X-Git-Url: http://git.ozlabs.org/?p=ppp.git;a=blobdiff_plain;f=FAQ;h=035da4b2456917090cbc68eb166786065c139538;hp=12a68f70b707c75f2d193d317439220780f3e499;hb=afc4b130bbd6f5f5cd9baafdc7e836d8f6238deb;hpb=b194902e6d9141e12a22603eac3ed4a7660c8643;ds=sidebyside diff --git a/FAQ b/FAQ index 12a68f7..035da4b 100644 --- a/FAQ +++ b/FAQ @@ -378,8 +378,10 @@ to pppd when using PAP authentication so that it can select the appropriate secret from /etc/ppp/pap-secrets. Microsoft also has a variant of CHAP which uses a different hashing -arrangement from normal CHAP. There is a client-side implementation -of Microsoft's CHAP in ppp-2.3; see README.MSCHAP80. +arrangement from normal CHAP. There is a client-side (authenticatee) +implementation of Microsoft's CHAP in ppp-2.3; see README.MSCHAP80. +In ppp-2.4.2, server-side (authenticator) support was added as well as +support for Microsoft CHAP v2; see README.MSCHAP81. ------------------------------------------------------------------------ @@ -585,3 +587,50 @@ your /etc/hosts file to make sure you have the local machine and any hosts on your local LAN listed, and /etc/resolv.conf and/or /etc/nsswitch.conf files to make sure you resolve hostnames from /etc/hosts if possible before trying to contact a nameserver. + + +------------------------------------------------------------------------ + +Q: Since I installed ppp-2.3.6, dialin users to my server have been +getting this message when they run pppd: + +peer authentication required but no suitable secret(s) found for +authenticating any peer to us (ispserver) + +A: In 2.3.6, the default is to let an unauthenticated peer only use IP +addresses to which the machine doesn't already have a route. So on a +machine with a default route, everyone has to authenticate. If you +really don't want that, you can put `noauth' in the /etc/ppp/options +file. Note that there is then no check on who is using which IP +address. IMHO, this is undesirably insecure, but I guess it may be +tolerable as long as you don't use any .rhosts files or anything like +that. I recommend that you require dialin users to authenticate, even +if just with PAP using their login password (using the `login' option +to pppd). If you do use `noauth', you should at least have a pppusers +group and set the permissions on pppd to allow only user and group to +execute it. + +------------------------------------------------------------------------ + +Q: When running pppd as a dial-in server, I often get the message +"LCP: timeout sending Config-Requests" from pppd. It seems to be +random, but dial-out always works fine. What is wrong? + +A: Most modern modems auto-detects the speed of the serial line +between the modem and the computer. This auto-detection occurs when +the computer sends characters to the modem, when the modem is in +command mode. It does not occur when the modem is in data mode. +Thus, if you send commands to the modem at 2400 bps, and then change +the serial port speed to 115200 bps, the modem will not detect this +change until something is transmitted from the computer to the modem. +When running pppd in dial-in mode (i.e. without a connect script), +pppd sets the speed of the serial port, but does not transmit +anything. If the modem was already running at the specified speed, +everything is fine, but if not, you will just receive garbage from the +modem. To cure this, use an init script such as the following: + + pppd ttyS0 115200 modem crtscts init "chat '' AT OK" + +To reset the modem and enable auto-answer, use: + + pppd ttyS0 115200 modem crtscts init "chat '' ATZ OK ATS0=1 OK"