This is the README file for ppp-2.4, a package which implements the
Point-to-Point Protocol (PPP) to provide Internet connections over
serial lines.


Introduction.
*************

The Point-to-Point Protocol (PPP) provides a standard way to establish
a network connection over a serial link.  At present, this package
supports IP and the protocols layered above IP, such as TCP and UDP.
The Linux and Solaris ports of this package have optional support for
IPV6; the Linux port of this package also has support for IPX.

This software consists of two parts:

- Kernel code, which establishes a network interface and passes
packets between the serial port, the kernel networking code and the
PPP daemon (pppd).  This code is implemented using STREAMS modules on
Solaris, and as a line discipline under Linux.

- The PPP daemon (pppd), which negotiates with the peer to establish
the link and sets up the ppp network interface.  Pppd includes support
for authentication, so you can control which other systems may make a
PPP connection and what IP addresses they may use.

The platforms supported by this package are Linux and Solaris.  I have
code for NeXTStep, FreeBSD, SunOS 4.x, SVR4, Tru64 (Digital Unix), AIX
and Ultrix but no active maintainers for these platforms.  Code for
all of these except AIX is included in the ppp-2.3.11 release.


Installation.
*************

The file SETUP contains general information about setting up your
system for using PPP.  There is also a README file for each supported
system, which contains more specific details for installing PPP on
that system.  The supported systems, and the corresponding README
files, are:

	Linux				README.linux
	Solaris				README.sol2

In each case you start by running the ./configure script.  This works
out which operating system you are using and creates the appropriate
makefiles.  You then run `make' to compile the user-level code, and
(as root) `make install' to install the user-level programs pppd, chat
and pppstats.

N.B. Since 2.3.0, leaving the permitted IP addresses column of the
pap-secrets or chap-secrets file empty means that no addresses are
permitted.  You need to put a "*" in that column to allow the peer to
use any IP address.  (This only applies where the peer is
authenticating itself to you, of course.)


What's new in ppp-2.4.4.
************************

* Pppd will now run /etc/ppp/ip-pre-up, if it exists, after creating
  the ppp interface and configuring its IP addresses but before
  bringing it up.  This can be used, for example, for adding firewall
  rules for the interface.

* Lots of bugs fixed, particularly in the area of demand-dialled and
  persistent connections.

* The rp-pppoe plugin now accepts any interface name (that isn't an
  existing pppd option name) without putting "nic-" on the front of
  it, not just eth*, nas*, tap* and br*.


What was new in ppp-2.4.3.
**************************

* The configure script now accepts --prefix and --sysconfdir options.
  These default to /usr/local and /etc.  If you want pppd put in
  /usr/sbin as before, use ./configure --prefix=/usr.

* Doing `make install' no longer puts example configuration files in
  /etc/ppp.  Use `make install-etcppp' if you want that.

* The code has been updated to work with version 0.8.3 of libpcap.
  Unfortunately the libpcap maintainers removed support for the
  "inbound" and "outbound" keywords on PPP links, meaning that if you
  link pppd with libpcap-0.8.3, you can't use those keywords in the
  active-filter and pass-filter expressions.  The support has been
  reinstated in the CVS version and should be in future libpcap
  releases.  If you need the in/outbound keywords, use a later release
  than 0.8.3, or get the CVS version from http://www.tcpdump.org.

* There is a new option, child-timeout, which sets the length of time
  that pppd will wait for child processes (such as the command
  specified with the pty option) to exit before exiting itself.  It
  defaults to 5 seconds.  After the timeout, pppd will send a SIGTERM
  to any remaining child processes and exit.  A value of 0 means no
  timeout.

* Various bugs have been fixed, including some CBCP packet parsing
  bugs that could lead to the peer being able to crash pppd if CBCP
  support is enabled.

* Various fixes and enhancements to the radius and rp-pppoe plugins
  have been added.

* There is a new winbind plugin, from Andrew Bartlet of the Samba
  team, which provides the ability to authenticate the peer against an
  NT domain controller using MS-CHAP or MS-CHAPV2.

* There is a new pppoatm plugin, by various authors, sent in by David
  Woodhouse.

* The multilink code has been substantially reworked.  The first pppd
  for a bundle still controls the ppp interface, but it doesn't exit
  until all the links in the bundle have terminated.  If the first
  pppd is signalled to exit, it signals all the other pppds
  controlling links in the bundle.

* The TDB code has been updated to the latest version.  This should
  eliminate the problem that some people have seen where the database
  file (/var/run/pppd.tdb) keeps on growing.  Unfortunately, however,
  the new code uses an incompatible database format.  For this reason,
  pppd now uses /var/run/pppd2.tdb as the database filename.


What was new in ppp-2.4.2.
**************************

* The CHAP code has been rewritten.  Pppd now has support for MS-CHAP
  V1 and V2 authentication, both as server and client.  The new CHAP
  code is cleaner than the old code and avoids some copyright problems
  that existed in the old code.

* MPPE (Microsoft Point-to-Point Encryption) support has been added,
  although the current implementation shouldn't be considered
  completely secure.  (There is no assurance that the current code
  won't ever transmit an unencrypted packet.)

* James Carlson's implementation of the Extensible Authentication
  Protocol (EAP) has been added.

* Support for the Encryption Control Protocol (ECP) has been added.

* Some new plug-ins have been included:
  - A plug-in for kernel-mode PPPoE (PPP over Ethernet)
  - A plug-in for supplying the PAP password over a pipe from another
    process
  - A plug-in for authenticating using a Radius server.

* Updates and bug-fixes for the Solaris port.

* The CBCP (Call Back Control Protocol) code has been updated.  There
  are new options `remotenumber' and `allow-number'.

* Extra hooks for plugins to use have been added.

* There is now a `maxoctets' option, which causes pppd to terminate
  the link once the number of bytes passed on the link exceeds a given
  value.

* There are now options to control whether pppd can use the IPCP
  IP-Address and IP-Addresses options: `ipcp-no-address' and
  `ipcp-no-addresses'.

* Fixed several bugs, including potential buffer overflows in chat.


What was new in ppp-2.4.1.
**************************

* Pppd can now print out the set of options that are in effect.  The
  new `dump' option causes pppd to print out the option values after
  option parsing is complete.  The `dryrun' option causes pppd to
  print the options and then exit.

* The option parsing code has been fixed so that options in the
  per-tty options file are parsed correctly, and don't override values
  from the command line in most cases.

* The plugin option now looks in /usr/lib/pppd/<pppd-version> (for
  example, /usr/lib/pppd/2.4.1b1) for shared objects for plugins if
  there is no slash in the plugin name.

* When loading a plugin, pppd will now check the version of pppd for
  which the plugin was compiled, and refuse to load it if it is
  different to pppd's version string.  To enable this, the plugin
  source needs to #include "pppd.h" and have a line saying:
	char pppd_version[] = VERSION;

* There is a bug in zlib, discovered by James Carlson, which can cause
  kernel memory corruption if Deflate is used with the lowest setting,
  8.  As a workaround pppd will now insist on using at least 9.

* Pppd should compile on Solaris and SunOS again.

* Pppd should now set the MTU correctly on demand-dialled interfaces.


What was new in ppp-2.4.0.
**************************

* Multilink: this package now allows you to combine multiple serial
  links into one logical link or `bundle', for increased bandwidth and
  reduced latency.  This is currently only supported under the
  2.4.x and later Linux kernels.

* All the pppd processes running on a system now write information
  into a common database.  I used the `tdb' code from samba for this.

* New hooks have been added.

For a list of the changes made during the 2.3 series releases of this
package, see the Changes-2.3 file.


Compression methods.
********************

This package supports two packet compression methods: Deflate and
BSD-Compress.  Other compression methods which are in common use
include Predictor, LZS, and MPPC.  These methods are not supported for
two reasons - they are patent-encumbered, and they cause some packets
to expand slightly, which pppd doesn't currently allow for.
BSD-Compress and Deflate (which uses the same algorithm as gzip) don't
ever expand packets.


Patents.
********

The BSD-Compress algorithm used for packet compression is the same as
that used in the Unix "compress" command.  It was apparently covered
by U.S. patents 4,814,746 (owned by IBM) and 4,558,302 (owned by
Unisys), and corresponding patents in various other countries (but not
Australia).  Apparently the Unisys patent expired in the US on 20 June
2003, but the IBM patent is still pending.

If these patents are of concern in your situation, you can build the
package without including BSD-Compress.  To do this, edit
net/ppp-comp.h to change the definition of DO_BSD_COMPRESS to 0.  The
bsd-comp.c files are then no longer needed, so the references to
bsd-comp.o may optionally be removed from the Makefiles.


Contacts.
*********

The comp.protocols.ppp newsgroup is a useful place to get help if you
have trouble getting your ppp connections to work.  Please do not send
me questions of the form "please help me get connected to my ISP" -
I'm sorry, but I simply do not have the time to answer all the
questions like this that I get.

If you find bugs in this package, please report them to the maintainer
for the port for the operating system you are using:

Linux			Paul Mackerras <paulus@samba.org>
Solaris			James Carlson <carlson@workingcode.com>


Copyrights:
***********

All of the code can be freely used and redistributed.  The individual
source files each have their own copyright and permission notice.
Pppd, pppstats and pppdump are under BSD-style notices.  Some of the
pppd plugins are GPL'd.  Chat is public domain.


Distribution:
*************

The primary site for releases of this software is:

	ftp://ftp.samba.org/pub/ppp/


(Id: README,v 1.37 2006/05/29 23:51:29 paulus Exp)

	     Microsoft Call Back Configuration Protocol.
			by Pedro Roque Marques
			(updated by Paul Mackerras)

The CBCP is a method by which the Microsoft Windows NT Server may
implement additional security. It is possible to configure the server
in such a manner so as to require that the client systems which
connect with it are required that following a valid authentication to
leave a method by which the number may be returned call.

It is a requirement of servers to be so configured that the protocol be
exchanged.

So, this set of patches may be applied to the pppd process to enable
the cbcp client *only* portion of the specification. It is primarily
meant to permit connection with Windows NT Servers.

The ietf-working specification may be obtained from ftp.microsoft.com
in the developr/rfc directory.

The ietf task group has decided to recommend that the LCP sequence be
extended to permit the callback operation. For this reason, these
patches are not 'part' of pppd but are an adjunct to the code.

To enable CBCP support, all that is required is to uncomment the line
in Makefile.linux that sets CBCP=y and recompile pppd.

I use such script to make a callback:

pppd debug nodetach /dev/modem 115200 crtscts modem	\
callback 222222 name NAME remotename SERVER	\
connect 'chat -v "" atz OK atdt111111 CONNECT ""'
sleep 1
pppd debug /dev/modem 115200 crtscts modem	\
name NAME remotename SERVER defaultroute	\
connect 'chat -v RING ATA CONNECT "\c"'

First we invoke pppd with 'nodetach' option in order to not detach from
the controlling terminal and 'callback NUMBER' option, then wait for
1 second and invoke pppd again which waits for a callback (RING) and
then answers (ATA). Number 222222 is a callback number, i.e. server will
call us back at this number, while number 111111 is the number we are
calling to.

You have to put in /etc/ppp/chap-secrets the following two lines:

NAME SERVER PASSWORD
SERVER NAME PASSWORD

You have to use your real login name, remote server name and password.

EAP with MD5-Challenge and SRP-SHA1 support
by James Carlson, Sun Microsystems
Version 2, September 22nd, 2002


1.  What it does

    The Extensible Authentication Protocol (EAP; RFC 2284) is a
    security protocol that can be used with PPP.  It provides a means
    to plug in multiple optional authentication methods.

    This implementation includes the required default MD5-Challenge
    method, which is similar to CHAP (RFC 1994), as well as the new
    SRP-SHA1 method.  This latter method relies on an exchange that is
    not vulnerable to dictionary attacks (as is CHAP), does not
    require the server to keep a cleartext copy of the secret (as in
    CHAP), supports identity privacy, and produces a temporary shared
    key that could be used for data encryption.

    The SRP-SHA1 method is based on draft-ietf-pppext-eap-srp-03.txt,
    a work in progress.

2.  Required libraries

    Two other packages are required first.  Download and install
    OpenSSL and Thomas Wu's SRP implementation.

	http://www.openssl.org/ (or ftp://ftp.openssl.org/source/)
	http://srp.stanford.edu/

    Follow the directions in each package to install the SSL and SRP
    libraries.  Once SRP is installed, you may run tconf as root to
    create known fields, if desired.  (This step is not required.)

3.  Installing the patch

    The EAP-SRP patch described here is integrated into this version
    of pppd.  The following patch may be used with older pppd sources:

	ftp://playground.sun.com/carlsonj/eap/ppp-2.4.1-eap-1.tar.gz

    Configure, compile, and install as root.  You may want to edit
    pppd/Makefile after configuring to enable or disable optional
    features.

	% ./configure
	% make
	% su
	# make install

    If you use csh or tcsh, run "rehash" to pick up the new commands.

    If you're using Solaris, and you run into trouble with the
    pseudonym feature on the server side ("no DES here" shows in the
    log file), make sure that you have the "domestic" versions of the
    DES libraries linked.  You should see "crypt_d" in "ldd
    /usr/local/bin/pppd".  If you see "crypt_i" instead, then make
    sure that /usr/lib/libcrypt.* links to /usr/lib/libcrypt_d.*.  (If
    you have the international version of Solaris, then you won't have
    crypt_d.  You might want to find an alternative DES library.)

4.  Adding the secrets

    On the EAP SRP-SHA1 client side, access to the cleartext secret is
    required.  This can be done in two ways:

	- Enter the client name, server name, and password in the
          /etc/ppp/srp-secrets file.  This file has the same format as
          the existing chap-secrets and pap-secrets files.

	  clientname servername "secret here"

	- Use the "password" option in any of the standard
          configuration files (or the command line) to specify the
          secret.

	  password "secret here"

    On the EAP SRP-SHA1 server side, a secret verifier is required.
    This is a one-way hash of the client's name and password.  To
    generate this value, run the srp-entry program (see srp-entry(8)).
    This program prompts for the client name and the passphrase (the
    secret).  The output will be an entry, such as the following,
    suitable for use in the server's srp-secrets file.  Note that if
    this is transferred by cut-and-paste, the entry must be a single
    line of text in the file.

pppuser srpserver 0:LFDpwg4HBLi4/kWByzbZpW6pE95/iIWBSt7L.DAkHsvwQphtiq0f6reoUy/1LC1qYqjcrV97lCDmQHQd4KIACGgtkhttLdP3KMowvS0wLXLo25FPJeG2sMAUEWu/HlJPn2/gHyh9aT.ZxUs5MsoQ1E61sJkVBc.2qze1CdZiQGTK3qtWRP6DOpM1bfhKtPoVm.g.MiCcTMWzc54xJUIA0mgKtpthE3JrqCc81cXUt4DYi5yBzeeGTqrI0z2/Gj8Jp7pS4Fkq3GmnYjMxnKfQorFXNwl3m7JSaPa8Gj9/BqnorJOsnSMlIhBe6dy4CYytuTbNb4Wv/nFkmSThK782V:2cIyMp1yKslQgE *

    The "secret" field consists of three entries separated by colons.
    The first entry is the index of the modulus and generator from
    SRP's /etc/tpasswd.conf.  If the special value 0 is used, then the
    well-known modulus/generator value is used (this is recommended,
    because it is much faster).  The second value is the verifier
    value.  The third is the password "salt."  These latter two values
    are encoded in base64 notation.

    For EAP MD5-Challenge, both client and server use the existing
    /etc/ppp/chap-secrets file.

5.  Configuration options

    There are two main options relating to EAP available for the
    client.  These are:

	refuse-eap		- refuse to authenticate with EAP
	srp-use-pseudonym	- use the identity privacy if
				  offered by server

    The second option stores a pseudonym, if offered by the EAP
    SRP-SHA1 server, in the $HOME/.ppp_pseudonym file.  The pseudonym
    is typically an encrypted version of the client identity.  During
    EAP start-up, the pseudonym stored in this file is offered to the
    peer as the identity.  If this is accepted by the peer, then
    eavesdroppers will be unable to determine the identity of the
    client.  Each time the client is authenticated, the server will
    offer a new pseudoname to the client using an obscured (reversibly
    encrypted) message.  Thus, access across successive sessions
    cannot be tracked.

    There are two main options for EAP on the server:

	require-eap		- require client to use EAP
	srp-pn-secret "string"	- set server's pseudoname secret

    The second option sets the long-term secret used on the server to
    encrypt the user's identity to produce pseudonames.  The
    pseudoname is constructed by hashing this string with the current
    date (to the nearest day) with SHA1, then using this hash as the
    key for a DES encryption of the client's name.  The date is added
    to the hash for two reasons.  First, this allows the pseudonym to
    change daily.  Second, it allows the server to decode any previous
    pseudonym by trying previous dates.

    See the pppd(8) man page for additional options.

6.  Comments welcome!

    This is still an experimental implementation.  It has been tested
    and reviewed carefully for correctness, but may still be
    incomplete or have other flaws.  All comments are welcome.  Please
    address them to the author:

		james.d.carlson@sun.com

    or, for EAP itself or the SRP extensions to EAP, to the IETF PPP
    Extensions working group:

		ietf-ppp@merit.edu

PPP Support for MPPE (Microsoft Point to Point Encryption)
==========================================================

Frank Cusack		frank@google.com
Mar 19, 2002


DISCUSSION

MPPE is Microsoft's encryption scheme for PPP links.  It is pretty much
solely intended for use with PPP over Internet links -- if you have a true
point to point link you have little need for encryption.  It is generally
used with PPTP.

MPPE is negotiated within CCP (Compression Control Protocol) as option
18.  In order for MPPE to work, both peers must agree to do it.  This
complicates things enough that I chose to implement it as strictly a binary
option, off by default.  If you turn it on, all other compression options
are disabled and MPPE *must* be negotiated successfully in both directions
(CCP is unidirectional) or the link will be disconnected.  I think this is
reasonable since, if you want encryption, you want encryption.  That is,
I am not convinced that optional encryption is useful.

While PPP regards MPPE as a "compressor", it actually expands every frame
by 4 bytes, the MPPE overhead (encapsulation).

Because of the data expansion, you'll see that ppp interfaces get their
mtu reduced by 4 bytes whenever MPPE is negotiated.  This is because
when MPPE is active, it is *required* that *every* packet be encrypted.
PPPD sets the mtu = MIN(peer mru, configured mtu).  To ensure that
MPPE frames are not larger than the peer's mru, we reduce the mtu by 4
bytes so that the network layer never sends ppp a packet that's too large.

There is an option to compress the data before encrypting (MPPC), however
the algorithm is patented and requires execution of a license with Hifn.
MPPC as an RFC is a complete farce.  I have no further details on MPPC.

Some recommendations:

- Use stateless mode.  Stateful mode is disabled by default.  Unfortunately,
  stateless mode is very expensive as the peers must rekey for every packet.
- Use 128-bit encryption.
- Use MS-CHAPv2 only.

Reference documents:

    <http://www.ietf.org/rfc/rfc3078.txt> MPPE
    <http://www.ietf.org/rfc/rfc3079.txt> MPPE Key Derivation
    <http://www.ietf.org/rfc/rfc2118.txt> MPPC
    <http://www.ietf.org/rfc/rfc2637.txt> PPTP
    <http://www.ietf.org/rfc/rfc2548.txt> MS RADIUS Attributes

You might be interested in PoPToP, a Linux PPTP server.  You can find it at
<http://www.poptop.org/>

RADIUS support for MPPE is from Ralf Hofmann, <ralf.hofmann@elvido.net>.


BUILDING THE PPPD

The userland component of PPPD has no additional requirements above
those for MS-CHAP and MS-CHAPv2.  The kernel, however, requires SHA-1
and ARCFOUR.  Public domain implementations of these are provided.

Until such time as MPPE support ships with kernels, you can use
the Linux 2.2 or 2.4 implementation that comes with PPPD.  Run the
ppp/linux/mppe/mppeinstall.sh script, giving it the location to your
kernel source.  Then add the CONFIG_PPP_MPPE option to your config and
rebuild the kernel.  The ppp_mppe.o module is added, and the ppp.o module
(2.2) or ppp_generic.o (2.4) is modified (unfortunately).  You'll need
the new ppp.o/ppp_generic.o since it does the right thing for the 4
extra bytes problem discussed above.


CONFIGURATION

See pppd(8) for the MPPE options.  Under Linux, if your modutils is earlier
than 2.4.15, you will need to add

    alias ppp-compress-18 ppp_mppe

to /etc/modules.conf.  (A patch for earlier versions of modutils is included
with the kernel patches.)

PPP Support for Microsoft's CHAP-80
===================================

Eric Rosenquist          rosenqui@strataware.com
(updated by Paul Mackerras)
(updated by Al Longyear)
(updated by Farrell Woods)
(updated by Frank Cusack)

INTRODUCTION

Microsoft has introduced an extension to the Challenge/Handshake
Authentication Protocol (CHAP) which avoids storing cleartext
passwords on a server.  (Unfortunately, this is not as secure as it
sounds, because the encrypted password stored on a server can be used
by a bogus client to gain access to the server just as easily as if
the password were stored in cleartext.)  The details of the Microsoft
extensions can be found in the document:

    <http://www.ietf.org/rfc/rfc2433.txt>

In short, MS-CHAP is identified as <auth chap 80> since the hex value
of 80 is used to designate Microsoft's scheme.  Standard PPP CHAP uses
a value of 5.  If you enable PPP debugging with the "debug" option and
see something like the following in your logs, the remote server is
requesting MS-CHAP:

  rcvd [LCP ConfReq id=0x2 <asyncmap 0x0> <auth chap 80> <magic 0x46a3>]
                                           ^^^^^^^^^^^^

The standard pppd implementation will indicate its lack of support for
MS-CHAP by NAKing it:

  sent [LCP ConfNak id=0x2 <auth chap 05>]

Windows NT Server systems are often configured to "Accept only
Microsoft Authentication" (this is intended to enhance security).  Up
until now, that meant that you couldn't use this version of PPPD to
connect to such a system.


BUILDING THE PPPD

MS-CHAP uses a combination of MD4 hashing and DES encryption for
authentication.  You may need to get Eric Young's libdes library in
order to use my MS-CHAP extensions.  A lot of UNIX systems already
have DES encryption available via the crypt(3), encrypt(3) and
setkey(3) interfaces.  Some may (such as that on Digital UNIX)
provide only the encryption mechanism and will not perform
decryption.  This is okay.  We only need to encrypt to perform
MS-CHAP authentication.

If you have encrypt/setkey available, then hopefully you need only
define these two things in your Makefile: -DUSE_CRYPT and -DCHAPMS.
Skip the paragraphs below about obtaining and building libdes.  Do
the "make clean" and "make" as described below.  Linux users
should not need to modify their Makefiles.  Instead,
just do "make CHAPMS=1 USE_CRYPT=1".

If you don't have encrypt and setkey, you will need Eric Young's
libdes library.  You can find it in:

ftp://ftp.funet.fi/pub/crypt/mirrors/ftp.psy.uq.oz.au/DES/libdes-3.06.tar.gz

Australian residents can get libdes from Eric Young's site:

ftp://ftp.psy.uq.oz.au/pub/Crypto/DES/libdes-3.06.tar.gz

It is also available on many other sites (ask Archie).

I used libdes-3.06, but hopefully anything newer than that will work
also.  Get the library, build and test it on your system, and install
it somewhere (typically /usr/local/lib and /usr/local/include).



You should now be ready to (re)compile the PPPD.  Go to the pppd
subdirectory and make sure the Makefile contains "-DCHAPMS" in the
CFLAGS or COMPILE_FLAGS macro, and that the LIBS macro (or LDADD for
BSD systems) contains "-ldes".  Depending on your system and where the
DES library was installed, you may also need to alter the include and
library paths used by your compiler.

Do a "make clean" and then a "make" to rebuild pppd.  Assuming all
goes well, install the new pppd and move on to the CONFIGURATION
section.


CONFIGURATION

If you've never used PPPD with CHAP before, read the man page (type
"man pppd") and read the description in there.  Basically, you need to
edit the "chap-secrets" file typically named /etc/ppp/chap-secrets.
This should contain the following two lines for each system with which
you use CHAP (with no leading blanks):

    RemoteHost  Account     Secret
    Account     RemoteHost  Secret

Note that you need both lines and that item 1 and 2 are swapped in the
second line.  I'm not sure why you need it twice, but it works and I didn't
have time to look into it further.  The "RemoteHost" is a somewhat
arbitrary name for the remote Windows NT system you're dialing.  It doesn't
have to match the NT system's name, but it *does* have to match what you
use with the "remotename" parameter.  The "Account" is the Windows NT
account name you have been told to use when dialing, and the "Secret" is
the password for that account.  For example, if your service provider calls
their machine "DialupNT" and tells you your account and password are
"customer47" and "foobar", add the following to your chap-secrets file:

    DialupNT    customer47  foobar
    customer47  DialupNT    foobar

The only other thing you need to do for MS-CHAP (compared to normal CHAP)
is to always use the "remotename" option, either on the command line or in
your "options" file (see the pppd man page for details).  In the case of
the above example, you would need to use the following command line:

    pppd name customer47 remotename DialupNT <other options>

or add:

    name customer47
    remotename DialupNT

to your PPPD "options" file.

The "remotename" option is required for MS-CHAP since Microsoft PPP servers
don't send their system name in the CHAP challenge packet.


E=691 (AUTHENTICATION_FAILURE) ERRORS WHEN YOU HAVE THE VALID SECRET (PASSWORD)

If your RAS server is not the domain controller and is not a 'stand-alone'
server then it must make a query to the domain controller for your domain.

You need to specify the domain name with the user name when you attempt to
use this type of a configuration. The domain name is specified with the
local name in the chap-secrets file and with the option for the 'name'
parameter.

For example, the previous example would become:

    DialupNT            domain\\customer47   foobar
    domain\\customer47  DialupNT             foobar

and

    pppd name 'domain\\customer47' remotename DialupNT <other options>

or add:

    name domain\\customer47
    remotename DialupNT

when the Windows NT domain name is simply called 'domain'.


TROUBLESHOOTING

Assuming that everything else has been configured correctly for PPP and
CHAP, the MS-CHAP-specific problems you're likely to encounter are mostly
related to your Windows NT account and its settings.  A Microsoft server
returns error codes in its CHAP response.  The following are extracted from
RFC 2433:

 646 ERROR_RESTRICTED_LOGON_HOURS
 647 ERROR_ACCT_DISABLED
 648 ERROR_PASSWD_EXPIRED
 649 ERROR_NO_DIALIN_PERMISSION
 691 ERROR_AUTHENTICATION_FAILURE
 709 ERROR_CHANGING_PASSWORD

You'll see these in your pppd log as a line similar to:

   Remote message: E=649 R=0

The "E=" is the error number from the table above, and the "R=" flag
indicates whether the error is transient and the client should retry.  If
you consistently get error 691, then either you're using the wrong account
name/password, or the DES library or MD4 hashing (in md4.c) aren't working
properly.  Verify your account name and password (use a Windows NT or
Windows 95 system to dial-in if you have one available).  If that checks
out, test the DES library with the "destest" program included with the DES
library.  If DES checks out, the md4.c routines are probably failing
(system byte ordering may be a problem) or my code is screwing up.  I've
only got access to a Linux system, so you're on your own for anything else.

Another thing that might cause problems is that some RAS servers won't
respond at all to LCP config requests without seeing the word "CLIENT"
from the other end.  If you see pppd sending out LCP config requests
without getting any reply, try putting something in your chat script
to send the word CLIENT after the modem has connected.

STILL TO DO

A site using only MS-CHAP to authenticate has no need to store cleartext
passwords in the "chap-secrets" file.  A utility that spits out the ASCII
hex MD4 hash of a given password would be nice, and would allow that hash
to be used in chap-secrets in place of the password.  The code to do this
could quite easily be lifted from chap_ms.c (you have to convert the
password to Unicode before hashing it).  The chap_ms.c file would also have
to be changed to recognize a password hash (16 binary bytes == 32 ASCII hex
characters) and skip the hashing stage.  This would have no real security
value as the hash is plaintext-equivalent.

PPP Support for Microsoft's CHAP-81
===================================

Frank Cusack		frank@google.com

Some text verbatim from README.MSCHAP80,
by Eric Rosenquist, rosenqui@strataware.com

INTRODUCTION

First, please read README.MSCHAP80; almost everything there applies here.
MS-CHAP was basically devised by Microsoft because rather than store
plaintext passwords, they (Microsoft) store the md4 hash of passwords.
It provides no advantage over standard CHAP, since the hash is used
as plaintext-equivalent.  (Well, the Change-Password packet is arguably
an advantage.)  It does introduce a significant weakness if the LM hash
is used.  Additionally, the format of the failure packet potentially
gives information to an attacker.  The weakness of the LM hash is partly
addressed in RFC 2433, which deprecates its use.

MS-CHAPv2 adds 2 benefits to MS-CHAP.  (1) The LM hash is no longer
used.  (2) Mutual authentication is required.  Note that the mutual
authentication in MS-CHAPv2 is different than the case where both PPP
peers require authentication from the other; the former proves that
the server has access to the client's password, the latter proves that
the server has access to a secret which the client also has -- which
may or may not be the same as the client's password (but should not be
the same, per RFC 1994).  Whether this provides any actual benefit is
outside the scope of this document.  The details of MS-CHAPv2 can be
found in the document:

    <http://www.ietf.org/rfc/rfc2759.txt>


BUILDING THE PPPD

In addition to the requirements for MS-CHAP, MS-CHAPv2 uses the SHA-1
hash algorithm.  A public domain implementation is provided with pppd.


TROUBLESHOOTING

Assuming that everything else has been configured correctly for PPP and
CHAP, the MS-CHAPv2-specific problems you're likely to encounter are mostly
related to your Windows NT account and its settings.  A Microsoft server
returns error codes in its CHAP response.  The following are extracted from
RFC 2759:

 646 ERROR_RESTRICTED_LOGON_HOURS
 647 ERROR_ACCT_DISABLED
 648 ERROR_PASSWD_EXPIRED
 649 ERROR_NO_DIALIN_PERMISSION
 691 ERROR_AUTHENTICATION_FAILURE
 709 ERROR_CHANGING_PASSWORD

You'll see these in your pppd log as a line similar to:

   Remote message: E=649 No dialin permission

Previously, pppd would log this as:

   Remote message: E=649 R=0

Now, the text message is logged (both for MS-CHAP and MS-CHAPv2).

	Support to pass the password via a pipe to the pppd
	---------------------------------------------------

	Arvin Schnell <arvin@suse.de>
	2002-02-08


1. Introduction
---------------

Normally programs like wvdial or kppp read the online password from their
config file and store them in the pap- and chap-secrets before they start the
pppd and remove them afterwards. Sure they need special privileges to do so.

The passwordfd feature offers a simpler and more secure solution. The program
that starts the pppd opens a pipe and writes the password into it. The pppd
simply reads the password from that pipe.

This methods is used for quiet a while on SuSE Linux by the programs wvdial,
kppp and smpppd.


2. Example
----------

Here is a short C program that uses the passwordfd feature. It starts the pppd
to buildup a pppoe connection.


--snip--

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <signal.h>
#include <string.h>
#include <paths.h>

#ifndef _PATH_PPPD
#define _PATH_PPPD "/usr/sbin/pppd"
#endif


// Of course these values can be read from a configuration file or
// entered in a graphical dialog.
char *device = "eth0";
char *username = "1122334455661122334455660001@t-online.de";
char *password = "hello";

pid_t pid = 0;


void
sigproc (int src)
{
    fprintf (stderr, "Sending signal %d to pid %d\n", src, pid);
    kill (pid, src);
    exit (EXIT_SUCCESS);
}


void
sigchild (int src)
{
    fprintf (stderr, "Daemon died\n");
    exit (EXIT_SUCCESS);
}


int
start_pppd ()
{
    signal (SIGINT, &sigproc);
    signal (SIGTERM, &sigproc);
    signal (SIGCHLD, &sigchild);

    pid = fork ();
    if (pid < 0) {
	fprintf (stderr, "unable to fork() for pppd: %m\n");
	return 0;
    }

    if (pid == 0) {

	int i, pppd_argc = 0;
	char *pppd_argv[20];
	char buffer[32] = "";
	int pppd_passwdfd[2];

	for (i = 0; i < 20; i++)
	    pppd_argv[i] = NULL;

	pppd_argv[pppd_argc++] = "pppd";

	pppd_argv[pppd_argc++] = "call";
	pppd_argv[pppd_argc++] = "pwfd-test";

	// The device must be after the call, since the call loads the plugin.
	pppd_argv[pppd_argc++] = device;

	pppd_argv[pppd_argc++] = "user";
	pppd_argv[pppd_argc++] = username;

	// Open a pipe to pass the password to pppd.
	if (pipe (pppd_passwdfd) == -1) {
	    fprintf (stderr, "pipe failed: %m\n");
	    exit (EXIT_FAILURE);
	}

	// Of course this only works it the password is shorter
	// than the pipe buffer. Otherwise you have to fork to
	// prevent that your main program blocks.
	write (pppd_passwdfd[1], password, strlen (password));
	close (pppd_passwdfd[1]);

	// Tell the pppd to read the password from the fd.
	pppd_argv[pppd_argc++] = "passwordfd";
	snprintf (buffer, 32, "%d", pppd_passwdfd[0]);
	pppd_argv[pppd_argc++] = buffer;

	if (execv (_PATH_PPPD, (char **) pppd_argv) < 0) {
	    fprintf (stderr, "cannot execl %s: %m\n", _PATH_PPPD);
	    exit (EXIT_FAILURE);
	}
    }

    pause ();

    return 1;
}


int
main (int argc, char **argv)
{
    if (start_pppd ())
	exit (EXIT_SUCCESS);

    exit (EXIT_FAILURE);
}

---snip---


Copy this file to /etc/ppp/peers/pwfd-test. The plugins can't be loaded on the
command line (unless you are root) since the plugin option is privileged.


---snip---

#
# PPPoE plugin for kernel 2.4
#
plugin pppoe.so

#
# This plugin enables us to pipe the password to pppd, thus we don't have
# to fiddle with pap-secrets and chap-secrets. The user is also passed
# on the command line.
#
plugin passwordfd.so

noauth
usepeerdns
defaultroute
hide-password
nodetach
nopcomp
novjccomp
noccp

---snip---

Indexes created Sat May 18 11:27:04 MDT 2024