-Request
NAS-Identifier = "doctor.nl2k.ab.ca"
NAS-IP-Address = 204.209.81.1
Message-Authenticator = 0xb8e285095cd002fc8b09a0de52a003fe
Acct-Session-Id = "2981463-L_pptp-2"
NAS-Port = 2
NAS-Port-Type = Virtual
Service-Type = Framed-User
Framed-Protocol = PPP
Attr-26.12341.12 = 0x4c5f707074702d32
Attr-26.12341.19 = 0x4d5352415356352e3230204d535241532d302d4445534b544f502d4e4c4e4151483720bc8b7ae61465d8429d104db8604819ff
Tunnel-Type:0 = PPTP
Tunnel-Medium-Type:0 = IPv4
Tunnel-Server-Endpoint:0 = "204.209.81.1"
Tunnel-Client-Endpoint:0 = "75.156.190.254"
Tunnel-Server-Auth-Id:0 = "doctor.nl2k.ab.ca"
User-Name = "aboo"
MS-CHAP-Challenge = 0xbb1e68763c2a7a421bdfb865f10fe18f
MS-CHAP2-Response = 0x01000d5262d4fce3d68368aa254bd63f8a050000000000000000ca14180259e5e660d07e2ed4cb83c4f0b9d1f8dd85159d9b
Event-Timestamp = "Jun 24 2020 00:51:03 MDT"
Timestamp = 1592981463

I am now using freeradius. Can CHAP read an /etc/passwd file?

[Alexander Motin]

No. Unlike PAP CHAP protects communication oover the wire, but it require plain-text passwords on RADIUS server side. PAP on the other side is plain-text over the wire, but because if that it can be used with hashed passwords file.

[Dave Yadallee]

know of a way of running CHAP parallel to /etc/passwd ?