PPP 2.3.11 NT RAS a WIN 2000

Michal Bohata mysakb na centrum.cz
Pátek Srpen 18 10:44:04 CEST 2000


Zdravim
Mam problem s pripojovanim do RASu po "upgrade" na WIN 2000.Na puvodni NT
4.0 server jsem se dovolal , a pripojil vcetne callbacku.Ale po upgrade na
W2000 se to uz nedari a prikladam debug z pppd :

Aug 17 23:46:27 localhost pppd[707]: pppd 2.3.11 started by root, uid 0
Aug 17 23:46:48 localhost pppd[707]: Serial connection established.
Aug 17 23:46:48 localhost pppd[707]: Using interface ppp0
Aug 17 23:46:48 localhost pppd[707]: Connect: ppp0 <--> /dev/modem
Aug 17 23:46:49 localhost pppd[707]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
<callback CBCP> <pcomp> <accomp>]
Aug 17 23:46:49 localhost pppd[707]: rcvd [LCP ConfReq id=0x0 <asyncmap 0x0>
<auth chap 81> <magic 0x6c635f34> <pcomp> <accomp> <callback CBCP> < 11 04
06 4e> < 13 17 01 30 64 16 ae 37 5c 4b db 92 80 53 7a ab 26 41 49 00 00 00
00> < 17 04 00 21>]
Aug 17 23:46:49 localhost pppd[707]: sent [LCP ConfRej id=0x0 <magic
0x6c635f34> <callback CBCP> < 11 04 06 4e> < 13 17 01 30 64 16 ae 37 5c 4b
db 92 80 53 7a ab 26 41 49 00 00 00 00> < 17 04 00 21>]
Aug 17 23:46:49 localhost pppd[707]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0>
<callback CBCP> <pcomp> <accomp>]
Aug 17 23:46:49 localhost pppd[707]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0>
<auth chap 81> <pcomp> <accomp>]
Aug 17 23:46:49 localhost pppd[707]: sent [LCP ConfNak id=0x1 <auth chap
MD5>]
Aug 17 23:46:50 localhost pppd[707]: rcvd [LCP ConfReq id=0x2 <asyncmap 0x0>
<auth chap MD5> <pcomp> <accomp>]
Aug 17 23:46:50 localhost pppd[707]: sent [LCP ConfAck id=0x2 <asyncmap 0x0>
<auth chap MD5> <pcomp> <accomp>]
Aug 17 23:46:50 localhost pppd[707]: cbcp_lowerup
Aug 17 23:46:50 localhost pppd[707]: want: 14
Aug 17 23:46:50 localhost pppd[707]: rcvd [CHAP Challenge id=0x0
<23cba2f8d3d654fe710485e98308c001>, name = "xxx"]
Aug 17 23:46:50 localhost pppd[707]: sent [CHAP Response id=0x0
<1923cf5665db0980cb09914ceeada70c>, name = "xxxxx"]
Aug 17 23:46:51 localhost pppd[707]: rcvd [CHAP Failure id=0x0 ""]
Aug 17 23:46:51 localhost pppd[707]: CHAP authentication failed
Aug 17 23:46:51 localhost pppd[707]: sent [LCP TermReq id=0x2 "Failed to
authenticate ourselves to peer"]
Aug 17 23:46:51 localhost pppd[707]: rcvd [LCP TermReq id=0x4
"lc_4\000<\37777777715t\000\000\002\37777777663"]
Aug 17 23:46:51 localhost pppd[707]: sent [LCP TermAck id=0x4]
Aug 17 23:46:51 localhost pppd[707]: rcvd [LCP TermAck id=0x2 "Failed to
authenticate ourselves to peer"]
Aug 17 23:46:51 localhost pppd[707]: Connection terminated.
Aug 17 23:46:52 localhost pppd[707]: Exit.
===============================================
Docela me udivuje ten chap 81 a chap md5 , tak jsem zkusil konzultaci s NT
adminem a ten mi poslal s nasledujici dokument z ktereho je patrne ze po
zmene hesla a povoleni
"Store password using reversible encryption" by to melo zacit fungovat jako
drive ...ale nedeje se tak ....mate nekdo nejakou radu nebo zkusenost ?.
A tady je dokument z technetu .... :

Viz clanek z technetu (q254172 ):

NOTE: Reversibly encrypted passwords are saved during the change-password
process, so existing users must change their passwords to use CHAP. For a
Windows 2000-based remote access server that is a member of a domain, you
can
select the "Store password using reversible encryption for all users in the
domain" option on the domain server as described above.

Alternatively, you can enable reversible storage of passwords for individual
users. By using the Directory Services snap-in, you can select this feature
through the properties of an individual user. Again, note that reversibly
encrypted passwords are saved during the change-password procedure, so
existing
users must change their passwords to use CHAP.

Computers running Windows NT Server store user information in a database
called
the Security Accounts Manager (SAM). The user passwords stored in the SAM
cannot
be compromised, even if the internal file structures are discovered. A user
in a
domain that uses CHAP creates a challenge response by combining the
challenge
sent by the Network Access Server (NAS) and the user's plain-text password.
Windows NT domain controllers cannot reproduce the plain-text password from
the
value stored in the SAM database, and IAS cannot authenticate a CHAP
request.

For additional information, please refer to the following Request for
Comments
(RFC) document: RFC 1994, section 2.2. For information about obtaining RFC
documents from the Internet, please see the following article in the
Microsoft
Knowledge Base:


Diky vsem za pomoc

Michal Bohata
TRU64 Unix administrator






Další informace o konferenci Linux