Discussion:
authenticating both the peers
(too old to reply)
k***@gmail.com
2006-11-08 14:33:01 UTC
Permalink
Hi,

I would like to authenticate both the peers. But when I configure the
pppd options file
with require-pap option on both sides, one of the peer (acting as a
server) sends config-rej to the config-req packet with the pap
authentication option.

the sequence is as follows from the peer acting as the server (not the
actual log)

recvd [config-req <auth pap>]
sent [config-req <auth pap>]
sent [config-rej <auth pap>]

What should I do?

Thanks & Regards,
Sriram K
James Carlson
2006-11-09 17:10:31 UTC
Permalink
Post by k***@gmail.com
the sequence is as follows from the peer acting as the server (not the
actual log)
recvd [config-req <auth pap>]
sent [config-req <auth pap>]
sent [config-rej <auth pap>]
What should I do?
This means that on the system sending the Configure-Reject you don't
have any local credentials that could be sent to the peer for
authentication.

Pppd will refuse to authenticate itself to the peer if there are no
locally configured credentials.

To configure credentials, you *may* need to set up a local user name
via the "user" option, and you *must* set up information in the
/etc/ppp/pap-secrets or /etc/ppp/chap-secrets files.

For example, you could set up one node this way:

pppd options:
user peer-a

/etc/ppp/pap-secrets:
peer-b * "other password" *
peer-a * "my password"

And on the other node this way:

pppd options:
user peer-b

/etc/ppp/pap-secrets:
peer-a * "my password" *
peer-b * "other password"

Note the fourth field (the allowed IP addresses, specified as "*"
here) in the entries used to authenticate the peer (when acting as
authenticator). This is required. It is not required for the entries
that are used as local credentials (when acting as an authenticatee).

There are many other ways to set something like this up. See the man
page for details.
--
James Carlson, KISS Network <***@sun.com>
Sun Microsystems / 1 Network Drive 71.232W Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
Unruh
2006-11-09 17:10:13 UTC
Permalink
Post by k***@gmail.com
Hi,
I would like to authenticate both the peers. But when I configure the
pppd options file
with require-pap option on both sides, one of the peer (acting as a
server) sends config-rej to the config-req packet with the pap
authentication option.
You forgot to tell it how to authenticate the far side. Hint
/etc/ppp/chap-secrets.
Post by k***@gmail.com
the sequence is as follows from the peer acting as the server (not the
actual log)
And why in the world would you post a made up log?
Post by k***@gmail.com
recvd [config-req <auth pap>]
sent [config-req <auth pap>]
sent [config-rej <auth pap>]
Set up your /etc/ppp/pap-secrets file.
Post by k***@gmail.com
What should I do?
Thanks & Regards,
Sriram K
k***@gmail.com
2006-11-13 14:24:00 UTC
Permalink
Sorry for not posting the logs. I have successfully configured to
authenticate both the peers.
Thanks all of you. I will post with the logs here after.

Thanks and Regards,
Sriram K
Post by Unruh
Post by k***@gmail.com
Hi,
I would like to authenticate both the peers. But when I configure the
pppd options file
with require-pap option on both sides, one of the peer (acting as a
server) sends config-rej to the config-req packet with the pap
authentication option.
You forgot to tell it how to authenticate the far side. Hint
/etc/ppp/chap-secrets.
Post by k***@gmail.com
the sequence is as follows from the peer acting as the server (not the
actual log)
And why in the world would you post a made up log?
Post by k***@gmail.com
recvd [config-req <auth pap>]
sent [config-req <auth pap>]
sent [config-rej <auth pap>]
Set up your /etc/ppp/pap-secrets file.
Post by k***@gmail.com
What should I do?
Thanks & Regards,
Sriram K
Loading...