Networking Forums
Home Register Members Search Links
Member Login:

Networking Forums > Computer Networking > Windows Networking > IAS and CHAPv2 changed or just config?

Reply
Thread Tools Display Modes

IAS and CHAPv2 changed or just config?

 
 
SumYungGuy
Guest
Posts: n/a

 
      08-24-2004, 04:02 PM
I have an interesting problem. We have a third-party firewall and RAS
appliance. The appliance supports RADIUS backend authentication and we
have planned to use IAS in 2k3 to supply that service. There appears
to be a problem between the IAS box and the appliance. When users
attempt to login to the appliance, it dutifully passes the
authentication back to IAS, whose logs actually shows the users as
successfully authenticating and it issuing the access-accept. But the
response of the appliance is that the users failed to authenticate.
Upon speaking to the support team for my appliance, they seemed
interested that I was using 2k3 IAS. They told me that they had not
tried it yet but that their product worked just fine on 2k IAS. I did
not want to believe that, but I decided after some frustration to test
their claim. I set up a 2k IAS machine, authorized it in AD, and
watched it succeed where 2k3 did not. Amazed, I set off to figure out
the difference.

The problem appears to be in CHAPv2 negotiation. In the failing 2k3
scenario, the PPP daemon on the appliance will show in its debug
output:

PPP send: CHAP Challenge id(1)
PPP recv: LCP Identification id(3) len(18)
PPP send: LCP Code_Reject id(2) len(22)
PPP recv: LCP Identification id(4) len(22)
PPP send: LCP Code_Reject id(3) len(26)
PPP recv: CHAP Response id(1)
No CHAP secret found for authenticating My.UserName
RADIUS server error

whereas the successful 2000 session's debug output on the appliance
side looks like this:

PPP send: CHAP Challenge id(1)
PPP recv: LCP Identification id(4) len(18)
PPP send: LCP Code_Reject id(2) len(22)
PPP recv: LCP Identification id(5) len(22)
PPP send: LCP Code_Reject id(3) len(26)
PPP recv: CHAP Response id(1)
No CHAP secret found for authenticating My.UserName
PPP send: CHAP Success id(1) msg(<--some stuff-->)
PPP send: CBCP
MSCHAP-v2 peer authentication succeeded for My.UserName

can somebody help me hunt down what the differences might be in the
two configs which cause this? Or can somebody point me towards some
resources for interpreting LCP and CHAPv2 negotiation in PPP as
applies to RADIUS?

I have already presented this to the Microsoft managed newsgroups and
they blame the appliance vendor and the vendor blames MS. Anybody else
got any good ideas?

Thanks.
 
Reply With Quote
 
 
 
Reply

« VPN connectivity | Connecting from ME to 2000 »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Puplic IP changed Len K Windows Networking 5 02-21-2008 03:48 PM
Getting IP address, DWL-2000, PEAP/MS-CHAPv2 T O M E I R I K J E N S E N Wireless Networks 0 10-05-2005 07:54 PM
DNS Changed - by what? Nobody Home Networking 5 09-11-2005 04:18 PM
Changed ip address Chubb Broadband Hardware 2 08-28-2004 12:47 AM
Changed 192.168.0.1 to something else Marvin G Windows Networking 5 10-05-2003 03:49 PM


Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11