I know that this specific case is not slack related but for some reason here at the slackers "Channel" I get better response than in other forum branches.
I'm a slacker for life but on the new job they use mandriva
and because mainly of pam I won't migrate.
Here is the thing:
I have a POPTOP server that grants access to a OPENVPN to the windows clients and works like a charm, the whole idea is to get the windows clients throught the openVPN transparently authenticating against an AD using ntlm_auth to warranty that only the ones that belong to a specifig group will get there.
Now I need to hook at least one linux machine to that setup and is driving me bananas.
The box is running Mandriva 2006, the pppd version is 2.4.3, the kernel is the 2.6.12-22mdksmp (it has the ppp_mppe_mppc, module compiled and loaded).
Now on the /etc/peers/$tunnel,(being $tunnel the actual file for the pptp connection), I have this:
name $DOMAIN\\$USERNAME remotename PPTP file /etc/ppp/options.pptp
The variables on the actual file are replaced buy the ones I'm using and the $USER does belong to the allowed group.
on the options.pptp I have this:
lock noauth nobsdcomp nodeflate mppe required,stateless refuse-eap refuse-pap refuse-chap lo-echo-failure 10 lo-echo-interval 10 persist maxfail 0 ipparam set-default-route
On the /etc/ppp/chap-secrets I have this:
$DOMAIN\\$USERNAME $PPTP_SERVER_NAME $PASSWORD *
Now when I fire the
, I get this:
Connect: ppp0 <--> /dev/pts/4 Script pptp dtas-vpn.icdc.com --nolaunchpppd finished (pid 1773, status = 0x0 sent [LCP ConfReq id=0x5 <asyncmap 0x0> <magic 0x1fe0a2a0> <pcomp> <accomp>] rcvd [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <auth chap MD5> <magic 0xa4642498> <pcomp> <accomp>] No auth is possible sent [LCP ConfRej id=0x1 <auth chap MD5>] rcvd [LCP ConfAck id=0x5 <asyncmap 0x0> <magic 0x1fe0a2a0> <pcomp> <accomp>] rcvd [LCP ConfReq id=0x2 <mru 1450> <asyncmap 0x0> <magic 0xa4642498> <pcomp> <accomp>] sent [LCP ConfAck id=0x2 <mru 1450> <asyncmap 0x0> <magic 0xa4642498> <pcomp> <accomp>] sent [LCP EchoReq id=0x0 magic=0x1fe0a2a0] MPPE required, but MS-CHAP[v2] auth not performed. sent [LCP TermReq id=0x6 "MPPE required but not available"] rcvd [LCP EchoReq id=0x0 magic=0xa4642498] rcvd [LCP TermReq id=0x3 "peer refused to authenticate"] sent [LCP TermAck id=0x3] rcvd [LCP TermAck id=0x6] Connection terminated.
I tried seting refuse-mschap to try to force the mschap-v2, even addedd the +mschap-v2 on the options.pptp as well and get nowhere.