[MASOCH-L] Forçar autenticação PAP

Luiz Fernando Souza Machado lfsm10 at gmail.com
Mon Jan 30 17:19:43 BRST 2012


Hamilton

quem efetua a autenticação é um servidor seu através de algum túnel ?


Em 30 de janeiro de 2012 15:28, Bruno Cabral <bruno at openline.com.br>escreveu:

> Entao parece que o outro lado nao aceita PAP por padrao. Ja questionou o
> suporte deles? O que responderam?
>
> !3runo Cabrsl
> --
> Cursos e Consultoria BGP/OSPF
>
> > Date: Mon, 30 Jan 2012 13:24:11 -0200
> > From: hamilton at theforce.com.br
> > To: masoch-l at eng.registro.br
> > Subject: Re: [MASOCH-L] Forçar autenticação PAP
> >
> > Sim senhor, inclusive tive que modificar o /etc/ppp/pap-secrets, porém
> > quando utilizo o +pap o provedor recusa "peer refused to authenticate:
> > terminating link":
> >
> >
> > Jan  1 01:21:41 g100 pppd[3716]: Connect: ppp0 <--> /dev/ttyUSB0
> > Jan  1 01:21:42 g100 pppd[3716]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
> > <auth pap> <magic 0x2a15fe3c> <pcomp> <accomp>]
> > Jan  1 01:21:42 g100 pppd[3716]: rcvd [LCP ConfReq id=0x20 <asyncmap 0x0>
> > <auth chap MD5> <magic 0x9ec980f1> <pcomp> <accomp>]
> > Jan  1 01:21:42 g100 pppd[3716]: sent [LCP ConfNak id=0x20 <auth eap>]
> > Jan  1 01:21:42 g100 pppd[3716]: rcvd [LCP ConfRej id=0x1 <auth pap>]
> > Jan  1 01:21:42 g100 pppd[3716]: sent [LCP ConfReq id=0x2 <asyncmap 0x0>
> > <magic 0x2a15fe3c> <pcomp> <accomp>]
> > Jan  1 01:21:42 g100 pppd[3716]: rcvd [LCP ConfReq id=0x21 <asyncmap 0x0>
> > <auth chap MD5> <magic 0x9ec980f1> <pcomp> <accomp>]
> > Jan  1 01:21:42 g100 pppd[3716]: sent [LCP ConfNak id=0x21 <auth eap>]
> > Jan  1 01:21:42 g100 pppd[3716]: rcvd [LCP ConfAck id=0x2 <asyncmap 0x0>
> > <magic 0x2a15fe3c> <pcomp> <accomp>]
> > Jan  1 01:21:42 g100 pppd[3716]: rcvd [LCP ConfReq id=0x22 <asyncmap 0x0>
> > <auth chap MD5> <magic 0x9ec980f1> <pcomp> <accomp>]
> > Jan  1 01:21:42 g100 pppd[3716]: sent [LCP ConfNak id=0x22 <auth eap>]
> > Jan  1 01:21:42 g100 pppd[3716]: rcvd [LCP ConfReq id=0x23 <asyncmap 0x0>
> > <auth chap MD5> <magic 0x9ec980f1> <pcomp> <accomp>]
> > Jan  1 01:21:42 g100 pppd[3716]: sent [LCP ConfNak id=0x23 <auth eap>]
> > Jan  1 01:21:42 g100 pppd[3716]: rcvd [LCP ConfReq id=0x24 <asyncmap 0x0>
> > <auth chap MD5> <magic 0x9ec980f1> <pcomp> <accomp>]
> > Jan  1 01:21:42 g100 pppd[3716]: sent [LCP ConfNak id=0x24 <auth eap>]
> > Jan  1 01:21:42 g100 pppd[3716]: rcvd [LCP ConfReq id=0x25 <asyncmap 0x0>
> > <auth chap MD5> <magic 0x9ec980f1> <pcomp> <accomp>]
> > Jan  1 01:21:42 g100 pppd[3716]: sent [LCP ConfRej id=0x25 <auth chap
> MD5>]
> > Jan  1 01:21:42 g100 pppd[3716]: rcvd [LCP ConfReq id=0x26 <asyncmap 0x0>
> > <magic 0x9ec980f1> <pcomp> <accomp>]
> > Jan  1 01:21:42 g100 pppd[3716]: sent [LCP ConfAck id=0x26 <asyncmap 0x0>
> > <magic 0x9ec980f1> <pcomp> <accomp>]
> > Jan  1 01:21:42 g100 pppd[3716]: sent [LCP EchoReq id=0x0
> magic=0x2a15fe3c]
> > Jan  1 01:21:42 g100 pppd[3716]: peer refused to authenticate:
> terminating
> > link
> > Jan  1 01:21:42 g100 pppd[3716]: sent [LCP TermReq id=0x3 "peer refused
> to
> > authenticate"]
> > Jan  1 01:21:42 g100 pppd[3716]: rcvd [LCP DiscReq id=0x27
> magic=0x9ec980f1]
> > Jan  1 01:21:42 g100 pppd[3716]: rcvd [LCP EchoRep id=0x0
> magic=0x9ec980f1
> > 2a 15 fe 3c]
> > Jan  1 01:21:42 g100 pppd[3716]: rcvd [LCP TermAck id=0x3]
> >
> >
> > Então o lógico e natural seria assumir que a autenticação não é PAP,
> porém
> > outro modem conecta sem problemas:
> >
> >
> > Connect: ppp0 <--> /dev/ttyUSB3
> > sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xa053d16f> <pcomp>
> <accomp>]
> > rcvd [LCP ConfReq id=0x0 <asyncmap 0x0> <auth chap MD5> <magic 0xf12a90>
> > <pcomp> <accomp>]
> > sent [LCP ConfNak id=0x0 <auth chap MS-v2>]
> > rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0xa053d16f> <pcomp>
> <accomp>]
> > rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth pap> <magic 0xf12a90>
> <pcomp>
> > <accomp>]
> > sent [LCP ConfAck id=0x1 <asyncmap 0x0> <auth pap> <magic 0xf12a90>
> <pcomp>
> > <accomp>]
> > sent [LCP EchoReq id=0x0 magic=0xa053d16f]
> > sent [PAP AuthReq id=0x1 user="secret" password=<hidden>]
> > rcvd [LCP DiscReq id=0x2 magic=0xf12a90]
> > rcvd [LCP EchoRep id=0x0 magic=0xf12a90 a0 53 d1 6f]
> > rcvd [PAP AuthAck id=0x1 ""]
> > PAP authentication succeeded
> > sent [IPCP ConfReq id=0x1 <addr 0.0.0.0>]
> > rcvd [IPCP ConfNak id=0x1 <ms-dns1 10.11.12.13> <ms-dns2 10.11.12.14>
> > <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
> > sent [IPCP ConfReq id=0x2 <addr 0.0.0.0> <ms-dns1 10.11.12.13> <ms-dns2
> > 10.11.12.14> <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
> > rcvd [IPCP ConfNak id=0x2 <ms-dns1 10.11.12.13> <ms-dns2 10.11.12.14>
> > <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
> > sent [IPCP ConfReq id=0x3 <addr 0.0.0.0> <ms-dns1 10.11.12.13> <ms-dns2
> > 10.11.12.14> <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
> > rcvd [IPCP ConfNak id=0x3 <ms-dns1 10.11.12.13> <ms-dns2 10.11.12.14>
> > <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
> > sent [IPCP ConfReq id=0x4 <addr 0.0.0.0> <ms-dns1 10.11.12.13> <ms-dns2
> > 10.11.12.14> <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
> > rcvd [IPCP ConfNak id=0x4 <ms-dns1 10.11.12.13> <ms-dns2 10.11.12.14>
> > <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
> > sent [IPCP ConfReq id=0x5 <addr 0.0.0.0> <ms-dns1 10.11.12.13> <ms-dns2
> > 10.11.12.14> <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
> > rcvd [IPCP ConfNak id=0x5 <ms-dns1 10.11.12.13> <ms-dns2 10.11.12.14>
> > <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
> > sent [IPCP ConfReq id=0x6 <addr 0.0.0.0> <ms-dns1 10.11.12.13> <ms-dns2
> > 10.11.12.14> <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
> > rcvd [IPCP ConfNak id=0x6 <ms-dns1 10.11.12.13> <ms-dns2 10.11.12.14>
> > <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
> > sent [IPCP ConfReq id=0x7 <addr 0.0.0.0> <ms-dns1 10.11.12.13> <ms-dns2
> > 10.11.12.14> <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
> > rcvd [IPCP ConfReq id=0x0]
> > sent [IPCP ConfNak id=0x0 <addr 0.0.0.0>]
> > rcvd [IPCP ConfRej id=0x7 <ms-wins 10.11.12.13> <ms-wins 10.11.12.14>]
> > sent [IPCP ConfReq id=0x8 <addr 0.0.0.0> <ms-dns1 10.11.12.13> <ms-dns2
> > 10.11.12.14>]
> > rcvd [IPCP ConfReq id=0x1]
> > sent [IPCP ConfAck id=0x1]
> > rcvd [IPCP ConfNak id=0x8 <addr 10.48.5.40> <ms-dns1 10.61.255.62>
> <ms-dns2
> > 200.153.0.68>]
> > sent [IPCP ConfReq id=0x9 <addr 10.48.5.40> <ms-dns1 10.61.255.62>
> <ms-dns2
> > 200.153.0.68>]
> > rcvd [IPCP ConfAck id=0x9 <addr 10.48.5.40> <ms-dns1 10.61.255.62>
> <ms-dns2
> > 200.153.0.68>]
> > Could not determine remote IP address: defaulting to 10.64.64.64
> > local  IP address 10.48.5.40
> > remote IP address 10.64.64.64
> > primary   DNS address 10.61.255.62
> > secondary DNS address 200.153.0.68
> >
> >
> > Infelizmente ainda não consegui um contato direto com a operadora.
> >
> > Muito obrigado pela ajuda Bruno, se houver outra dica ficarei
> extramemente
> > agradecido.
> >
> > Obrigado.
> >
> > Hamilton Vera
> >
> > Em 30 de janeiro de 2012 13:01, Bruno Cabral <bruno at openline.com.br
> >escreveu:
> >
> > >
> > > Tentou "+pap" ou "pap" no options.pppd ?
> > > !3runo Cabral--Cursos e Consultoria BGP/OSPF
> > >
> > > > Estou utilizando o modem Huawei EM 770W para utilizar os serviços de
> > > "VPN"
> > > > da vivo "zapvpn.vivo.com.br" . Pelo que percebi esse serviço
> utiliza a
> > > > autenticação PAP.
> > > >
> > > > Infelizmente o modem EM 770W por algum motivo desconhecido só tenta
> > > > negociar MS-CHAP. Já tentei várias opções no PPPD do linux para
> forçar
> > > > negociação PAP:
> > > (...)> -chap
> > > > refuse-chap
> > > > refuse-mschap
> > > > refuse-mschap-v2
> > >
> > > __
> > > masoch-l list
> > > https://eng.registro.br/mailman/listinfo/masoch-l
> > >
> >
> >
> >
> > --
> > http://hvera.wordpress.com
> > __
> > masoch-l list
> > https://eng.registro.br/mailman/listinfo/masoch-l
>
> __
> masoch-l list
> https://eng.registro.br/mailman/listinfo/masoch-l
>



-- 

Atenciosamente
Luiz Fernando Machado


More information about the masoch-l mailing list