From nobody  Sat Jul 19 05:03:33 1997
Received: (from nobody@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id FAA22379;
          Sat, 19 Jul 1997 05:03:33 -0700 (PDT)
Message-Id: <199707191203.FAA22379@hub.freebsd.org>
Date: Sat, 19 Jul 1997 05:03:33 -0700 (PDT)
From: yugi@inter.net.il
To: freebsd-gnats-submit@freebsd.org
Subject: can't connect to Win NT 4.0 RAS using MS CHAP  and CBCP
X-Send-Pr-Version: www-1.0

>Number:         4119
>Category:       kern
>Synopsis:       can't connect to Win NT 4.0 RAS using MS CHAP  and CBCP
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    brian
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Jul 19 05:10:01 PDT 1997
>Closed-Date:    Tue Apr 14 12:19:53 PDT 1998
>Last-Modified:  Tue Apr 14 12:20:05 PDT 1998
>Originator:     Yuri Gindin
>Release:        3.0-current
>Organization:
Xpert UNIX systems
>Environment:
FreeBSD moon 3.0-CURRENT FreeBSD 3.0-CURRENT #2: Sat Jun  7 13:56:55 IDT 1997
yugi@moon:/disk2/src/sys/compile/MOON  i386
>Description:
I need to connect to the NT 4.0 RAS server which authenticates with MS CHAP
and uses CBCP. I used the ppp-2.3.1 package on Solaris and Linux with full success
Under FreeBSD I can't compile both kernel and pppd on the 3.0-current system
using this package (ftp://cs.anu.edu.au/pub/software/ppp)
Please upgrade to ppp-2.3.1
>How-To-Repeat:
Try to compile ppp-2.3.1 on 3.0-current
>Fix:
Upgrade kernel and pppd to ppp-2.3.1
>Release-Note:
>Audit-Trail:

From: tedm@toybox.placo.com
To: <freebsd-gnats-submit@freebsd.org>
Cc:  Subject: Re: kern/4119: can't connect to Win NT 4.0 RAS using MS CHAP  and CBCP
Date: Fri, 25 Jul 97 01:08:43

 As a temporary workaround to this problem, in /etc/ppp/options place the
 following:
 
 +pap
 -chap
 
 Also make sure that the checkbox in Windows NT RAS is set to allow unencrypted
 passwords.  (this is the default in Windows 95 Dialup Networking)
 
 The pppd daemon program defaults to using CHAP when requiring authentication
 is turned on.  Microsoft PPP will authenticate with either PAP or CHAP authentication
 unless the Require Encrypted Passwords setting is turned on in the Microsoft software.

From: "Ted Mittelstaedt" <tedm@toybox.placo.com>
To: <freebsd-gnats-submit@freebsd.org>
Cc:  Subject: Re: kern/4119: can't connect to Win NT 4.0 RAS using MS CHAP  and CBCP
Date: Mon, 28 Jul 1997 01:03:43 -0700

 Further investigation on this,
 
 Microsoft's MS-CHAP is different from regular CHAP because they use MD4,
 rather than MD5 as standard CHAP does.
 
 MS has released preliminary standards-based MD5-CHAP support in Service
 Pack 3 for NT Server 4.0.  In addition to MD5-CHAP support, many security
 holes have been closed with this service pack, so it is unlikely that
 anyone running a Windows NT 4.0 server is going to resist applying this
 service pack.
 
 It is not enough to simply apply the service pack, a Registry Key must be
 altered in the NT Server to turn on MD5 support in CHAP.  This is explained
 in the service pack readme, as well as in the Microsoft Knowledgebase on
 their web site.
 
 Win95 Dialup Networking clients will use either the standards-based MD5 or
 MD4-based MS-CHAP to authenticate, so turning on MD5-CHAP support in NT
 Server with this registry key should not affect them.  In addition, Win95
 Dialup Networking clients by default don't require encrypted passwords, so
 it is unlikely that casual installation of 95 clients dialup networking
 will have turned on the checkbox for requiring encrypted passwords.  As a
 result, even if the 95 clients cannot authenticate to a patched NT Server
 using CHAP, they will simply switch over to PAP.
 
State-Changed-From-To: open->feedback 
State-Changed-By: brian 
State-Changed-When: Sat Oct 4 18:36:39 PDT 1997 
State-Changed-Why:  
Can we re-test this.  Peter recently brought ppp up to 2.3.1. 


Responsible-Changed-From-To: freebsd-bugs->brian 
Responsible-Changed-By: brian 
Responsible-Changed-When: Sat Oct 4 18:36:39 PDT 1997 
Responsible-Changed-Why:  
This should be no problem to fix - we've got it working in 
ppp :-) 

From: Brian Somers <brian@awfulhak.org>
To: Yuri Gindin <yugi@inter.net.il>
Cc: Brian Somers <brian@FreeBSD.org>, freebsd-gnats-submit@FreeBSD.org
Subject: Re: kern/4119 
Date: Mon, 03 Nov 1997 00:52:21 +0000

 > On Sat, 4 Oct 1997, Brian Somers wrote:
 > 
 > Hi,
 > sorry for delay.
 > > Synopsis: can't connect to Win NT 4.0 RAS using MS CHAP  and CBCP
 > > 
 > > State-Changed-From-To: open->feedback
 > > State-Changed-By: brian
 > > State-Changed-When: Sat Oct 4 18:36:39 PDT 1997
 > > State-Changed-Why: 
 > > Can we re-test this.  Peter recently brought ppp up to 2.3.1.
 > > 
 > I already worked with it on 2.2-STABLE, but with old kernel driver.
 > only pppd was new. It's now in -current, but what about -stable ?
 
 Unfortunately, it's not in -stable.
 
 > > 
 > > Responsible-Changed-From-To: freebsd-bugs->brian
 > > Responsible-Changed-By: brian
 > > Responsible-Changed-When: Sat Oct 4 18:36:39 PDT 1997
 > > Responsible-Changed-Why: 
 > > This should be no problem to fix - we've got it working in
 > > ppp :-)
 > Also only in -current.
 
 Yep - but you can ``upgrade'' from http://www.freebsd.org/~brian if 
 you want to try ppp.
 
 > Yes, but you have no cbcp. I also run ppp with natd in ppp.linkup.
 
 Oh, I never noticed the "cbcp" bit.  I don't know what it is :-/
 
 > but when I quit ppp I also kill natd in ppp.linkdown and this crashes
 > my Xserver. Any clues ?
 
 You could try using the -alias switch to ppp and doing away with natd?
 I'm not sure what's causing the crash, but natd and the -alias switch 
 both use the same libalias library to do the IP translations.
 
 > --Yuri.
 > 
 > 
 
 -- 
 Brian <brian@Awfulhak.org>, <brian@FreeBSD.org>, <bri@OpenBSD.org>
       <http://www.Awfulhak.org>
 Don't _EVER_ lose your sense of humour....
 
 
State-Changed-From-To: feedback->closed 
State-Changed-By: phk 
State-Changed-When: Tue Apr 14 12:19:53 PDT 1998 
State-Changed-Why:  
timed out 
>Unformatted:
