RE: CHAP Authentication

From: Grant W. Patten (gpatten@xxxxxxxxxx)
Date: Tue May 08 2001 - 15:59:11 GMT-3

• Next message: Leah Lynch: "CCIE Communications and Services"
• Previous message: Paul Crist: "Re: CHAP Authentication"
• Maybe in reply to: Grant Patten: "CHAP Authentication"
• Next in thread: Grant Patten: "RE: CHAP Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
That works just fine. Then is it fair to say definitively that CHAP only
works when both sides are using the same password and it isn't possible to
configure it with different passwords? If so, then why does the
configuration require username/password to be configured for each remote peer?

Thanks,
Grant

At 08:41 PM 5/8/2001 +0300, Khalid Nafie wrote:
>Hi Grant,
> Try to use the same password for both usernames.
>================================================
>Yours,
>Khaled Nafie
>Network Engineer
>Customer Services
>MCSE,CCDP,CCNP VOCIE ACCESS
>NCR Corporation, Kuwait
>Mob.: +965-9872046
>Tel : +965- 2412201, 2412203
>Fax : +965-2413075
>
> > ----------
> > From: Grant Patten[SMTP:gpatten@lucent.com]
> > Reply To: Grant Patten
> > Sent: Tuesday, May 08, 2001 8:12 PM
> > To: 'ccielab@groupstudy.com'
> > Subject: CHAP Authentication
> >
> > I'm struggling to get a good understanding of how exactly CHAP
> > Authentication works. I think I'm missing something fundamental and
> > hopefully one of you can help me out. Thanks.
> >
> > When I use the configuration below, I get the following debug messages:
> >
> > 1d15h: BR0:1 PPP: Treating connection as a callout
> > 1d15h: BR0:1 PPP: Phase is AUTHENTICATING, by both
> > 1d15h: BR0:1 CHAP: Using alternate hostname ISDN2
> > 1d15h: BR0:1 CHAP: O CHALLENGE id 14 len 26 from "ISDN2"
> > 1d15h: BR0:1 CHAP: I CHALLENGE id 14 len 26 from "ISDN1"
> > 1d15h: BR0:1 CHAP: Using alternate hostname ISDN2
> > .d15h: BR0:1 CHAP: O RESPONSE id 14 len 26 from "ISDN2"
> > 1d15h: BR0:1 CHAP: I FAILURE id 14 len 25 msg is "MD/DES compare failed"
> >
> >
> > Here is the relevant portions of the configs I'm using on R1 and R2. I
> > changed the encrypted ppp chap password to what I actually set:
> >
> >
> > R2
> >
> > hostname R2
> > !
> > !
> > username ISDN1 password 0 CCIE
> > !
> > !
> > interface BRI0
> > ip address 147.10.1.2 255.255.255.0
> > no ip directed-broadcast
> > encapsulation ppp
> > dialer map ip 147.10.1.1 name ISDN1 broadcast 8358661
> > dialer-group 1
> > isdn switch-type basic-ni
> > isdn spid1 0835866201
> > isdn spid2 0835866401
> > ppp authentication chap
> > ppp chap hostname ISDN2
> > ppp chap password cisco
> >
> > R1
> > hostname R1
> > !
> > !
> > username ISDN2 password 0 cisco
> > !
> > interface BRI0
> > ip address 147.10.1.1 255.255.255.0
> > no ip directed-broadcast
> > encapsulation ppp
> > dialer map ip 147.10.1.2 name ISDN2 broadcast
> > dialer-group 1
> > isdn switch-type basic-ni
> > isdn spid1 0835866101
> > isdn spid2 0835866301
> > ppp authentication chap
> > ppp chap hostname ISDN1
> > ppp chap password CCIE
> > **Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html

• Next message: Leah Lynch: "CCIE Communications and Services"
• Previous message: Paul Crist: "Re: CHAP Authentication"
• Maybe in reply to: Grant Patten: "CHAP Authentication"
• Next in thread: Grant Patten: "RE: CHAP Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:30:36 GMT-3