X-Git-Url: http://git.ozlabs.org/?p=ppp.git;a=blobdiff_plain;f=README.MSCHAP80;h=d3ed291b73a757febcbcff04756e9e1fda1614ad;hp=95f01ea8982885df687b07bf23dd5c8635935db1;hb=1d80f42e7fee2db352e176d52219bf42e11d2eb4;hpb=4d5401a1de510cdbb89cf10bc5956774c62683be diff --git a/README.MSCHAP80 b/README.MSCHAP80 index 95f01ea..d3ed291 100644 --- a/README.MSCHAP80 +++ b/README.MSCHAP80 @@ -3,6 +3,8 @@ PPP Client Support for Microsoft's CHAP-80 Eric Rosenquist rosenqui@strataware.com (updated by Paul Mackerras) +(updated by Al Longyear) +(updated by Farrell Woods) INTRODUCTION @@ -44,8 +46,23 @@ place, but I didn't need it myself so I didn't implement it. BUILDING THE PPPD MS-CHAP uses a combination of MD4 hashing and DES encryption for -authentication. You'll need to get Eric Young's libdes library in -order to use my MS-CHAP extensions. You can find it in: +authentication. You may need to get Eric Young's libdes library in +order to use my MS-CHAP extensions. A lot of UNIX systems already +have DES encryption available via the crypt(3), encrypt(3) and +setkey(3) interfaces. Some may (such as that on Digital UNIX) +provide only the encryption mechanism and will not perform +decryption. This is okay. We only need to encrypt to perform +MS-CHAP authentication. + +If you have encrypt/setkey available, then hopefully you need only +define these two things in your Makefile: -DUSE_CRYPT and -DCHAPMS. +Skip the paragraphs below about obtaining and building libdes. Do +the "make clean" and "make" as described below. Linux users +should not need to modify their Makefiles. Instead, +just do "make CHAPMS=1 USE_CRYPT=1". + +If you don't have encrypt and setkey, you will need Eric Young's +libdes library. You can find it in: ftp://ftp.funet.fi/pub/crypt/mirrors/ftp.psy.uq.oz.au/DES/libdes-3.06.tar.gz @@ -59,6 +76,8 @@ I used libdes-3.06, but hopefully anything newer than that will work also. Get the library, build and test it on your system, and install it somewhere (typically /usr/local/lib and /usr/local/include). + + You should now be ready to (re)compile the PPPD. Go to the pppd subdirectory and make sure the Makefile contains "-DCHAPMS" in the CFLAGS or COMPILE_FLAGS macro, and that the LIBS macro (or LDADD for @@ -114,6 +133,33 @@ The "remotename" option is required for MS-CHAP since Microsoft PPP servers don't send their system name in the CHAP challenge packet. +E=691 (AUTHENTICATION_FAILURE) ERRORS WHEN YOU HAVE THE VALID SECRET (PASSWORD) + +If your RAS server is not the domain controller and is not a 'stand-alone' +server then it must make a query to the domain controller for your domain. + +You need to specify the domain name with the user name when you attempt to +use this type of a configuration. The domain name is specified with the +local name in the chap-secrets file and with the option for the 'name' +parameter. + +For example, the previous example would become: + + DialupNT domain\\customer47 foobar + domain\\customer47 DialupNT foobar + +and + + pppd name 'domain\\customer47' remotename DialupNT + +or add: + + name domain\\customer47 + remotename DialupNT + +when the Windows NT domain name is simply called 'domain'. + + TROUBLESHOOTING Assuming that everything else has been configured correctly for PPP and @@ -144,6 +190,12 @@ library. If DES checks out, the md4.c routines are probably failing (system byte ordering may be a problem) or my code is screwing up. I've only got access to a Linux system, so you're on your own for anything else. +Another thing that might cause problems is that some RAS servers won't +respond at all to LCP config requests without seeing the word "CLIENT" +from the other end. If you see pppd sending out LCP config requests +without getting any reply, try putting something in your chat script +to send the word CLIENT after the modem has connected. + If everything compiles cleanly, but fails at authentication time, then it might be a case of the MD4 or DES code screwing up. The following small program can be used to test the MS-CHAP code to see if it @@ -158,7 +210,7 @@ produces a known response: int main(argc, argv) int argc; - char *argv[0]; + char *argv[]; { u_char challenge[8]; int challengeInt[sizeof(challenge)];