pptp with userman authentication problem

polokus · May 22, 2006, 4:12pm

guys, just installed 2.9.24 + userman and i have this error on the log when trying to connect using pptp client on windows xp

00:21:46 pptp,info TCP connection established from 10.10.10.10 
00:21:46 pptp,ppp,info <pptp-0>: waiting for call... 
00:21:51 manager,debug,packet received Access-Request with id 6 from 127.0.0.1:1031 
00:21:51 manager,debug,packet     Signature = 0x82a4bf51c4efbf9d7f97bc110ed41a30 
00:21:51 manager,debug,packet     Service-Type = 2 
00:21:51 manager,debug,packet     Framed-Protocol = 1 
00:21:51 manager,debug,packet     NAS-Port = 28 
00:21:51 manager,debug,packet     NAS-Port-Type = 5 
00:21:51 manager,debug,packet     User-Name = "test01" 
00:21:51 manager,debug,packet     Calling-Station-Id = "10.10.10.10" 
00:21:51 manager,debug,packet     Called-Station-Id = "10.10.10.1" 
00:21:51 manager,debug,packet     MS-CHAP-Challenge = 0xe3bbafce3dc2c48a7a69128681bf2102 
00:21:51 manager,debug,packet     MS-CHAP2-Response = 0x0200e265bf077dbd5a0559751c681065 
00:21:51 manager,debug,packet       c3e20000000000000000e4742cfc1118 
00:21:51 manager,debug,packet       7ae4b0dc3d5e1e2c077ecec4abf87ba0 
00:21:51 manager,debug,packet       7458 
00:21:51 manager,debug,packet     NAS-Identifier = "MiKrOtIk" 
00:21:51 manager,debug,packet     NAS-IP-Address = 127.0.0.1 
00:21:51 manager,debug received remote request 6 code=Access-Request from 127.0.0.1:1031 
00:21:51 manager,debug sending Access-Reject to request 6 
00:21:51 manager,debug,packet sending Access-Reject with id 6 to 127.0.0.1:1031 
00:21:51 manager,debug,packet     Signature = 0xf11869659c3aebc883e65c18e271a26b 
00:21:51 manager,debug,packet     Reply-Message = "unknown authentication algorithm" 
00:21:51 manager,debug unknown authentication algorithm for user <test01> in authentication request 6, rejecting 
00:21:51 pptp,ppp,info <pptp-test01>: terminating... - user test01 authentication failed (6) 
00:21:51 pptp,ppp,info <pptp-test01>: disconnected

what i’m doing wrong here?

/tool user-manager user print 
Flags: X - disabled, A - active 
 0    subscriber=test-pptp-server username="test01" password="test01" uptime-limit=4w2d download-limit=104857600 upload-limit=26214400 
      last-seen=never credit-count=1 credit-left=1m credit-duration=1m credit-price=10
      credit-till-time=jan/01/1970 00:00:00 credit-time-added=1m

but with /ppp secret entries it worked well

/ ppp secret
add name="pptp-2" service=pptp caller-id="" password="pass" profile=profile-pptp local-address=0.0.0.0 \
    remote-address=0.0.0.0 routes="" limit-bytes-in=0 limit-bytes-out=0 comment="" disabled=no

any pointers will be appreciated

Thanks

uol-vnet · May 22, 2006, 6:09pm

I don’t know am i right or wrong but I have a confusion with the option " credit-till-time=jan/01/1970 00:00:00 credit"

How Can I fix it. I did try with system clock setting but date is ok there . Can anybody tell me what is dst option on system clock ?

subscriber=admin username=“monalisa” password=“1234” pool-name=“pppoe” last-seen=never credit-count=1
credit-left=4w2d credit-duration=4w2d credit-price=600 credit-till-time=jan/01/1970 00:00:00 credit-time-added=4w2d

uldis · May 23, 2006, 11:25am

When the user first logs in the credit-till-time will change to the time what is has left.

About the error message - User manager doesn’t support MSCHAP and MSCHPv2, it supports only PAP and CHAP.

uol-vnet · May 23, 2006, 10:17pm

First of all , I f I uninstall the 9.23 version of user manager and upload the new 9.24 packege and reboot the router then nothing heappens . I mean router doen’t show any package .I have tried so many times but it didn’t work .
After that I was trying with the older package and
I have activated PAP authentication in the client machine for my pppoe server . I can login into the pppoe server only if I have a secret into the pppoe profile but user manager doesn’t show any usage for that account . And if I add any customer from the web interface of user manager then I can’t even login into the user manager with the newly created customer login name. But if I create any user from the command line then I can login from the web interface. I don’t know what am I missing . I have ticked to use radius into the pppoe profile and also ticked to accept request from the radius . I have used the router local ip 10.0.0.1 and also with the public ip and the secret correctly and have also tried with the 127.0.0.1 IP. Then what am I missing . .

My pppoe server and the usermanager is running on the same machine . Then what the hell am I missing???

Can anybody please help me out to get it done ???

I will be waiting to hear from somebody ….

Thanks
Zubair

uol-vnet · May 23, 2006, 10:57pm

Now I am able to install the 9.24 package . But still user manager does not show any usage of a user …???
[admin@uol.com] > /tool user-manager user print
Flags: X - disabled, A - active
0 subscriber=admin username=“zubair” password=“1234” ip-address=10.1.0.10 pool-name=“pppoe” last-seen=never
credit-count=1 credit-left=4w2d credit-duration=4w2d credit-price=1800 credit-till-time=jan/01/1970 00:00:00
credit-time-added=4w2d

1 subscriber=admin username=“aliosha” password=“1234” last-seen=never credit-count=0 credit-left=0s credit-duration=0s
credit-price=0 credit-till-time=jan/01/1970 00:00:00 credit-time-added=0s
[admin@uol.com] >

I hope I have created user correctly …

miahac · May 24, 2006, 1:48pm

This fixed my problem. I just changed the settings in my pppoe server.

wilsonchua · September 20, 2006, 4:41am

Yup, by unchecking the mschap and mschap2, i was able to authenticate a pptp session from (radius) user-manager.

I am concerned tho as to the security ramifications, as PAP will be sending out the authentication details in plain text right? So anyone sniffing the network can see the authentication details, and then later on, use this to connect via the vpn to the internal net right?

bside · September 22, 2006, 10:22pm

Spent a couple of hours solving this issue. Now everything works. But i think it’s very bad that VPN connection goes without any encryption. Future versions of RouterOS should include user manager with MS-CHAP encryption.

airstream · September 27, 2006, 11:18pm

I agree, is there any plans for these protocols in future userman releases?

Geoff

uldis · September 28, 2006, 7:56am

Yes, we will add them, but in future. There are still lot of other things to do for the User Manager.

polokus · October 12, 2006, 4:47pm

Finally i was able to configure pptp with userman auth, is it possible to limit 1 user within 1 session using userman? because the value of ppp user profile property “only-one” is ignored when using RADIUS auth.

Thankyou