Discussion:
Using PAP authentication with Windows XP Home
(too old to reply)
charleso
2007-03-28 02:41:34 UTC
Permalink
Hi,
I am trying to get an embedded system talking to my PC running Windows
XP Home and for some reason the Windows XP PC will not allow PAP
authentication.
From what I've read the Windows settings should be correct. In the
"Incoming Connections" properties I have "Require all users to secure
their passwords and data" unchecked and if I run "netsh ras show
authtype" from a command line it shows that PAP, SPAP, MSCHAP and
MSCHAPv2 are enabled. I'm connecting direct to the serial port and
sending "CLIENT" <pause> "CLIENT" to get the connection started (PC
replies with "CLIENTSERVER").

When the PPP client tries to connect and does not specify an
authorisation protocol in the configuration request the PC sends a
protocol reject when the PAP request is sent.
If I make the PPP client specify the authorisation protocol as PAP in
the configuration request then the PC sends a configuration reject
with just the PAP option in it.

Any ideas on how I can make this work or other settings to try?

- Charles
James Carlson
2007-03-28 18:42:36 UTC
Permalink
Post by charleso
When the PPP client tries to connect and does not specify an
authorisation protocol in the configuration request the PC sends a
protocol reject when the PAP request is sent.
Please post actual logs rather than a description of them.

What is in the LCP Configure-Request sent by the PC? And how does the
embedded system respond to that request?
Post by charleso
If I make the PPP client specify the authorisation protocol as PAP in
the configuration request then the PC sends a configuration reject
with just the PAP option in it.
That part is understandable. By including the Authentication Protocol
option in your LCP Configure-Request message from the embedded system,
you're demanding that the PC authenticate itself to the embedded
system -- that is, having the PC behave as a client. Since you've
configured it not to work that way, it should fail.
--
James Carlson, Solaris Networking <***@sun.com>
Sun Microsystems / 1 Network Drive 71.232W Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
charleso
2007-03-30 00:16:45 UTC
Permalink
Post by James Carlson
Post by charleso
When the PPP client tries to connect and does not specify an
authorisation protocol in the configuration request the PC sends a
protocol reject when the PAP request is sent.
Please post actual logs rather than a description of them.
Thanks for your help.
I've attached a log from Wireshark below (I'm not sure why the source
and destination shown in the Wireshark log isn't more sensible, but
anything with a source of "Receive_0b" has come from the embedded
system and anything with a source of "Send_0b" has come from the PC).
Post by James Carlson
What is in the LCP Configure-Request sent by the PC? And how does the
embedded system respond to that request?
The PC tries to negotiate the following options -

Async Control Character Map: 0x00000000 (None)
Magic number: 0x2e9c38a0
Protocol field compression
Address/control field compression
Callback: 3 bytes
Operation: Location is determined during CBCP negotiation
(0x06)
Multilink MRRU: 1614
Multilink endpoint discriminator: 23 bytes
Class: Locally assigned address (1)
Address (20 bytes)
Link discriminator for BAP: 0x000a

and the embedded system rejects these options -

Magic number: 0x2e9c38a0
Callback: 3 bytes
Operation: Location is determined during CBCP negotiation
(0x06)
Multilink MRRU: 1614
Multilink endpoint discriminator: 23 bytes
Class: Locally assigned address (1)
Address (20 bytes)
Link discriminator for BAP: 0x000a
Post by James Carlson
Post by charleso
If I make the PPP client specify the authorisation protocol as PAP in
the configuration request then the PC sends a configuration reject
with just the PAP option in it.
That part is understandable. By including the Authentication Protocol
option in your LCP Configure-Request message from the embedded system,
you're demanding that the PC authenticate itself to the embedded
system -- that is, having the PC behave as a client. Since you've
configured it not to work that way, it should fail.
OK, that makes sense. Thanks.

The interesting thing is that if I get the embedded system to skip the
PAP step it all works OK and it is able to send UDP packets to the PC.
I think that this is because I have "Always allow directly connected
devices such as palmtop computers to connect without providing a
password". I had assumed that this option would allow it to connect
with or without a password, but maybe it causes the PC to reject the
PAP.
Aah! I just re-read the RFC and if it doesn't ask for PAP then it
expects no authentication so you should not send the PAP logon request
- makes sense really.


If I disable the "Always allow directly connected devices such as
palmtop computers to connect without providing a password" option then
the PC insists on sending a CHAP request and ignores the PAP logon,
even though I have "Require all users to secure their passwords and
data" option disabled. I think this is because the embedded system is
not rejecting the auth option of CHAP correctly, so I'll play with
that to see if I can improve it.

- Charles

(Here's the Wireshark log for PAP reject)

No. Time Source Destination
Protocol Info
1 0.000000 Receive_0b Receive_0b PPP
LCP Configuration Request

Frame 1 (28 bytes on wire, 28 bytes captured)
PPP Link Control Protocol
Code: Configuration Request (0x01)
Identifier: 0x01
Length: 14
Options: (10 bytes)
Async Control Character Map: 0x000a0000 (, DC1 (XON)DC3
(XOFF))
Protocol field compression
Address/control field compression

0000 20 52 45 43 56 0b 20 52 45 43 56 0b c0 21 01 01 RECV.
RECV..!..
0010 00 0e 02 06 00 0a 00 00 07 02 08 02 ............

No. Time Source Destination
Protocol Info
2 0.000000 Send_0b Send_0b PPP
LCP Configuration Request

Frame 2 (68 bytes on wire, 68 bytes captured)
PPP Link Control Protocol
Code: Configuration Request (0x01)
Identifier: 0x00
Length: 54
Options: (50 bytes)
Async Control Character Map: 0x00000000 (None)
Magic number: 0x2e9c38a0
Protocol field compression
Address/control field compression
Callback: 3 bytes
Operation: Location is determined during CBCP negotiation
(0x06)
Multilink MRRU: 1614
Multilink endpoint discriminator: 23 bytes
Class: Locally assigned address (1)
Address (20 bytes)
Link discriminator for BAP: 0x000a

0000 20 53 45 4e 44 0b 20 53 45 4e 44 0b c0 21 01 00 SEND.
SEND..!..
0010 00 36 02 06 00 00 00 00 05 06 2e 9c 38 a0 07 02 .
6..........8...
0020 08 02 0d 03 06 11 04 06 4e 13 17 01 8a 29 fe 5c ........N....).
\
0030 a7 77 42 fc bd d8 c9 42 d1 79 c0 5d 00 00 00
00 .wB....B.y.]....
0040 17 04 00 0a ....

No. Time Source Destination
Protocol Info
3 0.000000 Send_0b Send_0b PPP
LCP Configuration Ack

Frame 3 (28 bytes on wire, 28 bytes captured)
PPP Link Control Protocol
Code: Configuration Ack (0x02)
Identifier: 0x01
Length: 14
Options: (10 bytes)
Async Control Character Map: 0x000a0000 (, DC1 (XON)DC3
(XOFF))
Protocol field compression
Address/control field compression

0000 20 53 45 4e 44 0b 20 53 45 4e 44 0b c0 21 02 01 SEND.
SEND..!..
0010 00 0e 02 06 00 0a 00 00 07 02 08 02 ............

No. Time Source Destination
Protocol Info
4 1.015625 Receive_0b Receive_0b PPP
LCP Configuration Reject

Frame 4 (58 bytes on wire, 58 bytes captured)
PPP Link Control Protocol
Code: Configuration Reject (0x04)
Identifier: 0x00
Length: 44
Options: (40 bytes)
Magic number: 0x2e9c38a0
Callback: 3 bytes
Operation: Location is determined during CBCP negotiation
(0x06)
Multilink MRRU: 1614
Multilink endpoint discriminator: 23 bytes
Class: Locally assigned address (1)
Address (20 bytes)
Link discriminator for BAP: 0x000a

0000 20 52 45 43 56 0b 20 52 45 43 56 0b c0 21 04 00 RECV.
RECV..!..
0010 00 2c 05 06 2e 9c 38 a0 0d 03 06 11 04 06 4e 13 .,....
8.......N.
0020 17 01 8a 29 fe 5c a7 77 42 fc bd d8 c9 42 d1 79 ...).
\.wB....B.y
0030 c0 5d 00 00 00 00 17 04 00 0a .]........

No. Time Source Destination
Protocol Info
5 1.031250 Send_0b Send_0b PPP
LCP Configuration Request

Frame 5 (28 bytes on wire, 28 bytes captured)
PPP Link Control Protocol
Code: Configuration Request (0x01)
Identifier: 0x01
Length: 14
Options: (10 bytes)
Async Control Character Map: 0x00000000 (None)
Protocol field compression
Address/control field compression

0000 20 53 45 4e 44 0b 20 53 45 4e 44 0b c0 21 01 01 SEND.
SEND..!..
0010 00 0e 02 06 00 00 00 00 07 02 08 02 ............

No. Time Source Destination
Protocol Info
6 1.562500 Receive_0b Receive_0b PPP
LCP Configuration Ack

Frame 6 (28 bytes on wire, 28 bytes captured)
PPP Link Control Protocol
Code: Configuration Ack (0x02)
Identifier: 0x01
Length: 14
Options: (10 bytes)
Async Control Character Map: 0x00000000 (None)
Protocol field compression
Address/control field compression

0000 20 52 45 43 56 0b 20 52 45 43 56 0b c0 21 02 01 RECV.
RECV..!..
0010 00 0e 02 06 00 00 00 00 07 02 08 02 ............

No. Time Source Destination
Protocol Info
7 1.578125 Send_0b Send_0b PPP
CCP Configuration Request

Frame 7 (24 bytes on wire, 24 bytes captured)
PPP Compression Control Protocol
Code: Configuration Request (0x01)
Identifier: 0x02
Length: 10
Options: (6 bytes)
Microsoft PPC: Supported Bits: 0x00000001
.... .... .... .... .... .... .... ...1 = Desire to
negotiate MPPC
.... .... .... .... .... .... ...0 .... = Obsolete (should
ALWAYS be 0)
.... .... .... .... .... .... ..0. .... = 40-bit
encryption OFF
.... .... .... .... .... .... .0.. .... = 128-bit
encryption OFF
.... .... .... .... .... .... 0... .... = 56-bit
encryption OFF
.... ...0 .... .... .... .... .... .... = Stateless mode
OFF

0000 20 53 45 4e 44 0b 20 53 45 4e 44 0b 80 fd 01 02 SEND.
SEND.....
0010 00 0a 12 06 00 00 00 01 ........

No. Time Source Destination
Protocol Info
8 1.578125 Send_0b Send_0b PPP
IPCP Configuration Request

Frame 8 (30 bytes on wire, 30 bytes captured)
PPP IP Control Protocol
Code: Configuration Request (0x01)
Identifier: 0x03
Length: 16
Options: (12 bytes)
IP compression: 6 bytes
IP compression protocol: VJ compression (0x002d)
Max slot id: 15 (0x0f)
Compress slot id: yes (0x01)
IP address: 10.1.1.10

0000 20 53 45 4e 44 0b 20 53 45 4e 44 0b 80 21 01 03 SEND.
SEND..!..
0010 00 10 02 06 00 2d 0f 01 03 06 0a 01 01 0a .....-........

No. Time Source Destination
Protocol Info
9 2.578125 Receive_0b Receive_0b PPP
IPCP Configuration Reject

Frame 9 (24 bytes on wire, 24 bytes captured)
PPP IP Control Protocol
Code: Configuration Reject (0x04)
Identifier: 0x03
Length: 10
Options: (6 bytes)
IP compression: 6 bytes
IP compression protocol: VJ compression (0x002d)
Max slot id: 15 (0x0f)
Compress slot id: yes (0x01)

0000 20 52 45 43 56 0b 20 52 45 43 56 0b 80 21 04 03 RECV.
RECV..!..
0010 00 0a 02 06 00 2d 0f 01 .....-..

No. Time Source Destination
Protocol Info
10 2.578125 Send_0b Send_0b PPP
IPCP Configuration Request

Frame 10 (24 bytes on wire, 24 bytes captured)
PPP IP Control Protocol
Code: Configuration Request (0x01)
Identifier: 0x04
Length: 10
Options: (6 bytes)
IP address: 10.1.1.10

0000 20 53 45 4e 44 0b 20 53 45 4e 44 0b 80 21 01 04 SEND.
SEND..!..
0010 00 0a 03 06 0a 01 01 0a ........

No. Time Source Destination
Protocol Info
11 3.015625 Send_0b Send_0b PPP
CCP Configuration Request

Frame 11 (24 bytes on wire, 24 bytes captured)
PPP Compression Control Protocol
Code: Configuration Request (0x01)
Identifier: 0x05
Length: 10
Options: (6 bytes)
Microsoft PPC: Supported Bits: 0x00000001
.... .... .... .... .... .... .... ...1 = Desire to
negotiate MPPC
.... .... .... .... .... .... ...0 .... = Obsolete (should
ALWAYS be 0)
.... .... .... .... .... .... ..0. .... = 40-bit
encryption OFF
.... .... .... .... .... .... .0.. .... = 128-bit
encryption OFF
.... .... .... .... .... .... 0... .... = 56-bit
encryption OFF
.... ...0 .... .... .... .... .... .... = Stateless mode
OFF

0000 20 53 45 4e 44 0b 20 53 45 4e 44 0b 80 fd 01 05 SEND.
SEND.....
0010 00 0a 12 06 00 00 00 01 ........

No. Time Source Destination
Protocol Info
12 3.640625 Receive_0b Receive_0b PPP
CCP Configuration Reject

Frame 12 (24 bytes on wire, 24 bytes captured)
PPP Compression Control Protocol
Code: Configuration Reject (0x04)
Identifier: 0x05
Length: 10
Options: (6 bytes)
Microsoft PPC: Supported Bits: 0x00000001
.... .... .... .... .... .... .... ...1 = Desire to
negotiate MPPC
.... .... .... .... .... .... ...0 .... = Obsolete (should
ALWAYS be 0)
.... .... .... .... .... .... ..0. .... = 40-bit
encryption OFF
.... .... .... .... .... .... .0.. .... = 128-bit
encryption OFF
.... .... .... .... .... .... 0... .... = 56-bit
encryption OFF
.... ...0 .... .... .... .... .... .... = Stateless mode
OFF

0000 20 52 45 43 56 0b 20 52 45 43 56 0b 80 fd 04 05 RECV.
RECV.....
0010 00 0a 12 06 00 00 00 01 ........

No. Time Source Destination
Protocol Info
13 3.640625 Send_0b Send_0b PPP
CCP Termination Request

Frame 13 (30 bytes on wire, 30 bytes captured)
PPP Compression Control Protocol
Code: Termination Request (0x05)
Identifier: 0x06
Length: 16
Data (12 bytes)

0000 20 53 45 4e 44 0b 20 53 45 4e 44 0b 80 fd 05 06 SEND.
SEND.....
0010 00 10 2e 9c 38 a0 00 3c cd 74 00 00 02 dc ....8..<.t....

No. Time Source Destination
Protocol Info
14 4.093750 Receive_0b Receive_0b PPP
PAP Authenticate-Request

Frame 14 (32 bytes on wire, 32 bytes captured)
PPP Password Authentication Protocol
Code: Authenticate-Request (0x01)
Identifier: 0x02
Length: 18
Data (14 bytes)
Peer ID length: 4 bytes
Peer-ID (4 bytes)
Password length: 8 bytes
Password (8 bytes)

0000 20 52 45 43 56 0b 20 52 45 43 56 0b c0 23 01 02 RECV.
RECV..#..
0010 00 12 04 75 73 65 72 08 70 61 73 73 77 6f 72
64 ...user.password

No. Time Source Destination
Protocol Info
15 4.093750 Send_0b Send_0b PPP
LCP Protocol Reject

Frame 15 (38 bytes on wire, 38 bytes captured)
PPP Link Control Protocol
Code: Protocol Reject (0x08)
Identifier: 0x07
Length: 24
Rejected protocol: Password Authentication Protocol (0xc023)
Rejected packet (18 bytes)
PPP Password Authentication Protocol
Code: Authenticate-Request (0x01)
Identifier: 0x02
Length: 18
Data (14 bytes)
Peer ID length: 4 bytes
Peer-ID (4 bytes)
Password length: 8 bytes
Password (8 bytes)

0000 20 53 45 4e 44 0b 20 53 45 4e 44 0b c0 21 08 07 SEND.
SEND..!..
0010 00 18 c0 23 01 02 00 12 04 75 73 65 72 08 70
61 ...#.....user.pa
0020 73 73 77 6f 72 64 ssword

No. Time Source Destination
Protocol Info
16 5.031250 Send_0b Send_0b PPP
IPCP Configuration Request

Frame 16 (24 bytes on wire, 24 bytes captured)
PPP IP Control Protocol
Code: Configuration Request (0x01)
Identifier: 0x08
Length: 10
Options: (6 bytes)
IP address: 10.1.1.10

0000 20 53 45 4e 44 0b 20 53 45 4e 44 0b 80 21 01 08 SEND.
SEND..!..
0010 00 0a 03 06 0a 01 01 0a ........

No. Time Source Destination
Protocol Info
17 5.625000 Receive_0b Receive_0b PPP
IPCP Configuration Ack

Frame 17 (24 bytes on wire, 24 bytes captured)
PPP IP Control Protocol
Code: Configuration Ack (0x02)
Identifier: 0x08
Length: 10
Options: (6 bytes)
IP address: 10.1.1.10

0000 20 52 45 43 56 0b 20 52 45 43 56 0b 80 21 02 08 RECV.
RECV..!..
0010 00 0a 03 06 0a 01 01 0a ........

No. Time Source Destination
Protocol Info
18 5.921875 Receive_0b Receive_0b PPP
LCP Configuration Request

Frame 18 (28 bytes on wire, 28 bytes captured)
PPP Link Control Protocol
Code: Configuration Request (0x01)
Identifier: 0x03
Length: 14
Options: (10 bytes)
Async Control Character Map: 0x000a0000 (, DC1 (XON)DC3
(XOFF))
Protocol field compression
Address/control field compression

0000 20 52 45 43 56 0b 20 52 45 43 56 0b c0 21 01 03 RECV.
RECV..!..
0010 00 0e 02 06 00 0a 00 00 07 02 08 02 ............

No. Time Source Destination
Protocol Info
19 5.937500 Send_0b Send_0b PPP
LCP Configuration Request

Frame 19 (28 bytes on wire, 28 bytes captured)
PPP Link Control Protocol
Code: Configuration Request (0x01)
Identifier: 0x09
Length: 14
Options: (10 bytes)
Async Control Character Map: 0x00000000 (None)
Protocol field compression
Address/control field compression

0000 20 53 45 4e 44 0b 20 53 45 4e 44 0b c0 21 01 09 SEND.
SEND..!..
0010 00 0e 02 06 00 00 00 00 07 02 08 02 ............

No. Time Source Destination
Protocol Info
20 5.937500 Send_0b Send_0b PPP
LCP Configuration Ack

Frame 20 (28 bytes on wire, 28 bytes captured)
PPP Link Control Protocol
Code: Configuration Ack (0x02)
Identifier: 0x03
Length: 14
Options: (10 bytes)
Async Control Character Map: 0x000a0000 (, DC1 (XON)DC3
(XOFF))
Protocol field compression
Address/control field compression

0000 20 53 45 4e 44 0b 20 53 45 4e 44 0b c0 21 02 03 SEND.
SEND..!..
0010 00 0e 02 06 00 0a 00 00 07 02 08 02 ............

No. Time Source Destination
Protocol Info
21 6.984375 Receive_0b Receive_0b PPP
LCP Configuration Ack

Frame 21 (28 bytes on wire, 28 bytes captured)
PPP Link Control Protocol
Code: Configuration Ack (0x02)
Identifier: 0x09
Length: 14
Options: (10 bytes)
Async Control Character Map: 0x00000000 (None)
Protocol field compression
Address/control field compression

0000 20 52 45 43 56 0b 20 52 45 43 56 0b c0 21 02 09 RECV.
RECV..!..
0010 00 0e 02 06 00 00 00 00 07 02 08 02 ............

No. Time Source Destination
Protocol Info
22 6.984375 Send_0b Send_0b PPP
CCP Configuration Request

Frame 22 (18 bytes on wire, 18 bytes captured)
PPP Compression Control Protocol
Code: Configuration Request (0x01)
Identifier: 0x0a
Length: 4

0000 20 53 45 4e 44 0b 20 53 45 4e 44 0b 80 fd 01 0a SEND.
SEND.....
0010 00 04 ..

No. Time Source Destination
Protocol Info
23 6.984375 Send_0b Send_0b PPP
IPCP Configuration Request

Frame 23 (24 bytes on wire, 24 bytes captured)
PPP IP Control Protocol
Code: Configuration Request (0x01)
Identifier: 0x0b
Length: 10
Options: (6 bytes)
IP address: 10.1.1.10

0000 20 53 45 4e 44 0b 20 53 45 4e 44 0b 80 21 01 0b SEND.
SEND..!..
0010 00 0a 03 06 0a 01 01 0a ........

No. Time Source Destination
Protocol Info
24 8.171875 Receive_0b Receive_0b PPP
IPCP Configuration Ack

Frame 24 (24 bytes on wire, 24 bytes captured)
PPP IP Control Protocol
Code: Configuration Ack (0x02)
Identifier: 0x0b
Length: 10
Options: (6 bytes)
IP address: 10.1.1.10

0000 20 52 45 43 56 0b 20 52 45 43 56 0b 80 21 02 0b RECV.
RECV..!..
0010 00 0a 03 06 0a 01 01 0a ........

No. Time Source Destination
Protocol Info
25 9.281250 Receive_0b Receive_0b PPP
PAP Authenticate-Request

Frame 25 (32 bytes on wire, 32 bytes captured)
PPP Password Authentication Protocol
Code: Authenticate-Request (0x01)
Identifier: 0x05
Length: 18
Data (14 bytes)
Peer ID length: 4 bytes
Peer-ID (4 bytes)
Password length: 8 bytes
Password (8 bytes)

0000 20 52 45 43 56 0b 20 52 45 43 56 0b c0 23 01 05 RECV.
RECV..#..
0010 00 12 04 75 73 65 72 08 70 61 73 73 77 6f 72
64 ...user.password

No. Time Source Destination
Protocol Info
26 9.281250 Send_0b Send_0b PPP
LCP Protocol Reject

Frame 26 (38 bytes on wire, 38 bytes captured)
PPP Link Control Protocol
Code: Protocol Reject (0x08)
Identifier: 0x0c
Length: 24
Rejected protocol: Password Authentication Protocol (0xc023)
Rejected packet (18 bytes)
PPP Password Authentication Protocol
Code: Authenticate-Request (0x01)
Identifier: 0x05
Length: 18
Data (14 bytes)
Peer ID length: 4 bytes
Peer-ID (4 bytes)
Password length: 8 bytes
Password (8 bytes)

0000 20 53 45 4e 44 0b 20 53 45 4e 44 0b c0 21 08 0c SEND.
SEND..!..
0010 00 18 c0 23 01 05 00 12 04 75 73 65 72 08 70
61 ...#.....user.pa
0020 73 73 77 6f 72 64 ssword
charleso
2007-03-30 01:05:04 UTC
Permalink
OK, problem solved.

I had two problems -
1. My PPP implementation would always send a PAP logon even if the
server did not specify an authentication option in the LCP
configuration request.
2. My PPP implementation was checking for MSCHAP, but not MSCHAP v2,
so it wasn't NAKing the authentication option with MSCHAP.

So, looks like the tick boxes in the Windows XP "Incoming Connections"
Users tab do what I originally expected them to. "Require all users to
secure their passwords and data" will insist on using MSCHAP and
"Always allow directly connected devices such as palmtop computers to
connect without providing a password" will not request authentication
in the LCP configuration request when the connection is a direct one.

Thanks for your help James.

- Charles
James Carlson
2007-04-02 14:28:07 UTC
Permalink
Post by charleso
I had two problems -
1. My PPP implementation would always send a PAP logon even if the
server did not specify an authentication option in the LCP
configuration request.
That's not good. You shouldn't be trying to use PAP if the peer
didn't request it.
Post by charleso
2. My PPP implementation was checking for MSCHAP, but not MSCHAP v2,
so it wasn't NAKing the authentication option with MSCHAP.
I don't follow. If you get *ANY* option you don't understand, you
should be sending back either Configure-Nak (to request a value you do
understand) or Configure-Reject (to reject the entire option
outright).

Why would MSCHAPv2 be something you need to check for specially?
Post by charleso
So, looks like the tick boxes in the Windows XP "Incoming Connections"
Users tab do what I originally expected them to. "Require all users to
secure their passwords and data" will insist on using MSCHAP and
"Always allow directly connected devices such as palmtop computers to
connect without providing a password" will not request authentication
in the LCP configuration request when the connection is a direct one.
Yes. Unfortunately, I think there is no direct "Microsoft English to
Technical Description" dictionary available. It'd really be helpful
if there were one, so that people clicking those checkboxes had some
sort of idea what they were actually doing. :-/
--
James Carlson, Solaris Networking <***@sun.com>
Sun Microsystems / 1 Network Drive 71.232W Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
James Carlson
2007-04-02 14:35:56 UTC
Permalink
Post by charleso
The PC tries to negotiate the following options -
Async Control Character Map: 0x00000000 (None)
Magic number: 0x2e9c38a0
Protocol field compression
Address/control field compression
Callback: 3 bytes
Operation: Location is determined during CBCP negotiation
(0x06)
Multilink MRRU: 1614
Multilink endpoint discriminator: 23 bytes
Class: Locally assigned address (1)
Address (20 bytes)
Link discriminator for BAP: 0x000a
The PC isn't asking for any authentication, so you shouldn't be trying
to provide any.

(This is one of the hazards of writing your own PPP implementation,
and also one of the reasons why it's a good thing that high-quality
implementations are readily available as source code under a BSD-like
license.)
Post by charleso
and the embedded system rejects these options -
Magic number: 0x2e9c38a0
Callback: 3 bytes
Operation: Location is determined during CBCP negotiation
(0x06)
Multilink MRRU: 1614
Multilink endpoint discriminator: 23 bytes
Class: Locally assigned address (1)
Address (20 bytes)
Link discriminator for BAP: 0x000a
Why would you reject the Magic Number option? I don't think that's a
good idea.
Post by charleso
Aah! I just re-read the RFC and if it doesn't ask for PAP then it
expects no authentication so you should not send the PAP logon request
- makes sense really.
Right. The default is no authentication. Each peer must request
authentication from the other if it requires that in order to grant
access.
Post by charleso
No. Time Source Destination
Protocol Info
14 4.093750 Receive_0b Receive_0b PPP
PAP Authenticate-Request
Whoa. This should appear here. Not only have these peers not
negotiated the use of PAP (no Authentication Protocol option in any
LCP message), but the link itself is already deep into the Network
phase negotiation -- bringing up CCP and IPCP. Authentication is long
past done.

See section 3.2 of RFC 1661 for a description of the link phases.

The system that sent that PAP message is broken. Securing the barn
door after the horse has left isn't a workable answer. The one that's
rejecting the message is doing the right thing.
--
James Carlson, Solaris Networking <***@sun.com>
Sun Microsystems / 1 Network Drive 71.232W Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
Loading...