From: R. Benjamin Kessler (ben@xxxxxxxxxxxxxxxxxxxxx)
Date: Mon Jan 14 2002 - 00:12:46 GMT-3
Just to verify I had it straight in my head I tried it in the lab before I
posted the last time. When I set it up the way the OP listed it didn't work
but it did with the config I posted.
My debug looked a bit different - CHALLENGE and RESPONSE from toto1 and
toto2 not user1 and user2 like those in the original message (but someone
else already posted about that).
If I'm missing something here, let me know.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
fwells12
Sent: Sunday, January 13, 2002 5:01 PM
To: R. Benjamin Kessler; ccielab@groupstudy.com
Subject: Re: ppp chap with different password
I don't believe this is entirely true. If you use the ppp chap/pap sent
password you will need that password on the other side. With plain old chap
and pap authentication you would indeed be correct.
----- Original Message -----
From: "R. Benjamin Kessler" <ben@kesslerconsulting.com>
To: <ccielab@groupstudy.com>
Sent: Sunday, January 13, 2002 12:02 PM
Subject: RE: ppp chap with different password
> your passwords need to be the same on both sides. Instead of what you had
> do the following:
>
> r1
>
> username toto2 pass cisco1
>
> int dial 1
> ppp authen chap
> ppp chap hostname toto1
> ppp chap password cisco1
> -----------------------------
> r2
>
> username toto1 pass cisco1
>
> int dial 1
> ppp authen chap
> ppp chap hostname toto2
> ppp chap password cisco1
>
>
> This will work now. Remember, CHAP authentication doesn't send the
password
> across the line, it sends a hashed version of it; as a result, both sides
> have to have the same passwords configured in order for the hash
comparison
> (MD/DES compare) to work.
>
> Hope this helps.
>
> Ben
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> alain faure
> Sent: Sunday, January 13, 2002 1:22 PM
> To: ccielab@groupstudy.com
> Subject: ppp chap with different password
>
>
> Hello.
>
> Here is my config it don't work
>
> r1
>
> username toto2 pass cisco2
>
> int dial 1
> ppp authen chap
> ppp chap hostname toto1
> ppp chap password cisco1
> -----------------------------
> r2
>
> username toto1 pass cisco1
>
> int dial 1
> ppp authen chap
> ppp chap hostname toto2
> ppp chap password cisco2
>
> i cannot find the mistake here the debug (look at "MD/DES compare failed):
>
>
> 05:56:50: %LINK-3-UPDOWN: Interface Async17, changed state to up
>
> 05:56:50: %DIALER-6-BIND: Interface Async17 bound to profile Dialer1.
>
> 05:56:50: As17 PPP: Treating connection as a callin.
>
> 06:14:00: %LINK-3-UPDOWN: Interface Async1, changed state to up
>
> 06:14:00: %DIALER-6-BIND: Interface As1 bound to profile Di1
>
> 06:14:00: As1 PPP: Treating connection as a callout
>
> 06:14:00: As1 PPP: Phase is ESTABLISHING, Active Open
>
> 06:14:00: As1 PPP: No remote authentication for call-out
>
> 06:14:00: As1 LCP: O CONFREQ [Closed] id 125 len 20
>
> 06:14:00: As1 LCP: ACCM 0x000A0000 (0x0206000A0000)
>
> 06:14:00: As1 LCP: MagicNumber 0x0162AB62 (0x05060162AB62)
>
> 06:14:00: As1 LCP: PFC (0x0702)
>
> 06:14:00: .As1 LCP: ACFC (0x0802)
>
> 06:14:00: As1 LCP: I CONFREQ [REQsent] id 179 len 25
>
> 06:14:00: As1 LCP: ACCM 0x000A0000 (0x020
>
> 05:56:55: As17 CHAP: Using alternate hostname user1
>
> 05:56:55: As17 CHAP: O CHALLENGE id 32 len 26 from "user1"
>
> 05:56:55: As17 CHAP: I RESPONSE id 32 len 26 from "user2"
>
> 05:56:55: As17 CHAP: O FAILURE id 32 len 25 msg is "MD/DES compare
> failed"6000A0000)
> 06:14:00: As1 LCP: AuthProto CHAP (0x0305C22305)
>
> 06:14:00: As1 LCP: MagicNumber 0x01774972 (0x050601774972)
>
> 06:14:00: As1 LCP: PFC (0x0702)
>
> 06:14:00: As1 LCP: ACFC (0x0802)
>
> 06:14:00: As1 LCP: O CONFACK [REQsent] id 179 len 25
>
> 06:14:00: As1 LCP: ACCM 0x000A0000 (0x0206000A0000)
>
> 06:14:00: As1 LCP: AuthProto CHAP (0x0305C22305)
>
> 06:14:00: As1 LCP: MagicNumber 0x01774972 (0x050601774972)
>
> Best regards
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:56:27 GMT-3