pppd rejects "auth chap MD5"
Kyler Laird
AT&T. At home, the POP is an old IBM system. It
handles SLIP and does PPP with PAP. The system I'm
trying to use now appears to be something else and
only wants to do PPP with CHAP MD5.
I set up my chap-secrets file to be the same as my
pap-secrets, but when I try to connect, I get
Aug 6 15:00:32 pia00 pppd[1330]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xb15d85f6> <pcomp> <accomp>]
Aug 6 15:00:32 pia00 pppd[1330]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0xb15d85f6> <pcomp> <accomp>]
Aug 6 15:00:32 pia00 pppd[1330]: rcvd [LCP ConfReq id=0x1 <mru 1500> <asyncmap0x0> <auth chap MD5> <pcomp> <accomp>]
Aug 6 15:00:32 pia00 pppd[1330]: sent [LCP ConfRej id=0x1 <auth chap MD5>]
Aug 6 15:00:33 pia00 pppd[1330]: Hangup (SIGHUP)
Aug 6 15:00:33 pia00 pppd[1330]: Modem hangup
What's up? I read that Linux pppd should be able
to handle CHAP MD5 without any problems. Am I
missing something obvious? I've tried using kppp
and linuxconf in addition to running this manually
and I don't know why it's refusing to do CHAP MD5.
Thanks!
--kyler
Clifford Kite
> I'm out of town and having trouble connecting with AT&T. At home,
> the POP is an old IBM system. It handles SLIP and does PPP with PAP.
> The system I'm trying to use now appears to be something else and
> only wants to do PPP with CHAP MD5.
> I set up my chap-secrets file to be the same as my
> pap-secrets, but when I try to connect, I get
> Aug 6 15:00:32 pia00 pppd[1330]: sent [LCP ConfReq id=0x1 <asyncmap
> 0x0> <magic 0xb15d85f6> <pcomp> <accomp>]
> Aug 6 15:00:32 pia00 pppd[1330]: rcvd [LCP ConfAck id=0x1 <asyncmap
> 0x0> <magic 0xb15d85f6> <pcomp> <accomp>]
> Aug 6 15:00:32 pia00 pppd[1330]: rcvd [LCP ConfReq id=0x1 <mru
> 1500> <asyncmap0x0> <auth chap MD5> <pcomp> <accomp>]
> Aug 6 15:00:32 pia00 pppd[1330]: sent [LCP ConfRej id=0x1 <auth
> chap MD5>]
> Aug 6 15:00:33 pia00 pppd[1330]: Hangup (SIGHUP)
> Aug 6 15:00:33 pia00 pppd[1330]: Modem hangup
> What's up? I read that Linux pppd should be able
> to handle CHAP MD5 without any problems. Am I
> missing something obvious? I've tried using kppp
Maybe. Have you configured pppd with CHAP for authenticating to
the peer?
For that you need the pppd option "user YourISPusername" and the
chap-secrets file configured with the line
YourISPusername * YourISPpassword
with the obvious subsitutions for YourISPusername and YourISPpassword.
You also can't have either of the pppd options option -chap or
refuse-chap.
--
Clifford Kite <kite@inet% port.com> Not a guru. (tm)
/* The wealth of a nation is created by the productive labor of its
* citizens. */
Bill Unruh
]I'm out of town and having trouble connecting with
]AT&T. At home, the POP is an old IBM system. It
]handles SLIP and does PPP with PAP. The system I'm
]trying to use now appears to be something else and
]only wants to do PPP with CHAP MD5.
]I set up my chap-secrets file to be the same as my
]pap-secrets, but when I try to connect, I get
] Aug 6 15:00:32 pia00 pppd[1330]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xb15d85f6> <pcomp> <accomp>]
] Aug 6 15:00:32 pia00 pppd[1330]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0xb15d85f6> <pcomp> <accomp>]
] Aug 6 15:00:32 pia00 pppd[1330]: rcvd [LCP ConfReq id=0x1 <mru 1500> <asyncmap0x0> <auth chap MD5> <pcomp> <accomp>]
] Aug 6 15:00:32 pia00 pppd[1330]: sent [LCP ConfRej id=0x1 <auth chap MD5>]
] Aug 6 15:00:33 pia00 pppd[1330]: Hangup (SIGHUP)
] Aug 6 15:00:33 pia00 pppd[1330]: Modem hangup
]What's up? I read that Linux pppd should be able
]to handle CHAP MD5 without any problems. Am I
]missing something obvious? I've tried using kppp
]and linuxconf in addition to running this manually
]and I don't know why it's refusing to do CHAP MD5.
You either forgot to fill /etc/ppp/chap-secrets with your
username * password *
or you forgot to give pppd the
user username
option.
Kyler Laird
>You either forgot to fill /etc/ppp/chap-secrets with your
>username * password *
>or you forgot to give pppd the
>user username
>option.
Late last night I actually figured this out on
my own. (I got the source and dug in last night.)
What threw me was that PAP didn't require the
"user" argument and that's what I had been using.
I set the username and tried all of the
permutations of userIDs that AT&T told me
*might* be correct (each of them appearing in my
chap-secrets), but I always get
Aug 7 09:37:06 pia00 pppd[13818]: rcvd [CHAP Failure id=0x1 ")!Error 20 Incorrect account or user ID.\r\n\000\000"]
I also tried this from my brother-in-law's Mac
without any luck.
AT&T is next to useless. I'd like to find an
ISP with lots of POPs *and* a brain on the
other end of the phone. (UUnet?)
Thank you for helping me. It's frustrating to
have to dial long distance to connect to an ISP
with a local number.
--kyler
Guy White
> You either forgot to fill /etc/ppp/chap-secrets with your
> username * password *
> or you forgot to give pppd the
> user username
> option.
Are you sure that option isn't supposed to be;
name username
(not)
user username
??
Earthlink uses chap and that's what I have in my /etc/ppp/options. I
checked the pppd manpage and it states that too, at least on the
version I use. Sorry about the nitpick but the details make all the
difference in config files.
Kyler Laird
As expected, it had nothing to do with pppd.
I was originally on IBM's dialup service. It was
sold to AT&T. Before I left, I neglected to get
the local POP number, so I called in to get it
through the touch-tone interface. After getting
routed around several times, I got the phone
number +1 304-234-6910. Today I looked online
and also found +1 304-233-4972.
Well...it turns out I needed the AT&T Business
Internet number, +1 304-234-6901. I got that
and was able to get on without any problems.
Why AT&T has 3 POP numbers here in Wheeling and
why they don't behave the same is beyond me, but
I am glad to be on with a local call now that I
have spent probably $40 ($.50/call) in local call
charges.
Sorry to have been so confused by the CHAP stuff.
Thank you for the help.
--kyler
Bill Unruh
]In comp.os.linux.networking Bill Unruh <un...@physics.ubc.ca> posted:
]> You either forgot to fill /etc/ppp/chap-secrets with your
]> username * password *
]> or you forgot to give pppd the
]> user username
]> option.
]Are you sure that option isn't supposed to be;
]name username
](not)
]user username
]??
Yes. name is a priviledged option, and can only be used either by root
or inserted into the /etc/ppp/options file. user is an unprivildged
option, which works fine with chap and pap.
I have not figured out yet why there are two commands, one priviledged
and one not, but perhaps name overrides user, allowing the sysadmin to
restrict signons.
]Earthlink uses chap and that's what I have in my /etc/ppp/options. I
]checked the pppd manpage and it states that too, at least on the
]version I use. Sorry about the nitpick but the details make all the
]difference in config files.
Yes, you are fine, as you put it into the options file. You would have
found it did nto work had you put it into the pppd command line. So
either works-- name is just more restrictive.
Guy White
> Yes, you are fine, as you put it into the options file. You would have
> found it did nto work had you put it into the pppd command line. So
> either works-- name is just more restrictive.
After I found out that *all* of the options can go in /etc/ppp/options
instead of using them from the command line that's the way I do now.
When I want to start my ISP connection I just type 'pppd', it
picks up and goes. With the _demand_ option enabled I don't even have
to do that. The author(s) of pppd thought of everything.