Re: More Newbie Questions

Richard Wong ( )
Thu, 18 Dec 1997 17:20:56 -0800

Ok, I'm getting closer. I changed the setting on the Gandalf server to try
PAP first instead of CHAP and got the following back in RadiusNT

(I thought you meant to change 'chap' to 'pap' on the Win95 workstation at
first. But the closest setting I could find on Win95 is 'Require encrypted
password' and I had tried all variation of it. I think I've only seen
'"accept any authentication, including clear text" on Win NT RAS server.)

radrecv: Request from host cfe6f409 code=1, id=18, length=62
User-Name = "test"
Password = "=E<\345\270\371\373^\370Os\304\354Ze5"
NAS-IP-Address =
NAS-Port = 78
NAS-Port-Type = Async
Checking user record PW_PASSWORD type
chkPwd->strvalue is test
decrypted pwd is test
Sending Ack of id 18 to cfe6f409 (
User-Service = Framed-User
Framed-Protocol = PPP
Framed-Address =

Resp Time: 130 Auth: 5/6 -> 11 Acct: 0/0/0 -> 0

This is good. But my connection on the Windows 95 workstation gets stuck at
'Verifying User Name and Password'. I can run 'winipcfg' by opening a DOS
prompt and it shows that I do get assigned an IP address out of the Gandalf
address pool and a DNS server. I'm able to ping other sites on the
Internet. I get disconnected in about 60 seconds which is probably a
setting somewhere on my Gandalf unit that I need to change.

My problems right now are as follows:

1. The 'Verifying User Name and Password' message that stays on the screen.
Is there a way to get rid of this?
2. By changing the authentication setting on the Gandalf server to try PAP
before CHAP, my previously configured accounts set up on the Gandalf no
longer works. Any ideas why CHAP will not work with the Gandalf and
RadiusNT? I have checked my 'secret' and tried changing it without success
using CHAP. Does PAP use this secret? Or only CHAP
3. To change the disconnect timeout, do I just add a line to the user file
for the user like 'Idle-Timeout = 600' for a six minute timeout?



At 03:22 PM 12/18/97 -0800, you wrote:
>Richard Wong wrote:
>> Thanks for the reply Dale. I have now tried all different variations of
>> 'Require Encrypted Password', 'Log on to Network' and 'Enable Software
>> Compression' without success. I've noticed that with 'radlogin' I get the
>> lines:
>To enable PAP, you must select "accept any authentication, including clear
>text". Then you should be seeing pap come from the gandalf to
>> Checking user record PW_PASSWORD type
>> authPapPwd
>> But logging in from the Gandalf I get:
>> Checking user record PW_PASSWORD type
>> authChapPwd
>> Is this significant?
>Its just PAP vs. CHAP.
>> Any further help would be greatfully appreciated.
>Did you double check your secret?
>Dale E. Reed Jr. (
> IEA Software, Inc. | RadiusNT, Emerald, and NT FAQs
> Internet Solutions for Today |
> ----------------------------------------------------------
> RadiusNT Mailing List