Real Time Ascend Maling List Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (ASCEND) PAP and CHAP with TNT
The send-auth attribute only works if the TNT was calling the client, not
the other way around.
Unfortunately, Microsoft hasn't provided a way to disable CHAP on DUN. Other
PPP implementations (like the old Trumpet Winsock) have knobs to disable
CHAP or PAP. Even if they did, it may be a little
difficult to convince 9000 people to mess with their registries.
Since authentication is negotiated *before* the TNT knows the identity of
the user, there is a catch-22 situation here because you can't tell the TNT
(or any other RAS for that matter) to use different auth protocols for
different users: LCP negotiates which auth protocol *before* knowing the
identity of the user, by the time it learns the identity, it's too late to
negotiate a different auth protocol (old DUNs will crash, some iMac Apples
will have severe problems).
The only solution is what Joel was talking about: tell the TNT which auth
protocol to use based on CLID or DNIS, *before* LCP starts its negotiations.
Try to negotiate with UUnet for a DNIS auth cycle with the attribute
'Ascend-Auth-Type=Auth-PAP'. That's your only solution.
Good luck!
-J
>From: Jim Williams <jaw12@ntrnet.net>
>
>I liked your thought process so I tried it...unfortunately, the CHAP/PAP
>handshaking goes on between the PC and the RAS box (in this case the TNT)
>according to the ppplog file when the modem dials in. I need to find a
>way to change the information in Dial-Up Networking to tell it to lead
>with PAP.
>
>
>
>On Thu, 13 Apr 2000, Jim Segrave wrote:
>
> > Oliver Stettner wrote:
> >
> > What happens if your Radius server includes in its response:
> >
> > ATTRIBUTE Ascend-Send-Auth 231 integer
> > with the value set to
> > VALUE Ascend-Send-Auth Send-Auth-PAP 1
> >
> > This should, I hope, cause the negotiation to restirct itself to PAP
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.nealis.net/ascend/faq>