git Service of IN-Ulm e.V. Explore Help
Sign In
cbiedl
/
pptpd
1
0
Fork 0
Files
Branch: master
Branches Tags
pptpd
/
html
/
poptop_ads_howto
/
poptop_ads_howto_8.htm

poptop_ads_howto_8.htm 7.5 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103 
  1. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
    2. 

  2. "http://www.w3.org/TR/html4/loose.dtd">
    3. 

  3. <html>
    4. 

  4. <head>
    5. 

  5. <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    6. 

  6. <title>Poptop MSCHAP2 ADS Howto</title>
    7. 

  7. </head>
    8. 

  8. 

  9. <body>
    10. 

  10. <p><strong>13. Software for R</strong><strong>adius Setup</strong></p>
    11. 

  11. <p><em>freeradius</em> is not in the Fedora 8 DVD although it is in the F8 yum repository. Therefore, by default, it is not installed. Installing  it through <em>yum</em> is recommended as it has quite a few dependences. <em>yum</em> will resolve all required dependences automagically. The version of <em>freeradius</em> in F8 is v1.1.7. </p>
    12. 

  12. <blockquote>
    13. 

  13.   <pre>[root@pptp ~]# yum install freeradius </pre>
    14. 

  14. </blockquote>
    15. 

  15. <p>The second software you will need is <em>radiusclient-ng</em>. It is also available in the F8 yum repository. The version of the software is v0.5.6. </p>
    16. 

  16. <blockquote>
    17. 

  17.   <pre>[root@pptp ~]# yum install radiusclient-ng </pre>
    18. 

  18. </blockquote>
    19. 

  19. <p><strong>Note:</strong> information for FC4 / 5 / 6 is in <a href="poptop_ads_howto_a4.htm">Appendix A4</a>.</p>
    20. 

  20. <hr>
    21. 

  21. <p><strong><a name="rclient"></a>14. radiusclient-ng</strong></p>
    22. 

  22. <p>The pppd radius plugin relies on the radiusclient package. Fedora, however, provides radiusclient-ng. To make pppd work with radiusclient-ng, create a soft link with the following command.</p>
    23. 

  23. <blockquote>
    24. 

  24. <pre>[root@pptp ~]# cd /etc
    25. 

  25. [root@pptp etc]# ln -s radiusclient-ng radiusclient</pre>
    26. 

  26. </blockquote>
    27. 

  27. <p>There are a few configuration files in /etc/radiusclient-ng to look at. The first one is /etc/radiusclient-ng/servers which specify the radius server name and key. We have the radius server in the same box. So the file is like this:</p>
    28. 

  28. <blockquote>
    29. 

  29.   <pre>#Server Name or Client/Server pair              Key<br>#----------------                               ---------------<br>localhost                                       testing123	 </pre>
    30. 

  30. </blockquote>
    31. 

  31. <p>The key is the secret of the radius server which is specified in /etc/raddb/clients.conf. Older version of freeradius has the default key &quot;testing123&quot;. Of course, it is a bad idea to use the default.</p>
    32. 

  32. <hr>
    33. 

  33. <a name="rclientconf"></a><strong>14.1 radiusclient.conf</strong>
    34. 

  34. <p>The main configuration file for radiusclient is /etc/radiusclient-ng/radiusclient.conf. Here is how it should be when all remarks are stripped off:</p>
    35. 

  35. <blockquote>
    36. 

  36.   <pre>auth_order radius
    37. 

  37. login_tries 4
    38. 

  38. login_timeout 60
    39. 

  39. nologin /etc/nologin
    40. 

  40. issue /etc/radiusclient-ng/issue
    41. 

  41. authserver localhost
    42. 

  42. acctserver localhost
    43. 

  43. servers /etc/radiusclient-ng/servers
    44. 

  44. dictionary /usr/share/radiusclient-ng/dictionary
    45. 

  45. login_radius /usr/sbin/login.radius
    46. 

  46. seqfile /var/run/radius.seq
    47. 

  47. mapfile /etc/radiusclient-ng/port-id-map
    48. 

  48. default_realm
    49. 

  49. radius_timeout 10
    50. 

  50. radius_retries 3
    51. 

  51. #bindaddr *
    52. 

  52. login_local /bin/login</pre>
    53. 

  53. </blockquote>
    54. 

  54. <p>Basically, all of the lines are default. I have not changed anything.</p>
    55. 

  55. <hr>
    56. 

  56. <strong><a name="dict"></a>14.2 dictionary.microsoft</strong>
    57. 

  57. <p>In /usr/share/radiusclient-ng directory, there is a file called dictionary. Add the following line to the end of the file.</p>
    58. 

  58. <blockquote>
    59. 

  59.   <pre>INCLUDE /usr/share/radiusclient-ng/dictionary.microsoft</pre>
    60. 

  60. </blockquote>
    61. 

  61. <p>The file, dictionary.microsoft, is not included in the radiusclient-ng package. We can modify the one from  freeradius so that it can be used by pppd.</p>
    62. 

  62. <p>First of all, copy the freeradius one, /usr/share/freeradius/dictionary.microsoft, to /usr/share/radiusclient-ng. Then change the word &quot;octets&quot; to &quot;string&quot; in the file. Add the word Microsoft to all attributes. Here is my version: </p>
    63. 

  63. <blockquote>
    64. 

  64.   <pre>#<br>#       Microsoft's VSA's, from RFC 2548<br>#<br>#       $Id: poptop_ads_howto_8.htm,v 1.8 2008/10/02 08:11:48 wskwok Exp $<br>#
    65. 

  65. 

  66. VENDOR          Microsoft       311     Microsoft
    67. 

  67. 

  68. BEGIN VENDOR    Microsoft
    69. 

  69. ATTRIBUTE       MS-CHAP-Response        1       string  Microsoft<br>ATTRIBUTE       MS-CHAP-Error           2       string  Microsoft<br>ATTRIBUTE       MS-CHAP-CPW-1           3       string  Microsoft<br>ATTRIBUTE       MS-CHAP-CPW-2           4       string  Microsoft<br>ATTRIBUTE       MS-CHAP-LM-Enc-PW       5       string  Microsoft<br>ATTRIBUTE       MS-CHAP-NT-Enc-PW       6       string  Microsoft<br>ATTRIBUTE       MS-MPPE-Encryption-Policy 7     string  Microsoft<br># This is referred to as both singular and plural in the RFC.<br># Plural seems to make more sense.<br>ATTRIBUTE       MS-MPPE-Encryption-Type 8       string  Microsoft<br>ATTRIBUTE       MS-MPPE-Encryption-Types  8     string  Microsoft<br>ATTRIBUTE       MS-RAS-Vendor           9       integer Microsoft<br>ATTRIBUTE       MS-CHAP-Domain          10      string  Microsoft<br>ATTRIBUTE       MS-CHAP-Challenge       11      string  Microsoft<br>ATTRIBUTE       MS-CHAP-MPPE-Keys       12      string  Microsoft encrypt=1<br>ATTRIBUTE       MS-BAP-Usage            13      integer Microsoft<br>ATTRIBUTE       MS-Link-Utilization-Threshold 14 integer        Microsoft<br>ATTRIBUTE       MS-Link-Drop-Time-Limit 15      integer Microsoft<br>ATTRIBUTE       MS-MPPE-Send-Key        16      string  Microsoft<br>ATTRIBUTE       MS-MPPE-Recv-Key        17      string  Microsoft<br>ATTRIBUTE       MS-RAS-Version          18      string  Microsoft<br>ATTRIBUTE       MS-Old-ARAP-Password    19      string  Microsoft<br>ATTRIBUTE       MS-New-ARAP-Password    20      string  Microsoft<br>ATTRIBUTE       MS-ARAP-PW-Change-Reason 21     integer Microsoft
    70. 

  70. 

  71. ATTRIBUTE       MS-Filter               22      string  Microsoft<br>ATTRIBUTE       MS-Acct-Auth-Type       23      integer Microsoft<br>ATTRIBUTE       MS-Acct-EAP-Type        24      integer Microsoft<br>
    72. 

  72. ATTRIBUTE       MS-CHAP2-Response       25      string  Microsoft<br>ATTRIBUTE       MS-CHAP2-Success        26      string  Microsoft<br>ATTRIBUTE       MS-CHAP2-CPW            27      string  Microsoft
    73. 

  73. 

  74. ATTRIBUTE       MS-Primary-DNS-Server   28      ipaddr<br>ATTRIBUTE       MS-Secondary-DNS-Server 29      ipaddr<br>ATTRIBUTE       MS-Primary-NBNS-Server  30      ipaddr<br>ATTRIBUTE       MS-Secondary-NBNS-Server 31     ipaddr
    75. 

  75. 

  76. #ATTRIBUTE      MS-ARAP-Challenge       33      string  Microsoft
    77. 

  77. 

  78. #<br>#       Integer Translations<br>#
    79. 

  79. 

  80. #       MS-BAP-Usage Values
    81. 

  81. 

  82. VALUE           MS-BAP-Usage            Not-Allowed     0<br>VALUE           MS-BAP-Usage            Allowed         1<br>VALUE           MS-BAP-Usage            Required        2
    83. 

  83. 

  84. #       MS-ARAP-Password-Change-Reason Values
    85. 

  85. 

  86. VALUE   MS-ARAP-PW-Change-Reason        Just-Change-Password            1<br>VALUE   MS-ARAP-PW-Change-Reason        Expired-Password                2<br>VALUE   MS-ARAP-PW-Change-Reason        Admin-Requires-Password-Change  3<br>VALUE   MS-ARAP-PW-Change-Reason        Password-Too-Short              4
    87. 

  87. 

  88. #       MS-Acct-Auth-Type Values
    89. 

  89. 

  90. VALUE           MS-Acct-Auth-Type       PAP             1<br>VALUE           MS-Acct-Auth-Type       CHAP            2<br>VALUE           MS-Acct-Auth-Type       MS-CHAP-1       3<br>VALUE           MS-Acct-Auth-Type       MS-CHAP-2       4<br>VALUE           MS-Acct-Auth-Type       EAP             5
    91. 

  91. 

  92. #       MS-Acct-EAP-Type Values
    93. 

  93. 

  94. VALUE           MS-Acct-EAP-Type        MD5             4<br>VALUE           MS-Acct-EAP-Type        OTP             5<br>VALUE           MS-Acct-EAP-Type        Generic-Token-Card      6<br>VALUE           MS-Acct-EAP-Type        TLS             13
    95. 

  95. 

  96. END-VENDOR Microsoft
    97. 

  97. </pre>
    98. 

  98. </blockquote><p></p>
    99. 

  99. <hr>
    100. 

  100. <a href="poptop_ads_howto_9.htm">Next</a> &nbsp;&nbsp;<a href="poptop_ads_howto_7.htm">Previous</a>&nbsp;&nbsp;<a href="poptop_ads_howto_1.htm#toc">Content</a>
    101. 

  101. <p></p>
    102. 

  102. </body>
    103. 

  103. </html>
    104.