Building a Linux Dial-up Server, Part 1 - Page 2

By Carla Schroder | Posted Jun 27, 2003
Page 2 of 3   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Authentication Blues

Some ISPs seem to vie for coming up with the weirdest, most non-standard authentication possible. The ISPs that are guilty of this usually provide their own custom Windows connection software to customers, which is no good for the zillions of Unix, Linux, Mac, Solaris, and other users in the world. TCP/IP is meant to be platform-independent; I wag the disapproving finger of shame at vendors who do not treat it this way.

Shiva PAP is an actual patented version of PAP; it is part of Shiva Access Manager, which is commonly found on Windows NT and 2000 servers. Because it is patented, Linux does not support it. Windows servers should support other forms of PAP, assuming they are competently set up. CHAP is where the real fun begins -- variants include CHAP 05, CHAP80, CHAP80-lanman, and CHAP81. CHAP 05 is the standard, generic CHAP, and uses MD5 for hashing. The others are Microsoft CHAPs; pppd 2.4.1 and up support all except CHAP81, the latest Microsoft non-standard.

How can you find out what your ISP uses? Simple, ask. If you run into trouble, see the excellent troubleshooting guide by W.G. Unruh, "How to hook up PPP in Linux." He shares how to figure it out even when your ISP doesn't quite know what's going on, which is not at all uncommon.

PPPD Auth Gotcha

Linux uses pppd (the ppp daemon). Run pppd --version to get the version number. pppd 2.4.1 and up come with the infamous "auth" gotcha. By default, it is configured for server authentication. Most ISPs do not require server authentication on a PAP login; only the client needs to authenticate. If you see error messages like, "The pppd daemon died unexpectedly!" and the logfile says something like, "The remote system is required to authenticate itself, but I couldn't find any suitable secret (password) for it to use to do so," just go into /etc/ppp/options and change the "auth" option to "noauth."

Page 3: Configuring NAT

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter